Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan horse hider, win32 lebag win32 heur I'm riddled HELP [Close

Started by nobbyburton , Mar 09 2012 02:02 PM

  • This topic is locked This topic is locked

#76
nobbyburton
Posted 12 March 2012 - 04:19 PM

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 11-03-2012
Ran by SYSTEM at 2012-03-13 02:17:00 R:1
Running from I:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit Value was restored.
HKEY_USERS\Andy & Joanna\Software\Microsoft\Windows\CurrentVersion\Run\\HorAtbfq Value deleted successfully.
HKEY_USERS\Andy & Joanna\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer Value deleted successfully.
C:\4Ex8PA3 moved successfully.
C:\Documents and Settings\Andy & Joanna\Desktop\4Ex8PA3 moved successfully.
C:\Documents and Settings\Andy & Joanna\4Ex8PA3 moved successfully.
C:\Windows\System32\4Ex8PA3 moved successfully.
C:\Windows\System32\idLl3SAc moved successfully.
C:\horatbfq.exe moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\wbjpxoag.log moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\bpcfdxwe.log moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\uisvlpvd.log moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\nypmwsbh.log moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\kgoulhud.log moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\esuqgaqj.log moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ipurrakp.log moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\jgyfnwrm.log moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\yiangwkb moved successfully.
C:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\dahfnjdl.log moved successfully.
C:\Windows\System32\a7nkjz3 moved successfully.
C:\Windows\System32\cRrO623 moved successfully.
C:\Windows\System32\a2JGu23 moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\ghengwic.log moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\wbjpxoag.log moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\uisvlpvd.log moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\bpcfdxwe.log moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\ipurrakp.log moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\kgoulhud.log moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\jgyfnwrm.log moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\nypmwsbh.log moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\esuqgaqj.log moved successfully.
C:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\kgoulhud.log moved successfully.
C:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\wbjpxoag.log moved successfully.
C:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\bpcfdxwe.log moved successfully.
C:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\uisvlpvd.log moved successfully.
C:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\ipurrakp.log moved successfully.
C:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\jgyfnwrm.log moved successfully.
C:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\yiangwkb moved successfully.
C:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\nypmwsbh.log moved successfully.
C:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\esuqgaqj.log moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\yiangwkb not found.
C:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\yiangwkb not found.

==== End of Fixlog ====
  • 0

Advertisements

#77
Essexboy
Posted 12 March 2012 - 04:31 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now retry the normal windows please .. If it fails run a FSRT scan again so that I can confirm the registry data was changed
  • 0

#78
nobbyburton
Posted 12 March 2012 - 04:42 PM

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
No joy, same stupid dialog box comes up after xp boots and I get my desktop background and then the user menu for Andy & Joanna and when I select Andy & Joanna it just logs off and goes back to user menu, did notice every time it boots is that there is a list of 3 windows operating systems and it defaults to the first one which is windows xp professional but the othern2 are recovery console and Microsoft windows xp professional, is this nOrmal
  • 0

#79
Essexboy
Posted 12 March 2012 - 04:45 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Select the other XP professional to the one you first selected and see if that lets you in
  • 0

#80
nobbyburton
Posted 12 March 2012 - 04:51 PM

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
Will run frst scan first as halfway through and reboot takes a while with disk
  • 0

