Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Operating memory - Win32/Sirefef.EF trojan [Solved]

Started by Toris Badic , Jan 21 2012 02:14 PM

  • This topic is locked This topic is locked

#1
Toris Badic
Posted 21 January 2012 - 02:14 PM

Toris Badic

    Member

  • Member
  • PipPip
  • 14 posts
Hi people!
I have a trojan which i can't remove by any means known to me!

I've got nod32 AVP and for like 8 years i haven't had any trojan or virus passed it. Today, this sirefef.EF somehow passed it and it's making mess on my computer. On a start scan it finds it and always says that i need to reboot so nod can finish deleting the file but that just goes on and on after every reboot.

First of all my internet is working like 14.4k dial up (i've got 18 mbit cable). My network connection icon is always showing "acquiring network address", and the whole system is very slow atm. Sometimes wherever i click on google or address bar in browser it redirects me to hoot.com or similar junk websites.
I tried Malwarebytes. It scanned and found it but couldn't clean it.
[quote=nod32]

OTL LOG

OTL logfile created on: 1/21/2012 8:54:00 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\thumb\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.43% Memory free
3.85 Gb Paging File | 3.23 Gb Available in Paging File | 84.02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 19.04 Gb Free Space | 12.78% Space Free | Partition Type: NTFS
 
Computer Name: THUMBZ | User Name: thumb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/01/21 19:53:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thumb\Desktop\OTL.exe
PRC - [2011/12/30 16:59:44 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/09/29 12:03:46 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/09/29 12:02:52 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/29 12:25:50 | 000,671,863 | ---- | M] (E-MU Systems) -- C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
PRC - [2008/04/14 04:42:38 | 000,014,336 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\svchost.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/20 14:35:04 | 000,023,040 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2008/03/05 23:04:12 | 000,188,416 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe
PRC - [2007/12/10 23:56:00 | 000,709,632 | ---- | M] (Softshape Development) -- C:\Program Files\Chameleon Clock\ChamClock.exe
PRC - [2007/05/21 09:51:10 | 000,135,233 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2007/05/21 09:50:56 | 000,065,605 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2007/05/15 08:53:12 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011/12/30 16:59:44 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/17 01:02:58 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2009/01/10 23:15:44 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll
MOD - [2009/01/10 23:14:06 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
MOD - [2008/06/20 17:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/14 04:42:46 | 000,033,280 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\kmddsp.tsp
MOD - [2008/04/14 04:42:38 | 000,014,336 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\svchost.exe
MOD - [2008/04/14 04:42:06 | 000,064,000 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\SAMLIB.dll
MOD - [2008/04/14 04:42:04 | 000,118,784 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\NTMARTA.DLL
MOD - [2008/04/13 22:09:26 | 002,897,920 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\xpsp2res.dll
MOD - [2007/05/15 08:53:12 | 000,876,544 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll
MOD - [2007/05/15 08:53:12 | 000,159,744 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll
MOD - [2007/05/15 08:53:12 | 000,024,691 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so
MOD - [1996/06/11 00:01:00 | 000,014,336 | ---- | M] () -- C:\Program Files\Chameleon Clock\DelphiMM.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] --  -- (swwd)
SRV - File not found [Auto | Stopped] --  -- (SQLAgent$LG_LP2)
SRV - File not found [Auto | Stopped] --  -- (mbackmonitor)
SRV - File not found [Auto | Stopped] --  -- (kservice)
SRV - File not found [Auto | Stopped] --  -- (EMSCR)
SRV - File not found [Auto | Stopped] --  -- (datasvr2)
SRV - File not found [Auto | Stopped] --  -- (cxusb)
SRV - File not found [Auto | Stopped] --  -- (BrUsbSer)
SRV - File not found [Auto | Stopped] --  -- (appnnode)
SRV - File not found [Auto | Stopped] --  -- (AlKernel)
SRV - File not found [Auto | Stopped] --  -- (aiclient)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/29 12:11:10 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/29 12:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/04/14 04:42:38 | 000,005,120 | ---- | M] (Iomega) [Auto | Running] -- C:\WINDOWS\system32\armoucfltr.dll -- (PhilCam8116)
SRV - [2007/05/21 09:51:10 | 000,135,233 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2007/05/21 09:50:56 | 000,065,605 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2007/05/15 08:53:12 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/10/28 14:26:46 | 000,033,792 | ---- | M] (Novation DMS Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnusbaudio.sys -- (NvnUsbAudio)
DRV - [2010/09/02 16:49:08 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2010/08/25 01:26:39 | 000,643,072 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/23 17:07:06 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\windows\System32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2010/06/14 08:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/04/27 03:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010/04/27 03:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2010/04/27 03:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2010/03/18 10:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 10:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/18 10:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/12/01 09:51:24 | 000,031,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\androidusb.sys -- (androidusb)
DRV - [2009/10/16 12:10:10 | 000,007,168 | ---- | M] (Novation Digital Music Systems Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\automap.sys -- (automap)
DRV - [2009/09/29 12:05:54 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/09/29 12:02:58 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/29 11:56:32 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/03/20 16:55:16 | 000,802,840 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2008/03/20 16:54:42 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2008/03/20 16:52:50 | 000,159,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2008/03/20 16:52:22 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2008/03/20 16:51:56 | 000,129,560 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2008/03/20 16:49:30 | 000,524,824 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2008/03/20 16:48:56 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2008/03/20 16:40:38 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2008/03/20 16:40:38 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2008/03/20 16:38:06 | 000,134,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\CTEDSPIO.SYS -- (CTEDSPIO.SYS)
DRV - [2008/03/20 16:38:06 | 000,134,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEDSPIO.sys -- (CTEDSPIO)
DRV - [2008/03/20 16:37:36 | 000,309,784 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\CTEDSPSY.SYS -- (CTEDSPSY.SYS)
DRV - [2008/03/20 16:37:36 | 000,309,784 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEDSPSY.sys -- (CTEDSPSY)
DRV - [2008/03/20 16:37:10 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2008/03/20 16:37:10 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2008/03/20 16:36:44 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2008/03/20 16:36:44 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/03/20 16:36:14 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2008/03/20 16:36:14 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2008/03/20 16:32:36 | 000,259,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\CTEDSPFX.SYS -- (CTEDSPFX.SYS)
DRV - [2008/03/20 16:32:36 | 000,259,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEDSPFX.sys -- (CTEDSPFX)
DRV - [2008/03/20 16:26:30 | 000,163,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\CTEAPSFX.SYS -- (CTEAPSFX.SYS)
DRV - [2008/03/20 16:26:30 | 000,163,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEAPSFX.sys -- (CTEAPSFX)
DRV - [2008/03/20 16:25:44 | 000,534,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2008/03/20 16:25:44 | 000,534,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2008/03/20 16:23:44 | 000,528,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2008/03/20 16:23:44 | 000,528,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2008/03/20 16:23:08 | 000,098,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2008/03/20 16:23:08 | 000,098,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2007/12/25 16:08:36 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2007/05/21 03:43:12 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/05/21 03:43:08 | 000,046,080 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/01/24 16:46:48 | 000,008,704 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/18 09:31:38 | 000,105,472 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/12/18 13:18:56 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2004/08/12 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/12/27 19:42:12 | 000,137,216 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\d344bus.sys -- (d344bus)
DRV - [2003/12/27 01:38:10 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\d344prt.sys -- (d344prt)
DRV - [2001/11/27 16:46:10 | 000,010,880 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DFUUsb.sys -- (DfuUsb)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 87.255.6.117:80
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.2
FF - prefs.js..extensions.enabledItems: {113c2360-15a3-11de-8c30-0800200c9a66}:0.9
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.http: "176.9.1.72"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\thumb\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\thumb\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/30 16:59:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/10 00:13:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/08/25 01:11:55 | 000,000,000 | ---D | M]
 