#81
nobbyburton
Posted 12 March 2012 - 04:53 PM

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 11-03-2012
Ran by SYSTEM at 13-03-2012 03:46:36
Running from I:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Gainward] H:\Program Files\XpertVision\TBPanel.exe /A [2165256 2007-11-01] (Xpertvision, Inc.)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup [8491008 2007-09-16] (NVIDIA Corporation)
HKLM\...\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [161328 2007-05-04] (Nero AG)
HKLM\...\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [56928 2006-11-23] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] "H:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [54832 2006-12-05] ()
HKLM\...\Run: [VX3000] H:\WINDOWS\vVX3000.exe [707376 2006-10-13] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] "H:\Program Files\Microsoft LifeCam\LifeExp.exe" [277296 2006-10-13] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] H:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AVG_TRAY] H:\Program Files\AVG\AVG10\avgtray.exe [2339168 2012-01-17] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] "H:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [vProt] "H:\Program Files\AVG Secure Search\vprot.exe" [939872 2012-01-16] ()
HKLM\...\Run: [APSDaemon] "H:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM\...\Run: [ROC_roc_dec12] "H:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [928096 2012-01-16] ()
HKLM\...\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM\...\Run: [MSConfig] H:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto [169984 2008-04-13] (Microsoft Corporation)
HKU\Andy & Joanna\...\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Andy & Joanna\...\Run: [H/PC Connection Agent] "H:\Program Files\Microsoft ActiveSync\wcescomm.exe" [1289000 2006-11-13] (Microsoft Corporation)
HKU\Andy & Joanna\...\Run: [swg] "H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-01-27] (Google Inc.)
HKU\Andy & Joanna\...\Policies\system: [disableregistrytools] 0
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 90.207.238.97 90.207.238.99
Tcpip\..\Interfaces\{DF4B3AC5-15D4-4328-9E55-47F62CFD92A1}: [NameServer]192.168.0.1

================================ Services (Whitelisted) ==================

4 Alerter; C:\Windows\System32\svchost.exe -k LocalService [14336 2008-04-13] (Microsoft Corporation)
3 AppMgmt; C:\Windows\System32\svchost.exe -k netsvcs [14336 2008-04-13] (Microsoft Corporation)
3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
2 AVGIDSAgent; "C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
3 BITS; C:\Windows\System32\svchost.exe -k netsvcs [14336 2008-04-13] (Microsoft Corporation)
2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.)
2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-12] (Creative Technology Ltd)
3 EapHost; C:\Windows\System32\svchost.exe -k eapsvcs [14336 2008-04-13] (Microsoft Corporation)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [135664 2010-02-02] (Google Inc.)
3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [135664 2010-02-02] (Google Inc.)
3 hkmsvc; C:\Windows\System32\svchost.exe -k netsvcs [14336 2008-04-13] (Microsoft Corporation)
2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [322120 2003-06-19] (Microsoft Corporation)
4 Messenger; C:\Windows\System32\svchost.exe -k netsvcs [14336 2008-04-13] (Microsoft Corporation)
3 napagent; C:\Windows\System32\svchost.exe -k netsvcs [14336 2008-04-13] (Microsoft Corporation)
3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [267824 2007-05-04] (Nero AG)
2 TeamViewer4; "C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe" -service [185640 2009-01-28] (TeamViewer GmbH)
3 upnphost; C:\Windows\System32\svchost.exe -k LocalService [14336 2008-04-13] (Microsoft Corporation)
2 vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [909152 2012-01-16] ()
3 WmdmPmSN; C:\Windows\System32\svchost.exe -k netsvcs [14336 2008-04-13] (Microsoft Corporation)
3 xmlprov; C:\Windows\System32\svchost.exe -k netsvcs [14336 2008-04-13] (Microsoft Corporation)
2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [x]
3 HTTPFilter; C:\Windows\System32\w3ssl.dll [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