[2010/08/25 00:40:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thumb\Application Data\Mozilla\Extensions
[2011/12/23 15:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thumb\Application Data\Mozilla\Firefox\Profiles\c9tc4cg6.default\extensions
[2010/08/25 14:34:55 | 000,000,000 | ---D | M] ("Vfox3") -- C:\Documents and Settings\thumb\Application Data\Mozilla\Firefox\Profiles\c9tc4cg6.default\extensions\{113c2360-15a3-11de-8c30-0800200c9a66}
[2010/08/29 14:02:49 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\thumb\Application Data\Mozilla\Firefox\Profiles\c9tc4cg6.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/08/25 14:33:22 | 000,000,000 | ---D | M] ("Strata40") -- C:\Documents and Settings\thumb\Application Data\Mozilla\Firefox\Profiles\c9tc4cg6.default\extensions\[email protected]
[2010/08/25 14:33:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thumb\Application Data\Mozilla\Firefox\Profiles\c9tc4cg6.default\extensions\[email protected]\chrome\mozapps\extensions
[2011/11/10 18:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THUMB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C9TC4CG6.DEFAULT\EXTENSIONS\[email protected]
[2011/12/30 16:59:45 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/17 03:39:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/08/26 14:42:09 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/08/31 11:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011/10/02 11:26:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 18:09:14 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2010/04/30 13:56:09 | 000,001,798 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1				activate.adobe.com
O1 - Hosts: 127.0.0.1				practivate.adobe.com
O1 - Hosts: 127.0.0.1				ereg.adobe.com
O1 - Hosts: 127.0.0.1				activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1				wip3.adobe.com
O1 - Hosts: 127.0.0.1				3dns-3.adobe.com
O1 - Hosts: 127.0.0.1				3dns-2.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1				ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1				activate-sea.adobe.com
O1 - Hosts: 127.0.0.1				wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1				activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1                               adobe.activate.com
O1 - Hosts: 127.0.0.1                               adobeereg.com                        
O1 - Hosts: 127.0.0.1                               www.adobeereg.com                    
O1 - Hosts: 127.0.0.1                               wwis-dubc1-vip60.adobe.com           
O1 - Hosts: 127.0.0.1                               125.252.224.90                       
O1 - Hosts: 127.0.0.1                               125.252.224.91
O1 - Hosts: 127.0.0.1                               hl2rcv.adobe.com
O2 - BHO: (GetRight IE Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTHelper] C:\windows\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [LClock] C:\Program Files\LClock\LClock.exe File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)
O4 - HKCU..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe (Softshape Development)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\windows\System32\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 1C 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.216.1.30 89.216.1.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9224FAC0-07C7-442B-8943-653C190475E6}: DhcpNameServer = 89.216.1.30 89.216.1.50
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\thumb\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\thumb\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/25 00:23:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Bin\assetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/01/21 19:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thumb\Application Data\Malwarebytes
[2012/01/21 19:59:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/21 19:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/21 19:59:12 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/01/21 19:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/21 19:53:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\thumb\Desktop\OTL.exe
[2012/01/21 17:36:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\thumb\Local Settings\Application Data\6bff5816
[2012/01/10 02:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Xvid
[2012/01/10 02:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2012/01/10 02:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow
[2012/01/10 02:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2012/01/08 19:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/01/08 19:32:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/08 16:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2012/01/08 16:39:10 | 000,000,000 | ---D | C] -- C:\windows\System32\WindowsPowerShell
[2012/01/08 16:39:05 | 000,000,000 | ---D | C] -- C:\windows\$968930Uinstall_KB968930$
[2012/01/08 16:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2012/01/08 16:35:34 | 000,000,000 | ---D | C] -- C:\windows\System32\GroupPolicy
[2012/01/03 01:46:54 | 000,000,000 | ---D | C] -- C:\samples
[2011/12/30 16:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\FLAC
[2011/12/30 16:22:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FLAC
[2011/12/27 01:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Badoo
[2010/08/25 02:04:04 | 000,137,216 | ---- | C] ( ) -- C:\windows\System32\drivers\d344bus.sys
[2010/08/25 02:04:04 | 000,005,248 | ---- | C] ( ) -- C:\windows\System32\drivers\d344prt.sys
[2008/03/20 14:35:52 | 000,034,816 | ---- | C] ( ) -- C:\windows\System32\a3d.dll
[2008/03/20 14:19:40 | 000,012,800 | ---- | C] ( ) -- C:\windows\System32\killapps.exe
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Documents and Settings\thumb\*.tmp files -> C:\Documents and Settings\thumb\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/01/21 20:30:06 | 000,000,021 | ---- | M] () -- C:\windows\tpcsd
[2012/01/21 20:25:59 | 000,000,000 | -HS- | M] () -- C:\windows\System32\dds_log_trash.cmd
[2012/01/21 20:25:55 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/21 20:24:46 | 000,011,564 | ---- | M] () -- C:\windows\System32\DVCState-{00000001-00000000-00000006-00001102-00000008-40021102}.rfx
[2012/01/21 20:24:46 | 000,001,104 | ---- | M] () -- C:\windows\System32\BMXCtrlState-{00000001-00000000-00000006-00001102-00000008-40021102}.rfx
[2012/01/21 20:24:46 | 000,001,104 | ---- | M] () -- C:\windows\System32\BMXBkpCtrlState-{00000001-00000000-00000006-00001102-00000008-40021102}.rfx
[2012/01/21 20:24:46 | 000,000,064 | ---- | M] () -- C:\windows\System32\BMXStateBkp-{00000001-00000000-00000006-00001102-00000008-40021102}.rfx
[2012/01/21 20:24:46 | 000,000,064 | ---- | M] () -- C:\windows\System32\BMXState-{00000001-00000000-00000006-00001102-00000008-40021102}.rfx
[2012/01/21 19:59:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/21 19:53:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thumb\Desktop\OTL.exe
[2012/01/21 18:09:12 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2012/01/19 01:56:22 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\thumb\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2012/01/17 13:49:14 | 000,033,492 | ---- | M] () -- C:\JimFitzpatrick-Che-1968.jpg
[2012/01/15 23:23:21 | 000,028,906 | ---- | M] () -- C:\Parks and Recreation.1.torrent
[2012/01/13 04:40:57 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\thumb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/13 02:18:07 | 000,011,489 | ---- | M] () -- C:\The_Increasingly_Poor_Decisions_of_Todd_Margaret_Season_1.torrent
[2012/01/11 02:31:45 | 000,135,256 | ---- | M] () -- C:\windows\System32\nvdrsdb0.bin
[2012/01/11 02:31:45 | 000,000,001 | ---- | M] () -- C:\windows\System32\nvdrssel.bin
[2012/01/10 02:09:57 | 000,135,252 | ---- | M] () -- C:\windows\System32\nvdrsdb1.bin
[2012/01/08 19:36:39 | 003,587,696 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/01/08 17:15:27 | 000,525,866 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/01/08 17:15:27 | 000,095,722 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/01/08 16:40:08 | 000,000,575 | ---- | M] () -- C:\windows\imsins.BAK
[2012/01/05 02:51:59 | 000,067,906 | ---- | M] () -- C:\av-61.gif
[2012/01/03 01:12:22 | 000,025,310 | ---- | M] () -- C:\Terriers.Season.1.HDTVRip [Funnyguy263].torrent
[2011/12/30 23:24:19 | 000,000,000 | -H-- | M] () -- C:\descript.ion
[2011/12/30 16:22:14 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FLAC Frontend.lnk
[2011/12/27 01:54:28 | 000,001,100 | ---- | M] () -- C:\Documents and Settings\thumb\Desktop\Badoo.Desktop.lnk
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Documents and Settings\thumb\*.tmp files -> C:\Documents and Settings\thumb\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/01/21 20:30:06 | 000,000,021 | ---- | C] () -- C:\windows\tpcsd
[2012/01/21 20:10:07 | 000,000,000 | -HS- | C] () -- C:\windows\System32\dds_log_trash.cmd
[2012/01/21 19:59:14 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/17 13:49:13 | 000,033,492 | ---- | C] () -- C:\JimFitzpatrick-Che-1968.jpg
[2012/01/17 01:15:23 | 000,028,906 | ---- | C] () -- C:\Parks and Recreation.1.torrent
[2012/01/13 02:18:06 | 000,011,489 | ---- | C] () -- C:\The_Increasingly_Poor_Decisions_of_Todd_Margaret_Season_1.torrent
[2012/01/05 02:51:57 | 000,067,906 | ---- | C] () -- C:\av-61.gif
[2012/01/03 01:12:21 | 000,025,310 | ---- | C] () -- C:\Terriers.Season.1.HDTVRip [Funnyguy263].torrent
[2011/12/30 16:22:14 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FLAC Frontend.lnk
[2011/12/27 01:54:28 | 000,001,100 | ---- | C] () -- C:\Documents and Settings\thumb\Desktop\Badoo.Desktop.lnk
[2011/12/27 01:54:27 | 000,001,306 | ---- | C] () -- C:\Documents and Settings\thumb\Start Menu\Programs\Badoo Desktop.lnk
[2011/12/15 05:39:42 | 000,042,392 | ---- | C] () -- C:\windows\System32\xfcodec.dll
[2011/08/20 10:52:44 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\thumb\Application Data\Adobe IllExport Filter CS5 Prefs
[2011/05/06 15:35:30 | 004,369,408 | ---- | C] () -- C:\windows\System32\pdftk.exe
[2011/05/06 15:35:30 | 001,503,232 | ---- | C] () -- C:\windows\System32\ptj.exe
[2011/05/06 15:35:30 | 001,103,360 | ---- | C] () -- C:\windows\System32\cidfont.dll
[2011/05/06 15:35:30 | 000,235,008 | ---- | C] () -- C:\windows\System32\office.exe
[2011/04/23 16:49:08 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll
[2011/04/23 16:49:08 | 000,036,608 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys
[2011/03/27 23:32:42 | 000,179,713 | ---- | C] () -- C:\windows\LOOP.EXE
[2011/02/02 00:07:45 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\thumb\Application Data\Adobe BMP Format CS5 Prefs
[2011/01/29 02:21:29 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\thumb\Application Data\VoiceSFX.ini
[2011/01/29 02:21:04 | 000,000,066 | ---- | C] () -- C:\windows\System32\MASHTWTY.SYS
[2011/01/16 04:06:05 | 000,000,191 | ---- | C] () -- C:\windows\wcpfrep.ini
[2010/10/15 21:24:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\thumb\Application Data\AVSDVDPlayer.m3u
[2010/10/15 18:52:36 | 000,645,632 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2010/10/15 18:52:36 | 000,240,640 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2010/09/18 15:26:29 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\thumb\Application Data\$_hpcst$.hpc
[2010/09/16 11:42:02 | 000,000,034 | ---- | C] () -- C:\windows\System32\mnprxpd2c.bin
[2010/09/05 22:19:09 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\thumb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/29 23:20:22 | 000,354,816 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2010/08/26 15:18:28 | 002,494,464 | ---- | C] () -- C:\windows\AF_Osc.dat
[2010/08/25 15:25:34 | 000,086,016 | ---- | C] () -- C:\windows\System32\SYNSOPOS.exe
[2010/08/25 13:56:04 | 000,000,016 | ---- | C] () -- C:\windows\System32\msvcsv60.dll
[2010/08/25 13:56:04 | 000,000,016 | ---- | C] () -- C:\windows\msocreg32.dat
[2010/08/25 13:47:20 | 000,163,840 | ---- | C] () -- C:\windows\System32\ArtFfct.dll
[2010/08/25 13:36:22 | 000,002,892 | ---- | C] () -- C:\windows\System32\audcon.sys
[2010/08/25 13:36:08 | 000,000,045 | ---- | C] () -- C:\windows\System32\SYNSOPOS.exe.cfg
[2010/08/25 02:13:01 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2010/08/25 02:11:39 | 003,587,696 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2010/08/25 01:26:39 | 000,096,384 | ---- | C] () -- C:\windows\System32\drivers\sptd3821.sys
[2010/08/25 01:23:41 | 000,335,872 | ---- | C] () -- C:\windows\System32\ldf252.dll
[2010/08/25 01:05:21 | 000,001,542 | ---- | C] () -- C:\windows\WINCMD.INI
[2010/08/25 01:04:35 | 000,002,560 | ---- | C] () -- C:\windows\CTXFIRES.DLL
[2010/08/25 01:01:29 | 000,135,256 | ---- | C] () -- C:\windows\System32\nvdrsdb0.bin
[2010/08/25 01:01:27 | 000,135,252 | ---- | C] () -- C:\windows\System32\nvdrsdb1.bin
[2010/08/25 01:01:27 | 000,000,001 | ---- | C] () -- C:\windows\System32\nvdrssel.bin
[2010/08/25 00:42:37 | 000,049,152 | R--- | C] () -- C:\windows\System32\ChCfg.exe
[2010/08/25 00:40:37 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2010/08/25 00:40:28 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2010/08/25 00:37:02 | 000,001,732 | R--- | C] () -- C:\windows\System32\drivers\nvphy.bin
[2010/08/25 00:36:32 | 000,015,374 | ---- | C] () -- C:\windows\Ascd_log.ini
[2010/08/25 00:36:23 | 000,005,810 | R--- | C] () -- C:\windows\System32\drivers\ASACPI.sys
[2010/08/25 00:36:22 | 000,015,133 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2010/08/25 00:36:11 | 000,012,536 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010/08/25 00:31:22 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2010/08/25 00:20:10 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2010/08/25 00:19:33 | 000,052,836 | ---- | C] () -- C:\windows\System32\zlib1.dll
[2010/08/25 00:19:25 | 000,162,304 | ---- | C] () -- C:\windows\System32\libpng13.dll
[2010/08/08 05:52:53 | 000,000,202 | ---- | C] () -- C:\windows\msmmdx9.ini
[2010/03/10 20:53:59 | 000,000,382 | ---- | C] () -- C:\windows\System32\Oeminfo.ini
[2009/03/20 18:31:36 | 004,425,326 | ---- | C] () -- C:\windows\System32\libavcodec.dll
[2009/03/19 22:36:48 | 000,557,469 | ---- | C] () -- C:\windows\System32\libmplayer.dll
[2009/03/02 20:10:48 | 000,079,872 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2009/03/02 20:10:22 | 000,098,304 | ---- | C] () -- C:\windows\System32\ff_wmv9.dll
[2009/03/02 17:19:36 | 000,183,296 | ---- | C] () -- C:\windows\System32\ff_samplerate.dll
[2009/03/02 17:19:30 | 000,178,688 | ---- | C] () -- C:\windows\System32\ff_libmad.dll
[2009/03/02 17:19:14 | 000,113,152 | ---- | C] () -- C:\windows\System32\ff_unrar.dll
[2009/03/02 17:18:32 | 000,257,024 | ---- | C] () -- C:\windows\System32\ff_libdts.dll
[2009/03/02 17:18:28 | 000,142,848 | ---- | C] () -- C:\windows\System32\ff_liba52.dll
[2009/03/02 15:54:20 | 000,328,334 | ---- | C] () -- C:\windows\System32\ff_kernelDeint.dll
[2009/03/02 15:45:14 | 000,146,098 | ---- | C] () -- C:\windows\System32\libmpeg2_ff.dll
[2009/03/02 15:42:54 | 000,425,040 | ---- | C] () -- C:\windows\System32\TomsMoComp_ff.dll
[2009/03/02 15:35:56 | 000,898,465 | ---- | C] () -- C:\windows\System32\ff_x264.dll
[2009/01/10 23:17:32 | 000,163,840 | ---- | C] () -- C:\windows\System32\ts.dll
[2009/01/10 23:16:56 | 000,148,480 | ---- | C] () -- C:\windows\System32\mkx.dll
[2009/01/10 23:16:50 | 000,108,032 | ---- | C] () -- C:\windows\System32\avi.dll
[2009/01/10 23:16:14 | 000,141,312 | ---- | C] () -- C:\windows\System32\mp4.dll
[2009/01/10 23:16:04 | 000,335,872 | ---- | C] () -- C:\windows\System32\gdsmux.exe
[2009/01/10 23:15:54 | 000,120,832 | ---- | C] () -- C:\windows\System32\ogm.dll
[2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\windows\System32\mmfinfo.dll
[2009/01/10 23:15:36 | 000,103,424 | ---- | C] () -- C:\windows\System32\dsmux.exe
[2009/01/10 23:15:32 | 000,102,400 | ---- | C] () -- C:\windows\System32\avss.dll
[2009/01/10 23:15:28 | 000,246,784 | ---- | C] () -- C:\windows\System32\dxr.dll
[2009/01/10 23:15:12 | 000,097,280 | ---- | C] () -- C:\windows\System32\avs.dll
[2009/01/10 23:15:06 | 000,135,168 | ---- | C] () -- C:\windows\System32\mkv2vfr.exe
[2009/01/10 23:14:08 | 000,079,360 | ---- | C] () -- C:\windows\System32\mkzlib.dll
[2009/01/10 23:14:06 | 000,023,552 | ---- | C] () -- C:\windows\System32\mkunicode.dll
[2008/07/09 09:05:24 | 000,020,480 | ---- | C] () -- C:\windows\System32\ac3config.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\windows\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\windows\System32\structuredqueryschema.bin
[2008/04/14 04:55:28 | 000,001,804 | ---- | C] () -- C:\windows\System32\Dcache.bin
[2008/03/20 15:02:24 | 000,097,461 | ---- | C] () -- C:\windows\System32\instwdm.ini
[2008/03/20 15:02:24 | 000,000,054 | ---- | C] () -- C:\windows\System32\ctzapxx.ini
[2008/03/20 14:36:48 | 000,043,520 | ---- | C] () -- C:\windows\System32\CTBurst.dll
[2008/03/20 14:35:06 | 000,041,472 | ---- | C] () -- C:\windows\System32\psconv.exe
[2008/03/20 14:25:22 | 000,325,821 | ---- | C] () -- C:\windows\System32\ctdlang.dat
[2008/03/20 14:25:22 | 000,046,273 | ---- | C] () -- C:\windows\System32\ctdnlstr.dat
[2008/03/20 14:22:24 | 000,016,384 | ---- | C] () -- C:\windows\System32\regplib.exe
[2008/03/20 14:21:58 | 000,149,838 | ---- | C] () -- C:\windows\System32\ctbas2w.dat
[2008/03/20 14:20:12 | 000,274,587 | ---- | C] () -- C:\windows\System32\ctsbas2w.dat
[2008/03/20 14:20:02 | 000,115,166 | ---- | C] () -- C:\windows\System32\CTBASICW.DAT
[2008/03/20 14:20:00 | 000,241,084 | ---- | C] () -- C:\windows\System32\CTSBASW.DAT
[2008/03/20 14:19:44 | 000,313,207 | ---- | C] () -- C:\windows\System32\ctstatic.dat
[2008/03/20 14:19:44 | 000,053,932 | ---- | C] () -- C:\windows\System32\ctdaught.dat
[2008/03/20 14:19:42 | 000,007,680 | ---- | C] () -- C:\windows\System32\enlocstr.exe
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\windows\System32\Registration.ini
[2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2006/10/02 16:25:18 | 000,000,307 | ---- | C] () -- C:\windows\System32\kill.ini
[2005/06/16 17:17:16 | 000,071,680 | ---- | C] () -- C:\windows\System32\ctmmactl.dll
[2003/12/27 19:43:24 | 000,068,608 | ---- | C] () -- C:\windows\daemon.dll
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
[2001/08/23 13:00:00 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2001/08/23 13:00:00 | 000,525,866 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2001/08/23 13:00:00 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2001/08/23 13:00:00 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2001/08/23 13:00:00 | 000,095,722 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2001/08/23 13:00:00 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2001/08/23 13:00:00 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\windows\System32\oembios.dat
[2001/08/23 13:00:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/08/25 01:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/08/25 14:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arturia
[2011/12/27 01:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Badoo
[2011/01/22 01:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Celemony Software GmbH
[2010/08/25 15:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eLicenser
[2010/08/25 01:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/11/13 02:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/11/11 17:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KORG
[2010/10/18 21:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2010/08/26 01:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2010/08/26 01:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/04/23 16:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/09/30 18:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Slate Digital
[2010/08/25 02:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steinberg
[2010/08/25 13:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2011/01/22 00:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temporary
[2010/08/26 02:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/08/25 13:30:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7D55A338-9946-4B03-9D84-8FD1472DA229}
[2011/01/21 18:39:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C2686527-0D57-4F0B-ADAB-EE203CA30FC6}
[2010/08/25 01:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\ACD Systems
[2011/01/22 00:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Antares
[2011/12/07 14:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Audacity
[2011/09/04 15:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Azureus
[2010/10/16 02:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\BSplayer
[2010/10/16 00:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\BSplayer Pro
[2010/10/23 14:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Daichi
[2011/12/08 02:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Dropbox
[2010/08/25 01:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\EmuPatchMixDSP
[2011/01/15 02:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\FabFilter
[2011/03/27 23:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\fltk.org
[2010/08/26 14:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Foxit Software
[2010/11/13 02:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\GARMIN
[2011/10/09 22:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\GetRight Pro
[2010/10/19 21:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\HateML
[2010/09/19 01:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\iZotope
[2011/11/11 18:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\KORG
[2010/08/25 01:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Leadertech
[2010/10/18 21:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Locktime
[2011/03/21 03:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\MixVibes
[2011/04/11 00:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Opera
[2010/08/26 01:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\PACE Anti-Piracy
[2010/08/26 23:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Publish Providers
[2011/04/23 19:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Samsung
[2010/12/31 21:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Schism Tracker
[2011/05/20 14:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Softland
[2010/08/26 23:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Sony
[2011/06/18 04:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/25 02:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Steinberg
[2010/10/15 18:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Thinstall
[2010/11/13 19:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Trillian
[2010/10/20 16:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\TS3Client
[2012/01/21 18:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\uTorrent
[2010/12/25 04:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\VST3 Presets
[2011/01/15 02:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Waves
[2010/08/26 01:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Waves Audio
[2011/01/15 02:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Waves Preferences
[2011/10/19 12:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\XnView
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 1291 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:nMsL6MbtxfhFPkoAi8RLTxRv
@Alternate Data Stream - 1256 bytes -> C:\Program Files\Common Files\System:fUpAvm7wHRKDpekHg

< End of report >

Malwarebytes log scan #1

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.21.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
thumb :: THUMBZ [administrator]

Protection: Enabled

1/21/2012 8:01:23 PM
mbam-log-2012-01-21 (20-01-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207549
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: ;áĂzÊ;XA³0öm»Áµ -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: VShareTB -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data:  -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Quarantined and deleted successfully.
C:\Documents and Settings\thumb\Local Settings\Temporary Internet Files\Content.IE5\03LRS2BP\3[1].exe (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.
C:\Documents and Settings\thumb\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.
C:\WINDOWS\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.

(end)


Malwarebytes log scan #2

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.21.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
thumb :: THUMBZ [administrator]

Protection: Enabled

1/21/2012 8:13:20 PM
mbam-log-2012-01-21 (20-13-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207366
Time elapsed: 9 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\WINDOWS\system32\JRAID.dll (Rootkit.0Access) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\WINDOWS\system32\JRAID.dll (Rootkit.0Access) -> Delete on reboot.
C:\Documents and Settings\NetworkService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.
C:\Documents and Settings\thumb\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.
C:\WINDOWS\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.

(end)


And Malwarebytes protection log 

2012/01/21 20:01:18 +0100	THUMBZ	thumb	MESSAGE	Starting protection
2012/01/21 20:01:24 +0100	THUMBZ	thumb	MESSAGE	Protection started successfully
2012/01/21 20:01:27 +0100	THUMBZ	thumb	MESSAGE	Starting IP protection
2012/01/21 20:01:30 +0100	THUMBZ	thumb	MESSAGE	Executing scheduled update:  Daily
2012/01/21 20:01:32 +0100	THUMBZ	thumb	MESSAGE	Database already up-to-date
2012/01/21 20:01:34 +0100	THUMBZ	thumb	MESSAGE	IP Protection started successfully
2012/01/21 20:02:41 +0100	THUMBZ	thumb	IP-BLOCK	89.28.75.196 (Type: outgoing)
2012/01/21 20:02:46 +0100	THUMBZ	thumb	IP-BLOCK	89.28.75.196 (Type: outgoing)
2012/01/21 20:03:27 +0100	THUMBZ	thumb	IP-BLOCK	89.28.75.196 (Type: outgoing)
2012/01/21 20:05:49 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:49 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:49 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:50 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:50 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:51 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:51 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:51 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:51 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:51 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:52 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:05:52 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:05:54 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:05:54 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:05:54 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:05:54 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:54 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:54 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:05:55 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:05:56 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:05:56 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:05:56 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:05:57 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:05:57 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:57 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:57 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:57 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:57 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:57 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:57 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:58 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:58 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:58 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:58 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:58 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:59 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:59 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:59 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:05:59 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:00 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:00 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:00 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:00 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:01 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:02 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: incoming)
2012/01/21 20:06:08 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:08 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:08 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: incoming)
2012/01/21 20:06:08 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:08 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:08 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:08 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:08 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:09 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:09 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:09 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:09 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:09 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:09 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:09 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:11 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: incoming)
2012/01/21 20:06:14 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:14 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:14 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:15 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:15 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:15 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:15 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:15 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:15 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:15 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:15 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:15 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:15 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:16 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:16 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:16 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:16 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:16 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:16 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:16 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:16 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:16 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:17 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:17 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:17 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:17 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:17 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:17 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:18 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:18 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:18 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:19 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:19 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:19 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:19 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:20 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:20 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:20 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:20 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:20 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:20 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:20 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:20 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:22 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:22 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:22 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: incoming)
2012/01/21 20:06:23 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:24 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:24 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:24 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:24 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:25 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:25 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:25 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:25 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:25 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: incoming)
2012/01/21 20:06:25 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:25 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:25 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:25 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:27 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:27 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:27 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:27 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:27 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:27 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:28 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:28 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:28 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:28 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:28 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:28 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:28 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:28 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:28 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:28 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:28 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:29 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:29 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:29 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:29 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:29 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:29 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:29 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:29 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:30 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:30 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:30 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:30 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:30 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:30 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:31 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:31 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:31 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:31 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:32 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:32 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:32 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:32 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:33 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:33 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:33 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:33 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:33 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:33 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:33 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: incoming)
2012/01/21 20:06:33 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: incoming)
2012/01/21 20:06:33 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:33 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:33 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:33 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:34 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:34 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:34 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:35 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:35 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:06:38 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: outgoing)
2012/01/21 20:06:39 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:40 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:40 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:41 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:41 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:42 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:42 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:43 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:43 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:43 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:44 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:44 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:44 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:45 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:45 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:45 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:45 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:45 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:45 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:46 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:46 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:46 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:46 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:47 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:47 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:47 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:48 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:48 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:48 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:49 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:49 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:49 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:49 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:49 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:50 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:50 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:50 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:50 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:50 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:50 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:51 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:51 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:51 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:51 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:06:53 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: outgoing)
2012/01/21 20:07:00 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:01 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:01 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:01 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:01 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:01 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:01 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:01 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:01 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:02 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:02 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:02 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:02 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:02 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:02 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:02 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:02 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:03 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:03 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:03 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:03 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:03 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:03 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:03 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:04 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:04 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:04 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:04 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: incoming)
2012/01/21 20:07:05 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:05 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:05 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:06 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: incoming)
2012/01/21 20:07:07 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: incoming)
2012/01/21 20:07:09 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: incoming)
2012/01/21 20:07:11 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: incoming)
2012/01/21 20:07:13 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: incoming)
2012/01/21 20:07:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:22 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: incoming)
2012/01/21 20:07:22 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:22 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:22 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:22 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:22 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:23 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:23 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:23 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:23 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:23 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:24 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:24 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:24 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:24 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:24 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:24 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:24 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:24 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:25 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:25 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:25 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:25 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:25 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:25 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:25 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:25 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:27 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:27 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:27 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:28 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:28 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:28 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:28 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:28 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:28 +0100	THUMBZ	thumb	IP-BLOCK	93.190.140.59 (Type: outgoing)
2012/01/21 20:07:29 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:29 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:29 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:29 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:29 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:29 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:29 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:07:30 +0100	THUMBZ	thumb	IP-BLOCK	93.190.140.59 (Type: outgoing)
2012/01/21 20:07:30 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:31 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:31 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:31 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:31 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:32 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:32 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:32 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:33 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:33 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: outgoing)
2012/01/21 20:07:33 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:34 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:34 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:34 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:34 +0100	THUMBZ	thumb	IP-BLOCK	93.190.140.59 (Type: outgoing)
2012/01/21 20:07:35 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:35 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:35 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:35 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:35 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:36 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:36 +0100	THUMBZ	thumb	IP-BLOCK	93.190.140.59 (Type: outgoing)
2012/01/21 20:07:36 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:36 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:36 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:36 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:37 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:37 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:07:39 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: outgoing)
2012/01/21 20:07:41 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: incoming)
2012/01/21 20:07:52 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: outgoing)
2012/01/21 20:08:03 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: incoming)
2012/01/21 20:08:04 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: outgoing)
2012/01/21 20:08:05 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: incoming)
2012/01/21 20:08:24 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: outgoing)
2012/01/21 20:08:26 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: incoming)
2012/01/21 20:08:31 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: incoming)
2012/01/21 20:08:33 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: incoming)
2012/01/21 20:11:56 +0100	THUMBZ	thumb	MESSAGE	Starting protection
2012/01/21 20:12:13 +0100	THUMBZ	thumb	MESSAGE	Protection started successfully
2012/01/21 20:12:16 +0100	THUMBZ	thumb	MESSAGE	Starting IP protection
2012/01/21 20:12:21 +0100	THUMBZ	thumb	MESSAGE	IP Protection started successfully
2012/01/21 20:12:45 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: incoming)
2012/01/21 20:12:49 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:12:49 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:12:49 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:12:50 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:12:50 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:12:50 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:12:51 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:12:51 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:12:51 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:12:51 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:12:51 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:12:51 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:12:51 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:12:52 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:12:52 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:12:52 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:12:53 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:12:53 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:12:53 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:12:53 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:12:54 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: outgoing)
2012/01/21 20:12:57 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: outgoing)
2012/01/21 20:13:00 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:00 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:00 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:00 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:00 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:00 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:00 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:01 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:01 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:01 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:01 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:01 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:01 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:02 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:02 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:02 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:02 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:02 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:03 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:03 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:03 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:03 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:03 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: outgoing)
2012/01/21 20:13:03 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:03 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:04 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:13:04 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:13:04 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:05 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:05 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:05 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:05 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:13:05 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:06 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:06 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:06 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:06 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:13:06 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:13:06 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:13:06 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:07 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:13:07 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:08 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:08 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:13:08 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:08 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:08 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:13:08 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:08 +0100	THUMBZ	thumb	IP-BLOCK	89.28.123.127 (Type: incoming)
2012/01/21 20:13:09 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:09 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:09 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:09 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:09 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:09 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:09 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:10 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:10 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:10 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:10 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:18 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:18 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:18 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:18 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:18 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:18 +0100	THUMBZ	thumb	IP-BLOCK	193.105.135.93 (Type: outgoing)
2012/01/21 20:13:19 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:19 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:19 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:19 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:20 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:20 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:20 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:20 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:20 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:21 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:22 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:22 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:22 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:22 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:22 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:23 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:23 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:23 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:24 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:24 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:24 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:24 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:24 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:25 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:25 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:25 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:25 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:25 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:26 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:27 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:27 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:27 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:27 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:27 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:27 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:27 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:27 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:27 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:27 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:27 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:28 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:28 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:28 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:28 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:33 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: incoming)
2012/01/21 20:13:41 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: outgoing)
2012/01/21 20:13:44 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: outgoing)
2012/01/21 20:13:50 +0100	THUMBZ	thumb	IP-BLOCK	89.28.43.171 (Type: outgoing)
2012/01/21 20:27:04 +0100	THUMBZ		MESSAGE	Starting protection
2012/01/21 20:27:40 +0100	THUMBZ	thumb	MESSAGE	Protection started successfully
2012/01/21 20:27:44 +0100	THUMBZ	thumb	MESSAGE	Starting IP protection
2012/01/21 20:27:57 +0100	THUMBZ	thumb	MESSAGE	IP Protection started successfully
2012/01/21 20:28:19 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\lhidflt2.dll	Rootkit.0Access	QUARANTINE
2012/01/21 20:28:19 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\lhidflt2.dll	Rootkit.0Access	DENY
2012/01/21 20:29:07 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\vrservice.dll	Rootkit.0Access	QUARANTINE
2012/01/21 20:29:07 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\vrservice.dll	Rootkit.0Access	DENY
2012/01/21 20:30:03 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\retrowdsvc.dll	Rootkit.0Access	QUARANTINE
2012/01/21 20:30:03 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\retrowdsvc.dll	Rootkit.0Access	DENY
2012/01/21 20:31:05 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\eabusb.dll	Rootkit.0Access	QUARANTINE
2012/01/21 20:31:05 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\eabusb.dll	Rootkit.0Access	DENY
2012/01/21 20:32:05 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\FileDisk.dll	Rootkit.0Access	QUARANTINE
2012/01/21 20:32:05 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\FileDisk.dll	Rootkit.0Access	DENY
2012/01/21 20:33:07 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\NETw3x32.dll	Rootkit.0Access	QUARANTINE
2012/01/21 20:33:07 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\NETw3x32.dll	Rootkit.0Access	DENY
2012/01/21 20:34:06 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\cmbatt.dll	Rootkit.0Access	QUARANTINE
2012/01/21 20:34:08 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\cmbatt.dll	Rootkit.0Access	DENY
2012/01/21 20:35:05 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\vstor2.dll	Rootkit.0Access	QUARANTINE
2012/01/21 20:35:05 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\vstor2.dll	Rootkit.0Access	DENY
2012/01/21 20:36:03 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\CrystalSysInfo.dll	Rootkit.0Access	QUARANTINE
2012/01/21 20:36:04 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\CrystalSysInfo.dll	Rootkit.0Access	DENY
2012/01/21 20:37:05 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\stisvc.dll	Rootkit.0Access	QUARANTINE
2012/01/21 20:37:05 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\stisvc.dll	Rootkit.0Access	DENY
2012/01/21 20:38:19 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:38:19 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:47:51 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:47:51 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:47:51 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:47:51 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:47:51 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:47:51 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:47:51 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:47:51 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:47:51 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:47:51 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:47:51 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:47:51 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:47:51 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:48:17 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:48:17 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:48:17 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:48:17 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:48:17 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:48:17 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:48:17 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:48:17 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:48:17 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:48:17 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:48:17 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:48:17 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:48:17 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:49:32 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:49:32 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:49:32 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:49:32 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:49:32 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:49:32 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:49:32 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:49:32 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:49:32 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:49:32 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:49:32 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:49:32 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:49:32 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:53:04 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:53:04 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:53:04 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:53:04 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:53:04 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:53:04 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:53:04 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:53:04 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:53:04 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:53:04 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:53:04 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:53:04 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:53:04 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:30 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:30 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:30 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:30 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:30 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:30 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:30 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:30 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:30 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:30 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:30 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:30 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:31 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:48 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:48 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:48 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:48 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:48 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:48 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:48 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:48 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:48 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:48 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:48 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:48 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:55:48 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:56:25 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:56:25 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:56:25 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:56:25 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:56:25 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:56:25 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:56:25 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:56:25 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:56:25 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:56:25 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:56:25 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:56:25 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:56:25 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:57:24 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:57:24 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:57:24 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:57:24 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:57:24 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:57:24 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:57:24 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:57:24 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:57:24 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:57:24 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:57:24 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:57:24 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW
2012/01/21 20:57:24 +0100	THUMBZ	thumb	DETECTION	C:\WINDOWS\system32\armoucfltr.dll	Rootkit.0Access	ALLOW

  • 0

Advertisements

#2
Toris Badic
Posted 21 January 2012 - 02:37 PM

Toris Badic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
GMER LOG
which was stopped or whatever by saying - WARNING !!! Gmer has found system modification caused by ROOTKIT activity.