========================== Drivers (Whitelisted) =============

1 2278046drv; C:\Windows\System32\DRIVERS\2278046drv.sys [475736 2012-03-09] (Kaspersky Lab)
0 54823927; C:\Windows\System32\DRIVERS\54823927.sys [133208 2012-03-09] (Kaspersky Lab ZAO)
3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [141312 2005-10-05] (Analog Devices, Inc.)
3 AEAudioService; C:\Windows\System32\drivers\AEAudio.sys [127872 2005-03-04] (Andrea Electronics Corporation)
2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [20747 2008-01-05] (Meetinghouse Data Communications)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. )
3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [27216 2011-02-10] (AVG Technologies CZ, s.r.o. )
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [248656 2011-01-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-04] (AVG Technologies CZ, s.r.o.)
3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [371712 2005-02-11] (Broadcom Corporation)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
2 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [9856 2004-07-28] (Elaborate Bytes AG)
3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [3968 2004-06-08] (Elaborate Bytes AG)
2 fssfltr; C:\Windows\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)
3 gameenum; C:\Windows\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [145920 2004-10-27] (Windows ® Server 2003 DDK provider)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-03-08] (HP)
3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-03-08] (HP)
3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-03-08] (HP)
3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [24216 2010-03-10] (Initio Corporation)
3 Jukebox3; C:\Windows\System32\DRIVERS\ctpdusb.sys [17280 2006-01-18] (Creative Technology Ltd.)
3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfd.sys [18816 2008-08-26] (Nokia)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2006-02-28] (Parallel Technologies, Inc.)
3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [82048 2006-03-13] (Realtek Semiconductor Corporation )
3 SE26bus; C:\Windows\System32\DRIVERS\SE26bus.sys [61600 2006-05-01] (MCCI)
3 SE26mdfl; C:\Windows\System32\DRIVERS\SE26mdfl.sys [9360 2006-05-01] (MCCI)
3 SE26mdm; C:\Windows\System32\DRIVERS\SE26mdm.sys [97184 2006-05-01] (MCCI)
3 SE26mgmt; C:\Windows\System32\DRIVERS\SE26mgmt.sys [88688 2006-05-01] (MCCI)
3 se26nd5; C:\Windows\System32\DRIVERS\se26nd5.sys [18704 2006-05-01] (MCCI)
3 SE26obex; C:\Windows\System32\DRIVERS\SE26obex.sys [86560 2006-05-01] (MCCI)
3 se26unic; C:\Windows\System32\DRIVERS\se26unic.sys [90768 2006-05-01] (MCCI)
3 SenFiltService; C:\Windows\System32\drivers\Senfilt.sys [393088 2005-08-11] (Sensaura)
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
2 TBPanel; C:\Windows\System32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows ® 2000 DDK provider)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8192 2010-02-26] (Nokia)
3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [12800 2008-04-13] (Microsoft Corporation)
3 VX3000; C:\Windows\System32\DRIVERS\VX3000.sys [1966384 2006-10-13] (Microsoft Corporation)
3 w810bus; C:\Windows\System32\DRIVERS\w810bus.sys [58288 2006-02-20] (MCCI)
3 w810mdfl; C:\Windows\System32\DRIVERS\w810mdfl.sys [8336 2006-02-20] (MCCI)
3 w810mdm; C:\Windows\System32\DRIVERS\w810mdm.sys [94064 2006-02-20] (MCCI)
3 w810mgmt; C:\Windows\System32\DRIVERS\w810mgmt.sys [85408 2006-02-20] (MCCI)
3 w810obex; C:\Windows\System32\DRIVERS\w810obex.sys [83344 2006-02-20] (MCCI)
3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
3 ASNDIS5; \??\H:\WINDOWS\system32\ASNDIS5.SYS [x]
4 Atdisk; [x]