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-21 21:29:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600JB-00GVA0 rev.08.02D08
Running: n1lr579p.exe; Driver: C:\DOCUME~1\thumb\LOCALS~1\Temp\ffdoipoc.sys


---- System - GMER 1.0.15 ----

SSDT            890D5C90                                                                                            ZwAssignProcessToJobObject
SSDT            sptd.sys                                                                                            ZwCreateKey [0xB7EDBC04]
SSDT            890D6200                                                                                            ZwDebugActiveProcess
SSDT            890D62F0                                                                                            ZwDuplicateObject
SSDT            sptd.sys                                                                                            ZwEnumerateKey [0xB7EDBD48]
SSDT            sptd.sys                                                                                            ZwEnumerateValueKey [0xB7EDC0C0]
SSDT            sptd.sys                                                                                            ZwOpenKey [0xB7EDBAE2]
SSDT            890D5590                                                                                            ZwOpenProcess
SSDT            890D5800                                                                                            ZwOpenThread
SSDT            890D5FD0                                                                                            ZwProtectVirtualMemory
SSDT            sptd.sys                                                                                            ZwQueryKey [0xB7EDC18A]
SSDT            sptd.sys                                                                                            ZwQueryValueKey [0xB7EDC022]
SSDT            890D60E0                                                                                            ZwQueueApcThread
SSDT            890D5EC0                                                                                            ZwSetContextThread
SSDT            890D5D90                                                                                            ZwSetInformationThread
SSDT            890D2DA0                                                                                            ZwSetSecurityObject
SSDT            sptd.sys                                                                                            ZwSetValueKey [0xB7EDC212]
SSDT            890D5B90                                                                                            ZwSuspendProcess
SSDT            890D5A80                                                                                            ZwSuspendThread
SSDT            890D56E0                                                                                            ZwTerminateProcess
SSDT            890D5A50                                                                                            ZwTerminateThread
SSDT            890D66D0                                                                                            ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

?               C:\windows\system32\drivers\sptd.sys                                                                The process cannot access the file because it is being used by another process.
?               C:\windows\System32\Drivers\SPTD3821.SYS                                                            The process cannot access the file because it is being used by another process.
.text           C:\windows\system32\DRIVERS\nv4_mini.sys                                                            section is writeable [0xB6B3A3A0, 0x592C35, 0xE8000020]
.INIT           C:\windows\system32\DRIVERS\mrxsmb.sys                                                              entry point in ".INIT" section [0xB401A122]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtAreMappedFilesTheSame                         7C90CF7E 5 Bytes  JMP 00350A1F 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtCancelIoFile                                  7C90CFBE 5 Bytes  JMP 0035189D 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtClose                                         7C90CFEE 5 Bytes  JMP 0034FEF8 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtCompactKeys                                   7C90D00E 5 Bytes  JMP 00354B79 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtCompressKey                                   7C90D03E 5 Bytes  JMP 00354AF6 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtCreateFile                                    7C90D0AE 5 Bytes  JMP 003517FC 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtCreateKey                                     7C90D0EE 5 Bytes  JMP 00354A3E 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtCreateMailslotFile                            7C90D0FE 5 Bytes  JMP 00351764 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtCreateNamedPipeFile                           7C90D11E 5 Bytes  JMP 003516BA 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtCreatePagingFile                              7C90D12E 5 Bytes  JMP 0035162E 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtCreateProcess                                 7C90D14E 5 Bytes  JMP 0034E43E 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtCreateProcessEx                               7C90D15E 5 Bytes  JMP 0034E3A3 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtCreateSection                                 7C90D17E 5 Bytes  JMP 00353974 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtCreateThread                                  7C90D1AE 5 Bytes  JMP 0034E26A 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtDeleteFile                                    7C90D23E 5 Bytes  JMP 003515AB 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtDeleteKey                                     7C90D24E 5 Bytes  JMP 003549A6 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtDeleteValueKey                                7C90D26E 5 Bytes  JMP 00354920 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtDeviceIoControlFile                           7C90D27E 5 Bytes  JMP 0035150D 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtDuplicateObject                               7C90D29E 5 Bytes  JMP 0034FE63 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtEnumerateKey                                  7C90D2CE 5 Bytes  JMP 0035488E 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtEnumerateValueKey                             7C90D2EE 5 Bytes  JMP 003547FC 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtExtendSection                                 7C90D2FE 5 Bytes  JMP 003538EE 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtFlushBuffersFile                              7C90D32E 5 Bytes  JMP 00351487 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtFlushKey                                      7C90D34E 5 Bytes  JMP 00354779 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtFsControlFile                                 7C90D39E 5 Bytes  JMP 003513E9 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtLoadKey                                       7C90D47E 5 Bytes  JMP 003546F3 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtLoadKey2                                      7C90D48E 5 Bytes  JMP 0035466A 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtLockFile                                      7C90D49E 5 Bytes  JMP 0035134B 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtLockRegistryKey                               7C90D4BE 5 Bytes  JMP 0035455B 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtMakeTemporaryObject                           7C90D4EE 5 Bytes  JMP 0034FDE0 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtMapViewOfSection                              7C90D51E 5 Bytes  JMP 00353850 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtNotifyChangeDirectoryFile                     7C90D53E 5 Bytes  JMP 003512B0 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtNotifyChangeKey                               7C90D54E 5 Bytes  JMP 003544BD 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtNotifyChangeMultipleKeys                      7C90D55E 5 Bytes  JMP 00354419 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtOpenFile                                      7C90D59E 5 Bytes  JMP 0035198E 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtOpenKey                                       7C90D5CE 5 Bytes  JMP 00354390 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtOpenSection                                   7C90D62E 5 Bytes  JMP 003537C7 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtQueryAttributesFile                           7C90D70E 5 Bytes  JMP 0035122A 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtQueryDirectoryFile                            7C90D76E 5 Bytes  JMP 00351189 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtQueryEaFile                                   7C90D78E 5 Bytes  JMP 003510EE 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtQueryFullAttributesFile                       7C90D7AE 5 Bytes  JMP 00351068 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtQueryInformationFile                          7C90D7CE 5 Bytes  JMP 00350FD9 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtQueryKey                                      7C90D85E 5 Bytes  JMP 00354301 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtQueryMultipleValueKey                         7C90D86E 5 Bytes  JMP 0035426F 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtQueryObject                                   7C90D88E 5 Bytes  JMP 0034FD51 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtQueryOpenSubKeys                              7C90D89E 5 Bytes  JMP 003541E9 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtQueryQuotaInformationFile                     7C90D8BE 5 Bytes  JMP 00350984 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtQuerySection                                  7C90D8CE 5 Bytes  JMP 00353738 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtQuerySecurityObject                           7C90D8DE 5 Bytes  JMP 0034FA43 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtQueryValueKey                                 7C90D96E 5 Bytes  JMP 003540CB 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtQueryVirtualMemory                            7C90D97E 5 Bytes  JMP 00353620 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtQueryVolumeInformationFile                    7C90D98E 5 Bytes  JMP 00350F4A 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtReadFile                                      7C90D9CE 5 Bytes  JMP 00350EAF 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtReadFileScatter                               7C90D9DE 5 Bytes  JMP 00350E14 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtRenameKey                                     7C90DA5E 5 Bytes  JMP 00354045 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtReplaceKey                                    7C90DA6E 5 Bytes  JMP 00353FBC 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtRestoreKey                                    7C90DB1E 5 Bytes  JMP 00353F33 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtSaveKey                                       7C90DB4E 5 Bytes  JMP 00353EAD 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtSaveKeyEx                                     7C90DB5E 5 Bytes  JMP 00353E24 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtSaveMergedKeys                                7C90DB6E 5 Bytes  JMP 00353D9B 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtSetEaFile                                     7C90DBFE 5 Bytes  JMP 00350D88 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtSetInformationFile                            7C90DC5E 5 Bytes  JMP 00350CF9 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtSetInformationKey                             7C90DC7E 5 Bytes  JMP 00353D0F 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtSetInformationObject                          7C90DC8E 5 Bytes  JMP 0034FCC5 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtSetInformationProcess                         7C90DC9E 5 Bytes  JMP 0034E1DE 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtSetQuotaInformationFile                       7C90DD1E 5 Bytes  JMP 003508F8 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtSetSecurityObject                             7C90DD2E 5 Bytes  JMP 0034F9BA 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtSetValueKey                                   7C90DDCE 5 Bytes  JMP 00353C68 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtSetVolumeInformationFile                      7C90DDDE 5 Bytes  JMP 00350C6A 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtSignalAndWaitForSingleObject                  7C90DDFE 5 Bytes  JMP 0034FC38 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtTerminateProcess                              7C90DE6E 5 Bytes  JMP 0034E600 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtTranslateFilePath                             7C90DEAE 5 Bytes  JMP 0035086C 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtUnloadKey                                     7C90DECE 5 Bytes  JMP 00353BE5 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtUnloadKeyEx                                   7C90DEDE 5 Bytes  JMP 00353AD9 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtUnlockFile                                    7C90DEEE 5 Bytes  JMP 00350BDB 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtUnmapViewOfSection                            7C90DF0E 5 Bytes  JMP 003536B2 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtWaitForMultipleObjects                        7C90DF3E 5 Bytes  JMP 0034FB66 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtWaitForSingleObject                           7C90DF4E 5 Bytes  JMP 0034FAD2 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtWriteFile                                     7C90DF7E 5 Bytes  JMP 00350B40 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!NtWriteFileGather                               7C90DF8E 5 Bytes  JMP 00350AA5 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ntdll.dll!LdrShutdownThread                               7C91388E 5 Bytes  JMP 0034E576 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] kernel32.dll!CreateRemoteThread                           7C8104CC 5 Bytes  JMP 0034F134 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] kernel32.dll!GetCommandLineA                              7C812FBD 5 Bytes  JMP 0034E5B1 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] kernel32.dll!CreateActCtxW                                7C8154FC 5 Bytes  JMP 0034B774 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] kernel32.dll!QueryActCtxW                                 7C81637B 5 Bytes  JMP 0034B844 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] kernel32.dll!GetCommandLineW                              7C817023 5 Bytes  JMP 0034E698 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] kernel32.dll!CreateProcessInternalW                       7C8197B0 5 Bytes  JMP 0034E4D6 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] gdi32.dll!GdiAddFontResourceW                             77F1CE11 5 Bytes  JMP 0034F4C7 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] gdi32.dll!RemoveFontResourceExW                           77F29281 5 Bytes  JMP 0034F363 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!CloseServiceHandle                           77DE6CE5 5 Bytes  JMP 0034D0B3 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!QueryServiceStatus                           77DE6D50 5 Bytes  JMP 0034C70E 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!OpenSCManagerW                               77DE6F55 5 Bytes  JMP 0034BC49 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!OpenServiceW                                 77DE6FFD 5 Bytes  JMP 0034CA38 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!StartServiceA                                77DEFB58 5 Bytes  JMP 0034C0D8 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!RegisterServiceCtrlHandlerExA                77DEFEAB 5 Bytes  JMP 0034C492 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!QueryServiceStatusEx                         77DF120A 5 Bytes  JMP 0034C669 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!QueryServiceConfigA                          77DF1596 5 Bytes  JMP 0034C996 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!SetServiceStatus                             77DF3251 5 Bytes  JMP 0034C2B2 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!StartServiceCtrlDispatcherW                  77DF359D 5 Bytes  JMP 0034C17A 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!RegisterServiceCtrlHandlerExW                77DF3E49 5 Bytes  JMP 0034C3F3 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!RegisterServiceCtrlHandlerW                  77DF3E77 5 Bytes  JMP 0034C531 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!StartServiceW                                77DF3E94 5 Bytes  JMP 0034C036 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!ControlService                               77DF4A09 5 Bytes  JMP 0034D014 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!OpenServiceA                                 77DF4C66 5 Bytes  JMP 0034D330 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!RegisterServiceCtrlHandlerA                  77DF4EC6 5 Bytes  JMP 0034C5CD 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!OpenSCManagerA                               77DF69AE 5 Bytes  JMP 0034BCA9 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!EnumServicesStatusA                          77DF6B47 5 Bytes  JMP 0034BE6B 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!QueryServiceConfigW                          77DF6F92 5 Bytes  JMP 0034C8F4 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!EnumServicesStatusExW                        77E369B8 5 Bytes  JMP 0034BD09 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!SetServiceBits                               77E36BF9 5 Bytes  JMP 0034C351 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!EnumServicesStatusExA                        77E36C2F 5 Bytes  JMP 0034BD81 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!QueryServiceObjectSecurity                   77E36D01 5 Bytes  JMP 0034BBE0 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!SetServiceObjectSecurity                     77E36D81 5 Bytes  JMP 0034BB7D 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!ChangeServiceConfigA                         77E36E69 5 Bytes  JMP 0034CF60 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!ChangeServiceConfigW                         77E37001 5 Bytes  JMP 0034CEAC 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!CreateServiceA                               77E37211 5 Bytes  JMP 0034BFB8 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!CreateServiceW                               77E373A9 5 Bytes  JMP 0034BF3A 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!DeleteService                                77E374B1 5 Bytes  JMP 0034BEDD 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!EnumDependentServicesA                       77E37529 5 Bytes  JMP 0034CE04 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!EnumDependentServicesW                       77E375E1 5 Bytes  JMP 0034CD5C 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!GetServiceDisplayNameA                       77E37699 5 Bytes  JMP 0034CB76 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!GetServiceDisplayNameW                       77E37739 5 Bytes  JMP 0034CAD4 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!GetServiceKeyNameA                           77E377D9 5 Bytes  JMP 0034CCBA 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!GetServiceKeyNameW                           77E37879 5 Bytes  JMP 0034CC18 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!QueryServiceConfig2A                         77E37999 5 Bytes  JMP 0034C84F 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!QueryServiceConfig2W                         77E37AB1 5 Bytes  JMP 0034C7AA 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!EnumServicesStatusW                          77E37D61 5 Bytes  JMP 0034BDF9 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ADVAPI32.dll!StartServiceCtrlDispatcherA                  77E37F09 5 Bytes  JMP 0034C216 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ole32.dll!CoCreateInstanceEx                              774FF164 5 Bytes  JMP 003527CE 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ole32.dll!CoGetClassObject                                77515205 5 Bytes  JMP 0035273F 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ole32.dll!CoRegisterClassObject                           775179D0 5 Bytes  JMP 00352618 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ole32.dll!CoResumeClassObjects + 7                        775268A7 5 Bytes  JMP 00352519 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ole32.dll!CoRevokeClassObject                             77529E58 5 Bytes  JMP 00352595 
.text           C:\Program Files\TC UP\totalcmd.exe[1708] ole32.dll!CoGetInstanceFromFile                           77540232 5 Bytes  JMP 003526A7 
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1932] kernel32.dll!SetUnhandledExceptionFilter  7C84495D 4 Bytes  [C2, 04, 00, 00]
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtAreMappedFilesTheSame                           7C90CF7E 5 Bytes  JMP 00500A1F 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtCancelIoFile                                    7C90CFBE 5 Bytes  JMP 0050189D 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtClose                                           7C90CFEE 5 Bytes  JMP 004FFEF8 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtCompactKeys                                     7C90D00E 5 Bytes  JMP 00504B79 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtCompressKey                                     7C90D03E 5 Bytes  JMP 00504AF6 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtCreateFile                                      7C90D0AE 5 Bytes  JMP 005017FC 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtCreateKey                                       7C90D0EE 5 Bytes  JMP 00504A3E 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtCreateMailslotFile                              7C90D0FE 5 Bytes  JMP 00501764 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtCreateNamedPipeFile                             7C90D11E 5 Bytes  JMP 005016BA 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtCreatePagingFile                                7C90D12E 5 Bytes  JMP 0050162E 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtCreateProcess                                   7C90D14E 5 Bytes  JMP 004FE43E 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtCreateProcessEx                                 7C90D15E 5 Bytes  JMP 004FE3A3 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtCreateSection                                   7C90D17E 5 Bytes  JMP 00503974 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtCreateThread                                    7C90D1AE 5 Bytes  JMP 004FE26A 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtDeleteFile                                      7C90D23E 5 Bytes  JMP 005015AB 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtDeleteKey                                       7C90D24E 5 Bytes  JMP 005049A6 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtDeleteValueKey                                  7C90D26E 5 Bytes  JMP 00504920 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtDeviceIoControlFile                             7C90D27E 5 Bytes  JMP 0050150D 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtDuplicateObject                                 7C90D29E 5 Bytes  JMP 004FFE63 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtEnumerateKey                                    7C90D2CE 5 Bytes  JMP 0050488E 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtEnumerateValueKey                               7C90D2EE 5 Bytes  JMP 005047FC 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtExtendSection                                   7C90D2FE 5 Bytes  JMP 005038EE 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtFlushBuffersFile                                7C90D32E 5 Bytes  JMP 00501487 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtFlushKey                                        7C90D34E 5 Bytes  JMP 00504779 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtFsControlFile                                   7C90D39E 5 Bytes  JMP 005013E9 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtLoadKey                                         7C90D47E 5 Bytes  JMP 005046F3 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtLoadKey2                                        7C90D48E 5 Bytes  JMP 0050466A 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtLockFile                                        7C90D49E 5 Bytes  JMP 0050134B 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtLockRegistryKey                                 7C90D4BE 5 Bytes  JMP 0050455B 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtMakeTemporaryObject                             7C90D4EE 5 Bytes  JMP 004FFDE0 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtMapViewOfSection                                7C90D51E 5 Bytes  JMP 00503850 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtNotifyChangeDirectoryFile                       7C90D53E 5 Bytes  JMP 005012B0 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtNotifyChangeKey                                 7C90D54E 5 Bytes  JMP 005044BD 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtNotifyChangeMultipleKeys                        7C90D55E 5 Bytes  JMP 00504419 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtOpenFile                                        7C90D59E 5 Bytes  JMP 0050198E 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtOpenKey                                         7C90D5CE 5 Bytes  JMP 00504390 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtOpenSection                                     7C90D62E 5 Bytes  JMP 005037C7 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtQueryAttributesFile                             7C90D70E 5 Bytes  JMP 0050122A 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtQueryDirectoryFile                              7C90D76E 5 Bytes  JMP 00501189 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtQueryEaFile                                     7C90D78E 5 Bytes  JMP 005010EE 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtQueryFullAttributesFile                         7C90D7AE 5 Bytes  JMP 00501068 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtQueryInformationFile                            7C90D7CE 5 Bytes  JMP 00500FD9 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtQueryKey                                        7C90D85E 5 Bytes  JMP 00504301 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtQueryMultipleValueKey                           7C90D86E 5 Bytes  JMP 0050426F 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtQueryObject                                     7C90D88E 5 Bytes  JMP 004FFD51 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtQueryOpenSubKeys                                7C90D89E 5 Bytes  JMP 005041E9 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtQueryQuotaInformationFile                       7C90D8BE 5 Bytes  JMP 00500984 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtQuerySection                                    7C90D8CE 5 Bytes  JMP 00503738 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtQuerySecurityObject                             7C90D8DE 5 Bytes  JMP 004FFA43 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtQueryValueKey                                   7C90D96E 5 Bytes  JMP 005040CB 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtQueryVirtualMemory                              7C90D97E 5 Bytes  JMP 00503620 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtQueryVolumeInformationFile                      7C90D98E 5 Bytes  JMP 00500F4A 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtReadFile                                        7C90D9CE 5 Bytes  JMP 00500EAF 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtReadFileScatter                                 7C90D9DE 5 Bytes  JMP 00500E14 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtRenameKey                                       7C90DA5E 5 Bytes  JMP 00504045 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtReplaceKey                                      7C90DA6E 5 Bytes  JMP 00503FBC 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtRestoreKey                                      7C90DB1E 5 Bytes  JMP 00503F33 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtSaveKey                                         7C90DB4E 5 Bytes  JMP 00503EAD 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtSaveKeyEx                                       7C90DB5E 5 Bytes  JMP 00503E24 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtSaveMergedKeys                                  7C90DB6E 5 Bytes  JMP 00503D9B 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtSetEaFile                                       7C90DBFE 5 Bytes  JMP 00500D88 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtSetInformationFile                              7C90DC5E 5 Bytes  JMP 00500CF9 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtSetInformationKey                               7C90DC7E 5 Bytes  JMP 00503D0F 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtSetInformationObject                            7C90DC8E 5 Bytes  JMP 004FFCC5 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtSetInformationProcess                           7C90DC9E 5 Bytes  JMP 004FE1DE 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtSetQuotaInformationFile                         7C90DD1E 5 Bytes  JMP 005008F8 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtSetSecurityObject                               7C90DD2E 5 Bytes  JMP 004FF9BA 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtSetValueKey                                     7C90DDCE 5 Bytes  JMP 00503C68 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtSetVolumeInformationFile                        7C90DDDE 5 Bytes  JMP 00500C6A 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtSignalAndWaitForSingleObject                    7C90DDFE 5 Bytes  JMP 004FFC38 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtTerminateProcess                                7C90DE6E 5 Bytes  JMP 004FE600 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtTranslateFilePath                               7C90DEAE 5 Bytes  JMP 0050086C 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtUnloadKey                                       7C90DECE 5 Bytes  JMP 00503BE5 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtUnloadKeyEx                                     7C90DEDE 5 Bytes  JMP 00503AD9 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtUnlockFile                                      7C90DEEE 5 Bytes  JMP 00500BDB 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtUnmapViewOfSection                              7C90DF0E 5 Bytes  JMP 005036B2 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtWaitForMultipleObjects                          7C90DF3E 5 Bytes  JMP 004FFB66 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtWaitForSingleObject                             7C90DF4E 5 Bytes  JMP 004FFAD2 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtWriteFile                                       7C90DF7E 5 Bytes  JMP 00500B40 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!NtWriteFileGather                                 7C90DF8E 5 Bytes  JMP 00500AA5 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ntdll.dll!LdrShutdownThread                                 7C91388E 5 Bytes  JMP 004FE576 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] kernel32.dll!CreateRemoteThread                             7C8104CC 5 Bytes  JMP 004FF134 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] kernel32.dll!GetCommandLineA                                7C812FBD 5 Bytes  JMP 004FE5B1 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] kernel32.dll!CreateActCtxW                                  7C8154FC 5 Bytes  JMP 004FB774 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] kernel32.dll!QueryActCtxW                                   7C81637B 5 Bytes  JMP 004FB844 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] kernel32.dll!GetCommandLineW                                7C817023 5 Bytes  JMP 004FE698 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] kernel32.dll!CreateProcessInternalW                         7C8197B0 5 Bytes  JMP 004FE4D6 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] gdi32.dll!GdiAddFontResourceW                               77F1CE11 5 Bytes  JMP 004FF4C7 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] gdi32.dll!RemoveFontResourceExW                             77F29281 5 Bytes  JMP 004FF363 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!CloseServiceHandle                             77DE6CE5 5 Bytes  JMP 004FD0B3 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!QueryServiceStatus                             77DE6D50 5 Bytes  JMP 004FC70E 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!OpenSCManagerW                                 77DE6F55 5 Bytes  JMP 004FBC49 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!OpenServiceW                                   77DE6FFD 5 Bytes  JMP 004FCA38 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!StartServiceA                                  77DEFB58 5 Bytes  JMP 004FC0D8 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!RegisterServiceCtrlHandlerExA                  77DEFEAB 5 Bytes  JMP 004FC492 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!QueryServiceStatusEx                           77DF120A 5 Bytes  JMP 004FC669 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!QueryServiceConfigA                            77DF1596 5 Bytes  JMP 004FC996 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!SetServiceStatus                               77DF3251 5 Bytes  JMP 004FC2B2 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!StartServiceCtrlDispatcherW                    77DF359D 5 Bytes  JMP 004FC17A 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!RegisterServiceCtrlHandlerExW                  77DF3E49 5 Bytes  JMP 004FC3F3 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!RegisterServiceCtrlHandlerW                    77DF3E77 5 Bytes  JMP 004FC531 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!StartServiceW                                  77DF3E94 5 Bytes  JMP 004FC036 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!ControlService                                 77DF4A09 5 Bytes  JMP 004FD014 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!OpenServiceA                                   77DF4C66 5 Bytes  JMP 004FD330 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!RegisterServiceCtrlHandlerA                    77DF4EC6 5 Bytes  JMP 004FC5CD 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!OpenSCManagerA                                 77DF69AE 5 Bytes  JMP 004FBCA9 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!EnumServicesStatusA                            77DF6B47 5 Bytes  JMP 004FBE6B 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!QueryServiceConfigW                            77DF6F92 5 Bytes  JMP 004FC8F4 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!EnumServicesStatusExW                          77E369B8 5 Bytes  JMP 004FBD09 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!SetServiceBits                                 77E36BF9 5 Bytes  JMP 004FC351 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!EnumServicesStatusExA                          77E36C2F 5 Bytes  JMP 004FBD81 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!QueryServiceObjectSecurity                     77E36D01 5 Bytes  JMP 004FBBE0 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!SetServiceObjectSecurity                       77E36D81 5 Bytes  JMP 004FBB7D 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!ChangeServiceConfigA                           77E36E69 5 Bytes  JMP 004FCF60 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!ChangeServiceConfigW                           77E37001 5 Bytes  JMP 004FCEAC 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!CreateServiceA                                 77E37211 5 Bytes  JMP 004FBFB8 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!CreateServiceW                                 77E373A9 5 Bytes  JMP 004FBF3A 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!DeleteService                                  77E374B1 5 Bytes  JMP 004FBEDD 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!EnumDependentServicesA                         77E37529 5 Bytes  JMP 004FCE04 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!EnumDependentServicesW                         77E375E1 5 Bytes  JMP 004FCD5C 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!GetServiceDisplayNameA                         77E37699 5 Bytes  JMP 004FCB76 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!GetServiceDisplayNameW                         77E37739 5 Bytes  JMP 004FCAD4 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!GetServiceKeyNameA                             77E377D9 5 Bytes  JMP 004FCCBA 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!GetServiceKeyNameW                             77E37879 5 Bytes  JMP 004FCC18 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!QueryServiceConfig2A                           77E37999 5 Bytes  JMP 004FC84F 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!QueryServiceConfig2W                           77E37AB1 5 Bytes  JMP 004FC7AA 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!EnumServicesStatusW                            77E37D61 5 Bytes  JMP 004FBDF9 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ADVAPI32.dll!StartServiceCtrlDispatcherA                    77E37F09 5 Bytes  JMP 004FC216 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ole32.dll!CoCreateInstanceEx                                774FF164 5 Bytes  JMP 005027CE 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ole32.dll!CoGetClassObject                                  77515205 5 Bytes  JMP 0050273F 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ole32.dll!CoRegisterClassObject                             775179D0 5 Bytes  JMP 00502618 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ole32.dll!CoResumeClassObjects + 7                          775268A7 5 Bytes  JMP 00502519 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ole32.dll!CoRevokeClassObject                               77529E58 5 Bytes  JMP 00502595 
.text           c:\DownLoads\Firefox\n1lr579p.exe[3036] ole32.dll!CoGetInstanceFromFile                             77540232 5 Bytes  JMP 005026A7 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                  [B7ED7A32] sptd.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                          [B7ED7B6E] sptd.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                 [B7ED7AF6] sptd.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                         [B7ED86CC] sptd.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                 [B7ED85A2] sptd.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                  [B7EFABBC] sptd.sys