3 Cardex; \??\H:\WINDOWS\system32\drivers\TBPANEL.SYS [x]
3 catchme; \??\H:\DOCUME~1\ANDY&J~1\LOCALS~1\Temp\catchme.sys [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
3 MBAMSwissArmy; \??\H:\WINDOWS\system32\drivers\mbamswissarmy.sys [x]
1 mdf15; \??\H:\Program Files\Clarus\Samsung SecretZone\mdf15.sys [x]
4 mraid35x; [x]
1 mvd20; \??\H:\Program Files\Clarus\Samsung SecretZone\mvd20.sys [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
2 PfModNT; \??\H:\WINDOWS\system32\drivers\PfModNT.sys [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WDICA; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-03-12 22:34 - 2012-03-12 22:34 - 0098368 ___AH C:\Windows\System32\4Ex8PA3
2012-03-12 01:46 - 2012-03-12 01:51 - 0000000 ____D C:\FRST
2012-03-11 22:39 - 2012-03-12 00:35 - 0118428 ____A C:\OTL.Txt
2012-03-10 21:07 - 2012-03-09 13:09 - 0475736 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\2278046drv.sys
2012-03-10 21:07 - 2012-03-09 13:09 - 0133208 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\54823927.sys
2012-03-10 19:11 - 2012-03-10 19:11 - 0000838 ____A C:\Documents and Settings\Andy & Joanna\Start Menu\Programs\Startup\_uninst_11160100.lnk
2012-03-10 16:51 - 2012-03-10 16:51 - 0000000 RASHD C:\cmdcons
2012-03-10 16:51 - 2008-01-03 18:13 - 0000210 ____A C:\Boot.bak
2012-03-10 16:51 - 2004-08-03 19:00 - 0260272 _RASH C:\cmldr
2012-03-10 16:48 - 2012-03-10 19:17 - 0000000 ___SD C:\ComboFix
2012-03-10 16:39 - 2012-03-10 18:21 - 0000000 ___SD C:\32788R22FWJFW
2012-03-10 16:38 - 2012-03-10 16:38 - 0000000 ____D C:\Windows\ERDNT
2012-03-10 16:38 - 2012-03-10 16:38 - 0000000 ____D C:\Qoobox
2012-03-10 13:18 - 2012-03-10 13:19 - 0070248 ____A C:\TDSSKiller.2.7.19.0_10.03.2012_17.18.00_log.txt
2012-03-10 13:08 - 2012-03-10 13:09 - 0063642 ____A C:\TDSSKiller.2.7.19.0_10.03.2012_17.08.32_log.txt
2012-03-09 20:07 - 2012-03-09 20:09 - 0070580 ____A C:\TDSSKiller.2.7.19.0_10.03.2012_00.07.38_log.txt
2012-03-09 18:33 - 2012-03-09 18:33 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-03-09 18:31 - 2012-03-09 18:33 - 0070580 ____A C:\TDSSKiller.2.7.19.0_09.03.2012_22.31.44_log.txt
2012-03-09 18:16 - 2012-03-09 18:16 - 0000000 ____D C:\_OTL
2012-03-09 16:41 - 2012-03-09 16:42 - 0000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar
2012-03-09 16:41 - 2012-03-09 16:41 - 0000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2012-03-09 16:41 - 2012-03-09 16:41 - 0000000 ____D C:\Documents and Settings\LocalService\Application Data\Google
2012-03-09 16:41 - 2012-03-09 16:41 - 0000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2012-03-09 15:55 - 2012-03-09 15:57 - 0004144 ____A C:\TDSSKiller.2.7.19.0_09.03.2012_19.55.35_log.txt
2012-03-09 15:54 - 2012-03-09 15:55 - 0062406 ____A C:\TDSSKiller.2.7.19.0_09.03.2012_19.54.31_log.txt
2012-03-07 19:31 - 2012-03-07 19:31 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-03-07 18:59 - 2012-03-07 18:59 - 0020003 ____A C:\Documents and Settings\Andy & Joanna\My Documents\hijackthis.log
2012-03-07 18:27 - 2012-03-07 18:27 - 0000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-16 18:40 - 2012-02-16 18:40 - 0000000 __HDC C:\Windows\$NtUninstallKB2660465$
2012-02-16 18:37 - 2012-02-16 18:38 - 0006654 ____A C:\Windows\KB2661637.log
2012-02-16 18:37 - 2012-02-16 18:37 - 0000000 __HDC C:\Windows\$NtUninstallKB2661637$
2012-02-16 15:57 - 2012-02-16 18:40 - 0212330 ____A C:\Windows\KB2647516-IE7.log
2012-02-16 15:57 - 2012-02-16 18:40 - 0131362 ____A C:\Windows\KB2660465.log
2012-02-16 15:55 - 2012-01-11 15:06 - 0003072 ____N C:\Windows\System32\iacenc.dll
2012-02-16 15:55 - 2012-01-11 15:06 - 0003072 ____C C:\Windows\System32\dllcache\iacenc.dll