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                              8A57BBF8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                              eamon.sys (Amon monitor/ESET)

Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                           8A5C8C78
Device          \Driver\dmio \Device\DmControl\DmConfig                                                             8A5C8C78
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                8A5C8C78
Device          \Driver\dmio \Device\DmControl\DmInfo                                                               8A5C8C78

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                           epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                              8A5C8EB0
Device          \Driver\Cdrom \Device\CdRom0                                                                        8A3B4008
Device          \FileSystem\Rdbss \Device\FsWrap                                                                    891D6EB0
Device          \FileSystem\Rdbss \Device\FsWrap                                                                    89A0C6EC
Device          \Driver\NetBT \Device\NetBT_Tcpip_{9224FAC0-07C7-442B-8943-653C190475E6}                            8923EEB0
Device          \Driver\atapi \Device\Ide\IdePort0                                                                  [B7E09B40] atapi.sys[unknown section] {MOV EAX, 0x8a5c8960; XCHG [ESP], EAX; PUSH EAX; PUSH 0xb7eec684; RET }
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                         [B7E09B40] atapi.sys[unknown section] {MOV EAX, 0x8a5c8960; XCHG [ESP], EAX; PUSH EAX; PUSH 0xb7eec684; RET }
Device          \Driver\atapi \Device\Ide\IdePort1                                                                  [B7E09B40] atapi.sys[unknown section] {MOV EAX, 0x8a5c8960; XCHG [ESP], EAX; PUSH EAX; PUSH 0xb7eec684; RET }
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                             8923EEB0
Device          \Driver\nvata \Device\00000078                                                                      8A2F80D0
Device          \Driver\NetBT \Device\NetbiosSmb                                                                    8923EEB0
Device          \FileSystem\Srv \Device\LanmanServer                                                                8A509B8C
Device          \Driver\Disk \Device\Harddisk0\DR0                                                                  8A57BEB0
Device          \Driver\nvata \Device\NvAta0                                                                        8A2F80D0
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                   89219EB0
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                   89A0E6EC
Device          \Driver\nvata \Device\NvAta1                                                                        8A2F80D0
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                         89219EB0
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                         89A0E6EC
Device          \FileSystem\Npfs \Device\NamedPipe                                                                  8928AD18
Device          \FileSystem\Npfs \Device\NamedPipe                                                                  89A856EC
Device          \Driver\Ftdisk \Device\FtControl                                                                    8A5C8EB0
Device          \FileSystem\Msfs \Device\Mailslot                                                                   892B8D18
Device          \FileSystem\Msfs \Device\Mailslot                                                                   89A876EC
Device          \Driver\d344prt \Device\Scsi\d344prt1                                                               8A5C85D0
Device          \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer                                                  8A09A65C
Device          \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer                                                   8A09A65C
Device          \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer                                                       8A09A65C
Device          \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer                                                    8A09A65C
Device          \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer                                                   8A09A65C
Device          \FileSystem\Cdfs \Cdfs                                                                              8A3B1EB0
Device          \FileSystem\Cdfs \Cdfs                                                                              8A51AD8C

---- Modules - GMER 1.0.15 ----

Module          (noname) (*** hidden *** )                                                                          B8318000-B8327000 (61440 bytes)                                                                                

---- Threads - GMER 1.0.15 ----

Thread          System [4:640]                                                                                      89037540
Thread          System [4:644]                                                                                      89037540

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg@s0                                                      539330770
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg@s1                                                      -960093781
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg@s2                                                      -1542847749

---- EOF - GMER 1.0.15 ----

  • 0

#3
Essexboy
Posted 21 January 2012 - 02:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there this is a fairly severe infection so I will try and kill the main bad boy first and then mop up afterwards

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#4
Toris Badic
Posted 21 January 2012 - 09:31 PM