============ 3 Months Modified Files and Folders ===============

2012-03-12 22:36 - 2008-01-03 19:39 - 0000278 __ASH C:\Documents and Settings\Andy & Joanna\ntuser.ini
2012-03-12 22:36 - 2008-01-03 19:39 - 0000062 __ASH C:\Documents and Settings\Andy & Joanna\Local Settings\desktop.ini
2012-03-12 22:36 - 2008-01-03 19:38 - 0032528 ____A C:\Windows\SchedLgU.Txt
2012-03-12 22:36 - 2008-01-03 19:38 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-12 22:36 - 2008-01-03 19:30 - 1640212 ____A C:\Windows\WindowsUpdate.log
2012-03-12 22:36 - 2008-01-03 18:19 - 0000275 ____A C:\Windows\wiadebug.log
2012-03-12 22:36 - 2008-01-03 18:19 - 0000049 ____A C:\Windows\wiaservc.log
2012-03-12 22:34 - 2012-03-12 22:34 - 0098368 ___AH C:\Windows\System32\4Ex8PA3
2012-03-12 22:34 - 2008-01-03 19:38 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-03-12 22:34 - 2008-01-03 19:34 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-03-12 22:34 - 2006-02-28 08:00 - 0013646 ____A C:\Windows\System32\wpa.dbl
2012-03-12 01:51 - 2012-03-12 01:46 - 0000000 ____D C:\FRST
2012-03-12 00:35 - 2012-03-11 22:39 - 0118428 ____A C:\OTL.Txt
2012-03-11 17:14 - 2010-07-19 16:48 - 0199926 ___AC C:\Windows\ntbtlog.txt
2012-03-11 14:02 - 2010-02-02 17:17 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-03-11 14:01 - 2009-07-23 17:23 - 0000250 ____A C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job
2012-03-11 14:00 - 2009-01-20 20:17 - 0000458 ____A C:\Windows\Tasks\ParetoLogic Registration.job
2012-03-11 13:58 - 2008-01-03 18:13 - 0000364 _RASH C:\boot.ini
2012-03-11 13:47 - 2010-12-06 16:43 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-03-11 05:16 - 2006-02-28 08:00 - 0000663 ____A C:\Windows\win.ini
2012-03-11 05:16 - 2006-02-28 08:00 - 0000227 ____A C:\Windows\system.ini
2012-03-11 05:12 - 2008-01-03 19:59 - 0000558 ____A C:\Windows\DFC.INI
2012-03-11 04:54 - 2008-03-04 16:57 - 0000000 ___HD C:\Config.Msi
2012-03-11 04:48 - 2011-07-10 14:02 - 0000000 ___RD C:\Documents and Settings\Andy & Joanna\My Documents\Dropbox
2012-03-11 04:48 - 2011-07-10 14:00 - 0000000 ____D C:\Documents and Settings\Andy & Joanna\Application Data\Dropbox
2012-03-11 04:47 - 2009-11-04 10:15 - 0574842 ____A C:\Windows\setupapi.log
2012-03-11 04:46 - 2010-02-02 17:17 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-10 21:08 - 2010-07-19 16:54 - 0040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-03-10 21:02 - 2010-12-06 16:43 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\AVG10
2012-03-10 20:59 - 2010-08-04 15:26 - 0000000 ____D C:\Program Files\PC Connectivity Solution
2012-03-10 20:59 - 2009-12-20 16:13 - 0000000 ____D C:\Program Files\QuickTime
2012-03-10 20:59 - 2008-09-10 15:26 - 0000000 ____D C:\Program Files\Championship Manager 01-02
2012-03-10 20:59 - 2008-01-29 16:53 - 0000000 ____D C:\Program Files\EPSON Print CD
2012-03-10 20:59 - 2008-01-25 17:54 - 0000000 ____D C:\Program Files\Common Files\LightScribe
2012-03-10 20:59 - 2008-01-03 19:44 - 0000000 ____D C:\Program Files\XpertVision
2012-03-10 20:59 - 2008-01-03 19:28 - 0000000 ____D C:\Program Files\Messenger
2012-03-10 20:59 - 2008-01-03 18:07 - 0000000 ____D C:\Windows\System32\usmt
2012-03-10 19:40 - 2011-04-14 06:21 - 0000000 ____D C:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\Bonusprint
2012-03-10 19:35 - 2008-03-21 13:57 - 0000000 ____D C:\Documents and Settings\Andy & Joanna\Application Data\HPAppData
2012-03-10 19:17 - 2012-03-10 16:48 - 0000000 ___SD C:\ComboFix
2012-03-10 19:15 - 2008-01-26 08:48 - 0000000 ____D C:\USB Key
2012-03-10 19:11 - 2012-03-10 19:11 - 0000838 ____A C:\Documents and Settings\Andy & Joanna\Start Menu\Programs\Startup\_uninst_11160100.lnk
2012-03-10 18:39 - 2010-11-01 11:55 - 0000000 ____D C:\Documents and Settings\Andy & Joanna\My Documents\Leila
2012-03-10 18:21 - 2012-03-10 16:39 - 0000000 ___SD C:\32788R22FWJFW
2012-03-10 18:21 - 2008-01-25 19:19 - 0000000 ____D C:\Old PC
2012-03-10 18:21 - 2008-01-03 19:34 - 0000000 ___HD C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files
2012-03-10 16:51 - 2012-03-10 16:51 - 0000000 RASHD C:\cmdcons
2012-03-10 16:38 - 2012-03-10 16:38 - 0000000 ____D C:\Windows\ERDNT
2012-03-10 16:38 - 2012-03-10 16:38 - 0000000 ____D C:\Qoobox
2012-03-10 16:35 - 2008-04-11 09:28 - 0000000 ____D C:\Documents and Settings\Andy & Joanna\Application Data\U3
2012-03-10 13:32 - 2008-01-26 09:21 - 0000000 ____D C:\Documents and Settings\Andy & Joanna\My Documents\Torrents
2012-03-10 13:19 - 2012-03-10 13:18 - 0070248 ____A C:\TDSSKiller.2.7.19.0_10.03.2012_17.18.00_log.txt
2012-03-10 13:09 - 2012-03-10 13:08 - 0063642 ____A C:\TDSSKiller.2.7.19.0_10.03.2012_17.08.32_log.txt
2012-03-10 13:08 - 2009-04-15 07:39 - 0018956 ___AC C:\Windows\KB952004.log
2012-03-10 13:06 - 2008-01-03 18:17 - 0526818 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-10 13:04 - 2008-09-25 15:37 - 0000000 __HDC C:\Windows\$NtServicePackUninstall$
2012-03-10 13:00 - 2008-01-03 18:07 - 0000000 ____D C:\Windows\msagent
2012-03-10 13:00 - 2008-01-03 18:07 - 0000000 ____D C:\Windows\ime
2012-03-09 20:09 - 2012-03-09 20:07 - 0070580 ____A C:\TDSSKiller.2.7.19.0_10.03.2012_00.07.38_log.txt
2012-03-09 19:51 - 2008-01-25 19:04 - 0000000 ____D C:\Windows\System32\URTTemp
2012-03-09 19:50 - 2008-01-03 19:29 - 0000000 ____D C:\Windows\System32\Restore
2012-03-09 19:49 - 2008-01-03 18:07 - 0000000 ____D C:\Windows\System32\npp
2012-03-09 19:44 - 2008-01-03 19:27 - 0000000 ____D C:\Windows\System32\Com
2012-03-09 19:43 - 2008-09-25 15:44 - 0000000 ____D C:\Windows\System32\bits
2012-03-09 19:43 - 2008-01-03 19:29 - 0000000 ____D C:\Windows\srchasst
2012-03-09 19:39 - 2008-01-03 18:07 - 0000000 ____D C:\Windows\PeerNet
2012-03-09 19:32 - 2008-01-03 18:07 - 0000000 ____D C:\Windows\Help
2012-03-09 19:11 - 2008-01-03 19:27 - 0000000 ____D C:\Program Files\Windows NT
2012-03-09 19:10 - 2009-07-08 16:41 