Toris Badic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
combofix log

ComboFix 12-01-21.02 - thumb 01/22/2012   3:14.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1609 [GMT 1:00]
Running from: c:\documents and settings\thumb\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
 * Resident AV is active
.
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\thumb\Local Settings\Application Data\6bff5816\U\00000001.@
c:\documents and settings\thumb\Local Settings\Application Data\6bff5816\U\000000c0.@
c:\documents and settings\thumb\Local Settings\Application Data\6bff5816\U\000000cb.@
c:\documents and settings\thumb\Local Settings\Application Data\6bff5816\U\000000cf.@
c:\documents and settings\thumb\Local Settings\Application Data\6bff5816\U\80000000.@
c:\documents and settings\thumb\Local Settings\Application Data\6bff5816\U\800000c0.@
c:\documents and settings\thumb\Local Settings\Application Data\6bff5816\U\800000cb.@
c:\documents and settings\thumb\Local Settings\Application Data\6bff5816\U\800000cf.@
c:\documents and settings\thumb\Local Settings\Application Data\6bff5816\X
C:\Thumbs.db
c:\windows\$NtUninstallKB52246$
c:\windows\$NtUninstallKB52246$\1811896342\@
c:\windows\$NtUninstallKB52246$\1811896342\L\mdeiociy
c:\windows\$NtUninstallKB52246$\1811896342\loader.tlb
c:\windows\$NtUninstallKB52246$\1811896342\U\@00000001
c:\windows\$NtUninstallKB52246$\1811896342\U\@000000c0
c:\windows\$NtUninstallKB52246$\1811896342\U\@000000cb
c:\windows\$NtUninstallKB52246$\1811896342\U\@000000cf
c:\windows\$NtUninstallKB52246$\1811896342\U\@80000000
c:\windows\$NtUninstallKB52246$\1811896342\U\@800000c0
c:\windows\$NtUninstallKB52246$\1811896342\U\@800000cb
c:\windows\$NtUninstallKB52246$\1811896342\U\@800000cf
c:\windows\$NtUninstallKB52246$\2924990021
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\daemon.dll
c:\windows\system32\armoucfltr.dll
c:\windows\system32\office.exe
c:\windows\system32\Thumbs.db
c:\windows\XSxS
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RkHit
-------\Legacy_PhilCam8116
-------\Service_PhilCam8116
.
.
(((((((((((((((((((((((((   Files Created from 2011-12-22 to 2012-01-22  )))))))))))))))))))))))))))))))
.
.
2012-01-22 02:29 . 2012-01-22 02:29	--------	d-----w-	c:\windows\system32\wbem\snmp
2012-01-22 02:29 . 2012-01-22 02:29	--------	d-----w-	c:\windows\system32\xircom
2012-01-22 02:29 . 2012-01-22 02:29	--------	d-----w-	c:\program files\microsoft frontpage
2012-01-21 19:10 . 2012-01-22 01:55	0	--sha-w-	c:\windows\system32\dds_log_trash.cmd
2012-01-21 18:59 . 2012-01-21 18:59	--------	d-----w-	c:\documents and settings\thumb\Application Data\Malwarebytes
2012-01-21 18:59 . 2012-01-21 18:59	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-21 18:59 . 2012-01-21 18:59	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-01-21 18:59 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-21 17:07 . 2012-01-21 17:07	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-01-21 16:36 . 2012-01-22 02:27	--------	d-sh--w-	c:\documents and settings\thumb\Local Settings\Application Data\6bff5816
2012-01-10 01:15 . 2012-01-10 01:16	--------	d-----w-	c:\program files\Xvid
2012-01-10 01:12 . 2012-01-10 01:12	--------	d-----w-	c:\program files\ffdshow
2012-01-08 15:42 . 2012-01-08 18:22	--------	d-s---w-	c:\documents and settings\UpdatusUser
2012-01-08 15:42 . 2012-01-08 15:42	--------	d-----w-	c:\documents and settings\All Users\Application Data\NVIDIA
2012-01-08 15:39 . 2012-01-08 16:58	--------	dc----w-	c:\windows\$968930Uinstall_KB968930$
2012-01-08 15:35 . 2012-01-08 16:58	--------	d-----w-	c:\program files\Windows Desktop Search
2012-01-08 15:35 . 2012-01-08 15:35	--------	d-----w-	c:\windows\system32\GroupPolicy
2012-01-03 00:46 . 2012-01-03 00:48	--------	d-----w-	C:\samples
2011-12-30 15:59 . 2011-12-30 15:59	626688	----a-w-	c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-30 15:59 . 2011-12-30 15:59	548864	----a-w-	c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-30 15:59 . 2011-12-30 15:59	479232	----a-w-	c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-30 15:59 . 2011-12-30 15:59	43992	----a-w-	c:\program files\Mozilla Firefox\mozutils.dll
2011-12-30 15:22 . 2011-12-30 15:22	--------	d-----w-	c:\program files\FLAC
2011-12-27 00:54 . 2011-12-27 00:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\Badoo
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 04:39 . 2011-12-15 04:39	42392	----a-w-	c:\windows\system32\xfcodec.dll
2011-11-29 14:21 . 2009-03-02 19:10	79872	----a-w-	c:\windows\system32\ff_vfw.dll
2011-11-23 13:25 . 2010-05-02 05:22	1859584	----a-w-	c:\windows\system32\win32k.sys
2011-11-17 00:02 . 2011-05-13 18:40	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:19 . 2010-05-06 10:36	919552	----a-w-	c:\windows\system32\wininet.dll
2011-11-04 19:19 . 2010-05-06 10:36	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2011-11-04 19:19 . 2009-03-08 02:34	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-11-01 16:07 . 2008-04-14 03:42	1288704	----a-w-	c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2009-12-14 07:08	33280	----a-w-	c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2010-02-16 14:08	2148864	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2010-02-16 14:25	2027008	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-10-25 12:01 . 2009-03-08 02:35	385024	----a-w-	c:\windows\system32\html.iec
2011-12-30 15:59 . 2011-04-22 01:26	121816	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2008-03-20 31232]
"HomeAlarm"="c:\program files\Chameleon Clock\ChamClock.exe" [2007-12-10 709632]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-06-02 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-03-20 23552]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"CTHelper"="CTHELPER.EXE" [2008-03-20 23040]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2008-03-05 188416]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\thumb\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
"NoNetworkConnections"= 01000000
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55	937920	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-13 11:33	133104	----atw-	c:\documents and settings\thumb\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22	3739648	----a-w-	c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 03:15	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 03:42	143360	----a-w-	c:\windows\system32\mobsync.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent2\\uTorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [8/25/2010 2:04 AM 137216]
R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [8/25/2010 2:04 AM 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/25/2010 1:26 AM 643072]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/29/2009 12:02 PM 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/29/2009 12:05 PM 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/29/2009 12:03 PM 735960]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8/25/2010 1:19 AM 10448]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/21/2012 7:59 PM 652872]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [8/25/2010 3:14 PM 33792]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/20/2008 4:23 PM 98328]
R3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.sys [3/20/2008 4:38 PM 134168]
R3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.sys [3/20/2008 4:37 PM 309784]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/21/2012 7:59 PM 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [6/30/2009 4:47 PM 31312]
S3 automap;Automap MIDI Driver Service;c:\windows\system32\drivers\automap.sys [5/25/2011 3:58 AM 7168]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/20/2008 4:23 PM 98328]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [3/20/2008 4:36 PM 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [3/20/2008 4:36 PM 171032]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/20/2008 4:23 PM 528920]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/20/2008 4:23 PM 528920]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.sys [3/20/2008 4:26 PM 163352]
S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.sys [3/20/2008 4:26 PM 163352]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.sys [3/20/2008 4:32 PM 259096]
S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.sys [3/20/2008 4:32 PM 259096]
S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.sys [3/20/2008 4:38 PM 134168]
S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.sys [3/20/2008 4:37 PM 309784]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/20/2008 4:36 PM 99352]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/20/2008 4:36 PM 99352]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [3/20/2008 4:40 PM 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [3/20/2008 4:40 PM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [3/20/2008 4:37 PM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [3/20/2008 4:37 PM 72728]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/20/2008 4:25 PM 534040]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/20/2008 4:25 PM 534040]
S3 DfuUsb;DfuUsb;c:\windows\system32\drivers\DFUUsb.sys [8/26/2010 2:53 AM 10880]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4/23/2011 4:49 PM 36608]
S3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\drivers\nvnusbaudio.sys [5/25/2011 3:57 AM 33792]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [6/17/2011 4:59 AM 13312]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [4/23/2011 4:50 PM 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [4/23/2011 4:50 PM 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [4/23/2011 4:50 PM 123648]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
AlKernel
mbackmonitor
aiclient
cxusb
datasvr2
BrUsbSer
PhilCam8116
swwd
appnnode
kservice
SQLAgent$LG_LP2
EMSCR
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 87.255.6.117:80
IE: Download with GetRight Pro - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with GetRight Pro Browser - c:\program files\GetRight\GRbrowse.htm
TCP: DhcpNameServer = 89.216.1.30 89.216.1.50
FF - ProfilePath - c:\documents and settings\thumb\Application Data\Mozilla\Firefox\Profiles\c9tc4cg6.default\
FF - prefs.js: browser.startup.homepage - 
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.http - 176.9.1.72
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NPSStartup - (no file)
HKLM-Run-LClock - c:\program files\LClock\LClock.exe
MSConfigStartUp-H2O - c:\program files\SyncroSoft\Pos\H2O\cledx.exe
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
AddRemove-Android SDK Tools - c:\program files\Android\android-sdk\uninstall.exe
AddRemove-PokerStars - c:\program files\PokerStars\PokerStarsUninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-22 03:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3668)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\Amhooker.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\CTHELPER.EXE
c:\program files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2012-01-22  03:39:06 - machine was rebooted
ComboFix-quarantined-files.txt  2012-01-22 02:38
.
Pre-Run: 20,061,388,800 bytes free
Post-Run: 20,151,259,136 bytes free
.
- - End Of File - - 6CCA32E1F7C67B366A10BAE164C932E4

i think it helped and that computer is clean now as everything seems to be working. I had much troubles untill combofix properly started like windows froze, BSOD etc...

Now, aswMBR wont work. I run it from desktop, it updates virus signature database and starts scanning (quickscan). and then when it starts scanning thru doc&settings/application data/* it slows down and when it comes to doc&settings/application data/thinstall/dvd x something computer goes bsod :/.

Anyway, nod32 doesnt say im infected and that should be it.

I'm now aware that nod32 is not the best AV any more as this shouldn't of happen. I picked the trojan as i was trying to find microsoft word company moemorandm templates and i downloaded 2 of them. So one of them must of had trojan within.
Can you please advise me what AV to use as i want to stop using nod after this.



And stupid paypal... doesn't allow credit cards from Serbia. If you have moneybookers account please tell me, i would like to donate.

The credit card number you have entered cannot be verified. Only credit cards from approved countries may be used on PayPal.


  • 0

#5
Essexboy
Posted 22 January 2012 - 06:02 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
With regards to AV's none are 100% effective to my knowledge and all of them have trouble with this particular infection... I can give you some recommendations if you wish, but at the end of the day I do not feel it will achieve anything with regards to extra protection

However, a layered approach will work well and a more suspicious nature when downloading files. Scan them with your AV and Malwarebytes prior to running

One folder to get rid of but I will do that as a part of the clean up. Also the tcpip stack needs resetting, to that end go to this MS Page and run the small fixit there

Prior to the cleanup though could you confirm that all is working as it should - windows updates etc... :)
  • 0

#6
Toris Badic
Posted 22 January 2012 - 07:52 AM

Toris Badic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
it seems that all is working fine. i turned windows update off because my system malfunctioned after previous update. i had like 25 items to update and after reboot i was just getting "system has recovered from a serious error" over and over again and windows wouldnt start. So i restored it to before the update and turned it off :/. i'm afraid that if i turn it on again it will stall my system again after the update.
i did microsoft fix it. i just ran malware bytes and nod32 scan and it didnt find anything!

thank you very very much for your help. you are amazing!
  • 0

#7
Toris Badic
Posted 22 January 2012 - 08:01 AM

Toris Badic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
malware bytes reported 3 ip blocks today. but i doubt it had anything to do with trojans.

2012/01/22 14:05:39 +0100 THUMBZ thumb IP-BLOCK 91.188.53.250 (Type: outgoing)
2012/01/22 14:27:15 +0100 THUMBZ thumb IP-BLOCK 83.128.53.54 (Type: incoming)
2012/01/22 14:58:43 +0100 THUMBZ thumb IP-BLOCK 212.36.9.168 (Type: incoming)

or does it?
  • 0

#8
Essexboy
Posted 22 January 2012 - 09:04 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
They all relate to different servers the two incoming are not a problem the outgoing is to sia izzi in Latvia which appears to be a legitimate ISP although there are some dubious people using it at times

So what I will do is reset the proxy in FF and remove the old folder

Also what update does the system freeze on ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..network.proxy.http: "176.9.1.72"
    FF - prefs.js..network.proxy.http_port: 80
    FF - prefs.js..network.proxy.type: 4
    [2012/01/21 17:36:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\thumb\Local Settings\Application Data\6bff5816

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#9
Toris Badic
Posted 22 January 2012 - 05:49 PM

Toris Badic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
it didn't work. i did exactly as advised and it was stalled 40 minutes on "killing processes do not interrupt" so i had to reboot. tried it again and it was the same.
in the meanwhile i found out that i can't get to device manager. when i click on it warning window pops up and says "mmc.exe - Unable to locate component" - This application had failed to start because apphelp.dll was not found. Re-installing the application may fix this problem.
  • 0

#10
Toris Badic
Posted 22 January 2012 - 08:04 PM

Toris Badic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
just to add that windows crushed after its update, not while updating. for some reason it wasnt auto updating for 1 month so i did it manually and chosen everything offered (not critical only).
  • 0

Advertisements

#11
Essexboy
Posted 23 January 2012 - 12:37 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
For OTL could you disable MBAM during the run please as it stops OTL dead in its tracks

Could you locate the mindump file at C:\windows\minidumps the latest two should do
Then zip and attach them to the next post

Did any of the updates fail to install ?

Lets look for the apphelp file


  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    apphelp.*
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • 0

#12
Toris Badic
Posted 23 January 2012 - 06:18 PM

Toris Badic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL

OTL logfile created on: 1/24/2012 1:06:20 AM - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\thumb\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.62% Memory free
3.85 Gb Paging File | 3.33 Gb Available in Paging File | 86.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 18.36 Gb Free Space | 12.32% Space Free | Partition Type: NTFS
 
Computer Name: THUMBZ | User Name: thumb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - File not found -- 
PRC - [2012/01/22 23:50:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thumb\Desktop\OTL.exe
PRC - [2011/12/30 16:59:44 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/09/29 12:03:46 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/09/29 12:02:52 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/29 12:25:50 | 000,671,863 | ---- | M] (E-MU Systems) -- C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/10 23:56:00 | 000,709,632 | ---- | M] (Softshape Development) -- C:\Program Files\Chameleon Clock\ChamClock.exe
PRC - [2007/05/21 09:51:10 | 000,135,233 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2007/05/21 09:50:56 | 000,065,605 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2007/05/15 08:53:12 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011/12/30 16:59:44 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/05/15 08:53:12 | 000,876,544 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll
MOD - [2007/05/15 08:53:12 | 000,159,744 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll
MOD - [2007/05/15 08:53:12 | 000,024,691 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so
MOD - [1996/06/11 00:01:00 | 000,014,336 | ---- | M] () -- C:\Program Files\Chameleon Clock\DelphiMM.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] --  -- (swwd)
SRV - File not found [Auto | Stopped] --  -- (SQLAgent$LG_LP2)
SRV - File not found [Auto | Stopped] --  -- (mbackmonitor)
SRV - File not found [Auto | Stopped] --  -- (kservice)
SRV - File not found [Auto | Stopped] --  -- (EMSCR)
SRV - File not found [Auto | Stopped] --  -- (datasvr2)
SRV - File not found [Auto | Stopped] --  -- (cxusb)
SRV - File not found [Auto | Stopped] --  -- (BrUsbSer)
SRV - File not found [Auto | Stopped] --  -- (appnnode)
SRV - File not found [Auto | Stopped] --  -- (AlKernel)
SRV - File not found [Auto | Stopped] --  -- (aiclient)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/29 12:11:10 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/29 12:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007/05/21 09:51:10 | 000,135,233 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2007/05/21 09:50:56 | 000,065,605 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2007/05/15 08:53:12 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/10/28 14:26:46 | 000,033,792 | ---- | M] (Novation DMS Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnusbaudio.sys -- (NvnUsbAudio)
DRV - [2010/09/02 16:49:08 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2010/08/25 01:26:39 | 000,643,072 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/23 17:07:06 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2010/06/14 08:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/04/27 03:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010/04/27 03:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2010/04/27 03:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2010/03/18 10:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 10:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/18 10:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/12/01 09:51:24 | 000,031,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\androidusb.sys -- (androidusb)
DRV - [2009/10/16 12:10:10 | 000,007,168 | ---- | M] (Novation Digital Music Systems Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\automap.sys -- (automap)
DRV - [2009/09/29 12:05:54 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/09/29 12:02:58 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/29 11:56:32 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/03/20 16:55:16 | 000,802,840 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2008/03/20 16:54:42 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2008/03/20 16:52:50 | 000,159,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2008/03/20 16:52:22 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2008/03/20 16:51:56 | 000,129,560 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2008/03/20 16:49:30 | 000,524,824 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2008/03/20 16:48:56 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2008/03/20 16:40:38 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2008/03/20 16:40:38 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2008/03/20 16:38:06 | 000,134,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\CTEDSPIO.SYS -- (CTEDSPIO.SYS)
DRV - [2008/03/20 16:38:06 | 000,134,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEDSPIO.sys -- (CTEDSPIO)
DRV - [2008/03/20 16:37:36 | 000,309,784 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\CTEDSPSY.SYS -- (CTEDSPSY.SYS)
DRV - [2008/03/20 16:37:36 | 000,309,784 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEDSPSY.sys -- (CTEDSPSY)
DRV - [2008/03/20 16:37:10 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2008/03/20 16:37:10 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2008/03/20 16:36:44 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2008/03/20 16:36:44 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/03/20 16:36:14 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2008/03/20 16:36:14 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2008/03/20 16:32:36 | 000,259,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\CTEDSPFX.SYS -- (CTEDSPFX.SYS)
DRV - [2008/03/20 16:32:36 | 000,259,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEDSPFX.sys -- (CTEDSPFX)
DRV - [2008/03/20 16:26:30 | 000,163,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\CTEAPSFX.SYS -- (CTEAPSFX.SYS)
DRV - [2008/03/20 16:26:30 | 000,163,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEAPSFX.sys -- (CTEAPSFX)
DRV - [2008/03/20 16:25:44 | 000,534,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2008/03/20 16:25:44 | 000,534,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2008/03/20 16:23:44 | 000,528,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2008/03/20 16:23:44 | 000,528,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2008/03/20 16:23:08 | 000,098,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2008/03/20 16:23:08 | 000,098,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2007/12/25 16:08:36 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2007/05/21 03:43:12 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/05/21 03:43:08 | 000,046,080 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/01/24 16:46:48 | 000,008,704 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/18 09:31:38 | 000,105,472 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/12/18 13:18:56 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2004/08/12 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/12/27 19:42:12 | 000,137,216 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\d344bus.sys -- (d344bus)
DRV - [2003/12/27 01:38:10 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\d344prt.sys -- (d344prt)
DRV - [2001/11/27 16:46:10 | 000,010,880 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DFUUsb.sys -- (DfuUsb)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1078081533-1957994488-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
IE - HKU\S-1-5-21-1078081533-1957994488-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-1957994488-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1078081533-1957994488-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 87.255.6.117:80
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.2
FF - prefs.js..extensions.enabledItems: {113c2360-15a3-11de-8c30-0800200c9a66}:0.9
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.http: "176.9.1.72"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\thumb\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\thumb\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/30 16:59:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/10 00:13:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/08/25 01:11:55 | 000,000,000 | ---D | M]
 
[2010/08/25 00:40:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thumb\Application Data\Mozilla\Extensions
[2011/12/23 15:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thumb\Application Data\Mozilla\Firefox\Profiles\c9tc4cg6.default\extensions
[2010/08/25 14:34:55 | 000,000,000 | ---D | M] ("Vfox3") -- C:\Documents and Settings\thumb\Application Data\Mozilla\Firefox\Profiles\c9tc4cg6.default\extensions\{113c2360-15a3-11de-8c30-0800200c9a66}
[2010/08/29 14:02:49 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\thumb\Application Data\Mozilla\Firefox\Profiles\c9tc4cg6.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/08/25 14:33:22 | 000,000,000 | ---D | M] ("Strata40") -- C:\Documents and Settings\thumb\Application Data\Mozilla\Firefox\Profiles\c9tc4cg6.default\extensions\[email protected]
[2010/08/25 14:33:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thumb\Application Data\Mozilla\Firefox\Profiles\c9tc4cg6.default\extensions\[email protected]\chrome\mozapps\extensions
[2011/11/10 18:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THUMB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C9TC4CG6.DEFAULT\EXTENSIONS\[email protected]
[2011/12/30 16:59:45 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/17 03:39:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/08/26 14:42:09 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/08/31 11:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011/10/02 11:26:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 18:09:14 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2012/01/22 03:30:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (GetRight IE Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTHelper] C:\windows\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)
O4 - HKU\S-1-5-21-1078081533-1957994488-682003330-1004..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe (Softshape Development)
O4 - HKU\S-1-5-21-1078081533-1957994488-682003330-1004..\Run: [SetDefaultMIDI] C:\windows\System32\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1078081533-1957994488-682003330-1004..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1957994488-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078081533-1957994488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1078081533-1957994488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-1078081533-1957994488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-1078081533-1957994488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-1078081533-1957994488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-1078081533-1957994488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-1078081533-1957994488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-1078081533-1957994488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1078081533-1957994488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1078081533-1957994488-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.216.1.30 89.216.1.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9224FAC0-07C7-442B-8943-653C190475E6}: DhcpNameServer = 89.216.1.30 89.216.1.50
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\thumb\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\thumb\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/25 00:23:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: AlKernel -  File not found
NetSvcs: mbackmonitor -  File not found
NetSvcs: aiclient -  File not found
NetSvcs: cxusb -  File not found
NetSvcs: datasvr2 -  File not found
NetSvcs: BrUsbSer -  File not found
NetSvcs: PhilCam8116 -  File not found
NetSvcs: swwd -  File not found
NetSvcs: appnnode -  File not found
NetSvcs: kservice -  File not found
NetSvcs: SQLAgent$LG_LP2 -  File not found
NetSvcs: EMSCR -  File not found
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/01/22 23:50:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/22 23:49:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\thumb\Desktop\OTL.exe
[2012/01/22 13:47:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/22 03:56:45 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/01/22 03:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/01/22 03:29:21 | 000,000,000 | ---D | C] -- C:\windows\System32\xircom
[2012/01/22 03:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/01/22 03:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/01/22 03:03:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/01/22 03:03:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/01/22 03:03:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2012/01/22 03:03:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/01/22 03:02:58 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/01/22 02:24:13 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\thumb\Desktop\aswMBR.exe
[2012/01/22 02:18:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/22 02:18:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\thumb\Start Menu\Programs\Administrative Tools
[2012/01/22 02:07:06 | 004,388,509 | R--- | C] (Swearware) -- C:\Documents and Settings\thumb\Desktop\ComboFix.exe
[2012/01/21 19:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thumb\Application Data\Malwarebytes
[2012/01/21 19:59:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/21 19:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/21 19:59:12 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/01/21 19:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/21 17:36:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\thumb\Local Settings\Application Data\6bff5816
[2012/01/10 02:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Xvid
[2012/01/10 02:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2012/01/10 02:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow
[2012/01/10 02:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2012/01/08 19:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/01/08 16:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2012/01/08 16:39:10 | 000,000,000 | ---D | C] -- C:\windows\System32\WindowsPowerShell
[2012/01/08 16:39:05 | 000,000,000 | ---D | C] -- C:\windows\$968930Uinstall_KB968930$
[2012/01/08 16:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2012/01/08 16:35:34 | 000,000,000 | ---D | C] -- C:\windows\System32\GroupPolicy
[2012/01/03 01:46:54 | 000,000,000 | ---D | C] -- C:\samples
[2011/12/30 16:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\FLAC
[2011/12/30 16:22:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FLAC
[2011/12/27 01:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Badoo
[2010/08/25 02:04:04 | 000,137,216 | ---- | C] ( ) -- C:\windows\System32\drivers\d344bus.sys
[2010/08/25 02:04:04 | 000,005,248 | ---- | C] ( ) -- C:\windows\System32\drivers\d344prt.sys
[2008/03/20 14:35:52 | 000,034,816 | ---- | C] ( ) -- C:\windows\System32\a3d.dll
[2008/03/20 14:19:40 | 000,012,800 | ---- | C] ( ) -- C:\windows\System32\killapps.exe
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Documents and Settings\thumb\*.tmp files -> C:\Documents and Settings\thumb\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/01/24 00:28:57 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/23 11:30:58 | 000,011,564 | ---- | M] () -- C:\windows\System32\DVCState-{00000001-00000000-00000006-00001102-00000008-40021102}.rfx
[2012/01/23 11:30:58 | 000,001,104 | ---- | M] () -- C:\windows\System32\BMXCtrlState-{00000001-00000000-00000006-00001102-00000008-40021102}.rfx
[2012/01/23 11:30:58 | 000,001,104 | ---- | M] () -- C:\windows\System32\BMXBkpCtrlState-{00000001-00000000-00000006-00001102-00000008-40021102}.rfx
[2012/01/23 11:30:58 | 000,000,064 | ---- | M] () -- C:\windows\System32\BMXStateBkp-{00000001-00000000-00000006-00001102-00000008-40021102}.rfx
[2012/01/23 11:30:58 | 000,000,064 | ---- | M] () -- C:\windows\System32\BMXState-{00000001-00000000-00000006-00001102-00000008-40021102}.rfx
[2012/01/22 23:50:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thumb\Desktop\OTL.exe
[2012/01/22 03:30:25 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/01/22 02:55:27 | 000,000,000 | -HS- | M] () -- C:\windows\System32\dds_log_trash.cmd
[2012/01/22 02:24:19 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\thumb\Desktop\aswMBR.exe
[2012/01/22 02:07:38 | 004,388,509 | R--- | M] (Swearware) -- C:\Documents and Settings\thumb\Desktop\ComboFix.exe
[2012/01/21 21:24:57 | 003,587,696 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/01/21 20:30:06 | 000,000,021 | ---- | M] () -- C:\windows\tpcsd
[2012/01/21 19:59:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/21 18:09:12 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2012/01/19 01:56:22 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\thumb\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2012/01/17 13:49:14 | 000,033,492 | ---- | M] () -- C:\JimFitzpatrick-Che-1968.jpg
[2012/01/15 23:23:21 | 000,028,906 | ---- | M] () -- C:\Parks and Recreation.1.torrent
[2012/01/13 04:40:57 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\thumb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/13 02:18:07 | 000,011,489 | ---- | M] () -- C:\The_Increasingly_Poor_Decisions_of_Todd_Margaret_Season_1.torrent
[2012/01/11 02:31:45 | 000,135,256 | ---- | M] () -- C:\windows\System32\nvdrsdb0.bin
[2012/01/11 02:31:45 | 000,000,001 | ---- | M] () -- C:\windows\System32\nvdrssel.bin
[2012/01/10 02:09:57 | 000,135,252 | ---- | M] () -- C:\windows\System32\nvdrsdb1.bin
[2012/01/08 17:15:27 | 000,525,866 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/01/08 17:15:27 | 000,095,722 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/01/08 16:40:08 | 000,000,575 | ---- | M] () -- C:\windows\imsins.BAK
[2012/01/05 02:51:59 | 000,067,906 | ---- | M] () -- C:\av-61.gif
[2012/01/03 01:12:22 | 000,025,310 | ---- | M] () -- C:\Terriers.Season.1.HDTVRip [Funnyguy263].torrent
[2011/12/30 23:24:19 | 000,000,000 | -H-- | M] () -- C:\descript.ion
[2011/12/30 16:22:14 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FLAC Frontend.lnk
[2011/12/27 01:54:28 | 000,001,100 | ---- | M] () -- C:\Documents and Settings\thumb\Desktop\Badoo.Desktop.lnk
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Documents and Settings\thumb\*.tmp files -> C:\Documents and Settings\thumb\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/01/22 03:03:08 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/01/22 03:03:08 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/01/22 03:03:08 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/01/22 03:03:08 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/01/22 03:03:08 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/01/21 20:30:06 | 000,000,021 | ---- | C] () -- C:\windows\tpcsd
[2012/01/21 20:10:07 | 000,000,000 | -HS- | C] () -- C:\windows\System32\dds_log_trash.cmd
[2012/01/21 19:59:14 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/17 13:49:13 | 000,033,492 | ---- | C] () -- C:\JimFitzpatrick-Che-1968.jpg
[2012/01/17 01:15:23 | 000,028,906 | ---- | C] () -- C:\Parks and Recreation.1.torrent
[2012/01/13 02:18:06 | 000,011,489 | ---- | C] () -- C:\The_Increasingly_Poor_Decisions_of_Todd_Margaret_Season_1.torrent
[2012/01/05 02:51:57 | 000,067,906 | ---- | C] () -- C:\av-61.gif
[2012/01/03 01:12:21 | 000,025,310 | ---- | C] () -- C:\Terriers.Season.1.HDTVRip [Funnyguy263].torrent
[2011/12/30 16:22:14 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FLAC Frontend.lnk
[2011/12/27 01:54:28 | 000,001,100 | ---- | C] () -- C:\Documents and Settings\thumb\Desktop\Badoo.Desktop.lnk
[2011/12/27 01:54:27 | 000,001,306 | ---- | C] () -- C:\Documents and Settings\thumb\Start Menu\Programs\Badoo Desktop.lnk
[2011/12/15 05:39:42 | 000,042,392 | ---- | C] () -- C:\windows\System32\xfcodec.dll
[2011/08/20 10:52:44 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\thumb\Application Data\Adobe IllExport Filter CS5 Prefs
[2011/05/06 15:35:30 | 004,369,408 | ---- | C] () -- C:\windows\System32\pdftk.exe
[2011/05/06 15:35:30 | 001,503,232 | ---- | C] () -- C:\windows\System32\ptj.exe
[2011/05/06 15:35:30 | 001,103,360 | ---- | C] () -- C:\windows\System32\cidfont.dll
[2011/04/23 16:49:08 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll
[2011/04/23 16:49:08 | 000,036,608 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys
[2011/03/27 23:32:42 | 000,179,713 | ---- | C] () -- C:\windows\LOOP.EXE
[2011/02/02 00:07:45 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\thumb\Application Data\Adobe BMP Format CS5 Prefs
[2011/01/29 02:21:29 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\thumb\Application Data\VoiceSFX.ini
[2011/01/29 02:21:04 | 000,000,066 | ---- | C] () -- C:\windows\System32\MASHTWTY.SYS
[2011/01/16 04:06:05 | 000,000,191 | ---- | C] () -- C:\windows\wcpfrep.ini
[2010/10/15 21:24:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\thumb\Application Data\AVSDVDPlayer.m3u
[2010/10/15 18:52:36 | 000,645,632 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2010/10/15 18:52:36 | 000,240,640 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2010/09/18 15:26:29 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\thumb\Application Data\$_hpcst$.hpc
[2010/09/16 11:42:02 | 000,000,034 | ---- | C] () -- C:\windows\System32\mnprxpd2c.bin
[2010/09/05 22:19:09 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\thumb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/29 23:20:22 | 000,354,816 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2010/08/26 15:18:28 | 002,494,464 | ---- | C] () -- C:\windows\AF_Osc.dat
[2010/08/25 15:25:34 | 000,086,016 | ---- | C] () -- C:\windows\System32\SYNSOPOS.exe
[2010/08/25 13:56:04 | 000,000,016 | ---- | C] () -- C:\windows\System32\msvcsv60.dll
[2010/08/25 13:56:04 | 000,000,016 | ---- | C] () -- C:\windows\msocreg32.dat
[2010/08/25 13:47:20 | 000,163,840 | ---- | C] () -- C:\windows\System32\ArtFfct.dll
[2010/08/25 13:36:22 | 000,002,892 | ---- | C] () -- C:\windows\System32\audcon.sys
[2010/08/25 13:36:08 | 000,000,045 | ---- | C] () -- C:\windows\System32\SYNSOPOS.exe.cfg
[2010/08/25 02:13:01 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2010/08/25 02:11:39 | 003,587,696 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2010/08/25 01:26:39 | 000,096,384 | ---- | C] () -- C:\windows\System32\drivers\sptd3821.sys
[2010/08/25 01:23:41 | 000,335,872 | ---- | C] () -- C:\windows\System32\ldf252.dll
[2010/08/25 01:05:21 | 000,001,542 | ---- | C] () -- C:\windows\WINCMD.INI
[2010/08/25 01:04:35 | 000,002,560 | ---- | C] () -- C:\windows\CTXFIRES.DLL
[2010/08/25 01:01:29 | 000,135,256 | ---- | C] () -- C:\windows\System32\nvdrsdb0.bin
[2010/08/25 01:01:27 | 000,135,252 | ---- | C] () -- C:\windows\System32\nvdrsdb1.bin
[2010/08/25 01:01:27 | 000,000,001 | ---- | C] () -- C:\windows\System32\nvdrssel.bin
[2010/08/25 00:42:37 | 000,049,152 | R--- | C] () -- C:\windows\System32\ChCfg.exe
[2010/08/25 00:40:37 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2010/08/25 00:40:28 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2010/08/25 00:37:02 | 000,001,732 | R--- | C] () -- C:\windows\System32\drivers\nvphy.bin
[2010/08/25 00:36:32 | 000,015,374 | ---- | C] () -- C:\windows\Ascd_log.ini
[2010/08/25 00:36:23 | 000,005,810 | R--- | C] () -- C:\windows\System32\drivers\ASACPI.sys
[2010/08/25 00:36:22 | 000,015,133 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2010/08/25 00:36:11 | 000,012,536 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010/08/25 00:31:22 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2010/08/25 00:20:10 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2010/08/25 00:19:33 | 000,052,836 | ---- | C] () -- C:\windows\System32\zlib1.dll
[2010/08/25 00:19:25 | 000,162,304 | ---- | C] () -- C:\windows\System32\libpng13.dll
[2010/08/08 05:52:53 | 000,000,202 | ---- | C] () -- C:\windows\msmmdx9.ini
[2010/03/10 20:53:59 | 000,000,382 | ---- | C] () -- C:\windows\System32\Oeminfo.ini
[2009/03/20 18:31:36 | 004,425,326 | ---- | C] () -- C:\windows\System32\libavcodec.dll
[2009/03/19 22:36:48 | 000,557,469 | ---- | C] () -- C:\windows\System32\libmplayer.dll
[2009/03/02 20:10:48 | 000,079,872 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2009/03/02 20:10:22 | 000,098,304 | ---- | C] () -- C:\windows\System32\ff_wmv9.dll
[2009/03/02 17:19:36 | 000,183,296 | ---- | C] () -- C:\windows\System32\ff_samplerate.dll
[2009/03/02 17:19:30 | 000,178,688 | ---- | C] () -- C:\windows\System32\ff_libmad.dll
[2009/03/02 17:19:14 | 000,113,152 | ---- | C] () -- C:\windows\System32\ff_unrar.dll
[2009/03/02 17:18:32 | 000,257,024 | ---- | C] () -- C:\windows\System32\ff_libdts.dll
[2009/03/02 17:18:28 | 000,142,848 | ---- | C] () -- C:\windows\System32\ff_liba52.dll
[2009/03/02 15:54:20 | 000,328,334 | ---- | C] () -- C:\windows\System32\ff_kernelDeint.dll
[2009/03/02 15:45:14 | 000,146,098 | ---- | C] () -- C:\windows\System32\libmpeg2_ff.dll
[2009/03/02 15:42:54 | 000,425,040 | ---- | C] () -- C:\windows\System32\TomsMoComp_ff.dll
[2009/03/02 15:35:56 | 000,898,465 | ---- | C] () -- C:\windows\System32\ff_x264.dll
[2009/01/10 23:17:32 | 000,163,840 | ---- | C] () -- C:\windows\System32\ts.dll
[2009/01/10 23:16:56 | 000,148,480 | ---- | C] () -- C:\windows\System32\mkx.dll
[2009/01/10 23:16:50 | 000,108,032 | ---- | C] () -- C:\windows\System32\avi.dll
[2009/01/10 23:16:14 | 000,141,312 | ---- | C] () -- C:\windows\System32\mp4.dll
[2009/01/10 23:16:04 | 000,335,872 | ---- | C] () -- C:\windows\System32\gdsmux.exe
[2009/01/10 23:15:54 | 000,120,832 | ---- | C] () -- C:\windows\System32\ogm.dll
[2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\windows\System32\mmfinfo.dll
[2009/01/10 23:15:36 | 000,103,424 | ---- | C] () -- C:\windows\System32\dsmux.exe
[2009/01/10 23:15:32 | 000,102,400 | ---- | C] () -- C:\windows\System32\avss.dll
[2009/01/10 23:15:28 | 000,246,784 | ---- | C] () -- C:\windows\System32\dxr.dll
[2009/01/10 23:15:12 | 000,097,280 | ---- | C] () -- C:\windows\System32\avs.dll
[2009/01/10 23:15:06 | 000,135,168 | ---- | C] () -- C:\windows\System32\mkv2vfr.exe
[2009/01/10 23:14:08 | 000,079,360 | ---- | C] () -- C:\windows\System32\mkzlib.dll
[2009/01/10 23:14:06 | 000,023,552 | ---- | C] () -- C:\windows\System32\mkunicode.dll
[2008/07/09 09:05:24 | 000,020,480 | ---- | C] () -- C:\windows\System32\ac3config.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\windows\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\windows\System32\structuredqueryschema.bin
[2008/04/14 04:55:28 | 000,001,804 | ---- | C] () -- C:\windows\System32\Dcache.bin
[2008/03/20 15:02:24 | 000,097,461 | ---- | C] () -- C:\windows\System32\instwdm.ini
[2008/03/20 15:02:24 | 000,000,054 | ---- | C] () -- C:\windows\System32\ctzapxx.ini
[2008/03/20 14:36:48 | 000,043,520 | ---- | C] () -- C:\windows\System32\CTBurst.dll
[2008/03/20 14:35:06 | 000,041,472 | ---- | C] () -- C:\windows\System32\psconv.exe
[2008/03/20 14:25:22 | 000,325,821 | ---- | C] () -- C:\windows\System32\ctdlang.dat
[2008/03/20 14:25:22 | 000,046,273 | ---- | C] () -- C:\windows\System32\ctdnlstr.dat
[2008/03/20 14:22:24 | 000,016,384 | ---- | C] () -- C:\windows\System32\regplib.exe
[2008/03/20 14:21:58 | 000,149,838 | ---- | C] () -- C:\windows\System32\ctbas2w.dat
[2008/03/20 14:20:12 | 000,274,587 | ---- | C] () -- C:\windows\System32\ctsbas2w.dat
[2008/03/20 14:20:02 | 000,115,166 | ---- | C] () -- C:\windows\System32\CTBASICW.DAT
[2008/03/20 14:20:00 | 000,241,084 | ---- | C] () -- C:\windows\System32\CTSBASW.DAT
[2008/03/20 14:19:44 | 000,313,207 | ---- | C] () -- C:\windows\System32\ctstatic.dat
[2008/03/20 14:19:44 | 000,053,932 | ---- | C] () -- C:\windows\System32\ctdaught.dat
[2008/03/20 14:19:42 | 000,007,680 | ---- | C] () -- C:\windows\System32\enlocstr.exe
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\windows\System32\Registration.ini
[2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2006/10/02 16:25:18 | 000,000,307 | ---- | C] () -- C:\windows\System32\kill.ini
[2005/06/16 17:17:16 | 000,071,680 | ---- | C] () -- C:\windows\System32\ctmmactl.dll
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
[2001/08/23 13:00:00 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2001/08/23 13:00:00 | 000,525,866 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2001/08/23 13:00:00 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2001/08/23 13:00:00 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2001/08/23 13:00:00 | 000,095,722 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2001/08/23 13:00:00 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2001/08/23 13:00:00 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\windows\System32\oembios.dat
[2001/08/23 13:00:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/10/21 13:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EmuPatchMixDSP
[2010/08/25 01:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/08/25 14:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arturia
[2011/12/27 01:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Badoo
[2011/01/22 01:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Celemony Software GmbH
[2010/08/25 15:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eLicenser
[2010/08/25 01:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/11/13 02:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/11/11 17:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KORG
[2010/10/18 21:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2010/08/26 01:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2010/08/26 01:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/04/23 16:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/09/30 18:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Slate Digital
[2010/08/25 02:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steinberg
[2010/08/25 13:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2011/01/22 00:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temporary
[2010/08/26 02:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/08/25 13:30:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7D55A338-9946-4B03-9D84-8FD1472DA229}
[2011/01/21 18:39:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C2686527-0D57-4F0B-ADAB-EE203CA30FC6}
[2011/05/20 14:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Softland
[2010/10/23 14:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Steinberg
[2010/08/25 01:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\ACD Systems
[2011/01/22 00:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Antares
[2011/12/07 14:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Audacity
[2011/09/04 15:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Azureus
[2010/10/16 02:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\BSplayer
[2010/10/16 00:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\BSplayer Pro
[2010/10/23 14:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Daichi
[2011/12/08 02:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Dropbox
[2010/08/25 01:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\EmuPatchMixDSP
[2011/01/15 02:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\FabFilter
[2011/03/27 23:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\fltk.org
[2010/08/26 14:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Foxit Software
[2010/11/13 02:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\GARMIN
[2011/10/09 22:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\GetRight Pro
[2010/10/19 21:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\HateML
[2010/09/19 01:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\iZotope
[2011/11/11 18:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\KORG
[2010/08/25 01:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Leadertech
[2010/10/18 21:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Locktime
[2011/03/21 03:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\MixVibes
[2011/04/11 00:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Opera
[2010/08/26 01:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\PACE Anti-Piracy
[2010/08/26 23:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Publish Providers
[2011/04/23 19:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Samsung
[2010/12/31 21:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Schism Tracker
[2011/05/20 14:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Softland
[2010/08/26 23:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Sony
[2011/06/18 04:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/25 02:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Steinberg
[2010/10/15 18:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Thinstall
[2010/11/13 19:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Trillian
[2010/10/20 16:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\TS3Client
[2012/01/22 14:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\uTorrent
[2010/12/25 04:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\VST3 Presets
[2011/01/15 02:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Waves
[2010/08/26 01:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Waves Audio
[2011/01/15 02:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\Waves Preferences
[2011/10/19 12:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thumb\Application Data\XnView
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: APPHELP.SDB  >[/color]
[2008/04/14 04:45:22 | 000,218,134 | ---- | M] () MD5=C678EFEF7E41BA49EDD9C19D604721D9 -- C:\WINDOWS\AppPatch\apphelp.sdb
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 1291 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:nMsL6MbtxfhFPkoAi8RLTxRv
@Alternate Data Stream - 1256 bytes -> C:\Program Files\Common Files\System:fUpAvm7wHRKDpekHg

< End of report >

Attached File  Minidump.zip   41.76KB   118 downloads
  • 0

#13
Essexboy
Posted 24 January 2012 - 02:06 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets continue - you do not have a spare of apphelp.dll ... But I do
Download the attached zip file and extract apphelp.dll to your c:\windows\system32 folder


The crashes refer to your network card - have they re-occured ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-1078081533-1957994488-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 87.255.6.117:80
    FF - prefs.js..network.proxy.http: "176.9.1.72"
    FF - prefs.js..network.proxy.http_port: 80
    FF - prefs.js..network.proxy.type: 4
    @Alternate Data Stream - 1291 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:nMsL6MbtxfhFPkoAi8RLTxRv
    @Alternate Data Stream - 1256 bytes -> C:\Program Files\Common Files\System:fUpAvm7wHRKDpekHg

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

ONCE DONE

We will use a small tool to repair the system - you can skip the disc check iif you wish

Download Windows Repair (all in one) from this site

Install the programme then run

Go to step 2 and allow it to run Disc check
Posted Image

Once that is done then go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab select advanced mode and click start
Posted Image

Select the items ticked (remove the ticks from the rest ) and tick restart system when finished



Once complete could you let me know of any outstanding problems
  • 0

#14
Toris Badic
Posted 24 January 2012 - 09:06 PM

Toris Badic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
otl run fix didn't work again. i waited 45 mins and it was stuck on "killing processes" again. hdd was blinking like once in 3 mins. i disabled malware bytes and nod too but it was the same again. i'll let it run tomorrow before i go to work. maybe it needs like 2 hours to kill processes, which i really doubt.
  • 0

#15
Essexboy
Posted 25 January 2012 - 01:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No it is malwarebytes - lets change the script so that MBAM doesn't feel threatened

:OTL
IE - HKU\S-1-5-21-1078081533-1957994488-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 87.255.6.117:80
FF - prefs.js..network.proxy.http: "176.9.1.72"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 4
@Alternate Data Stream - 1291 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:nMsL6MbtxfhFPkoAi8RLTxRv
@Alternate Data Stream - 1256 bytes -> C:\Program Files\Common Files\System:fUpAvm7wHRKDpekHg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[CREATERESTOREPOINT]
[Reboot]


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP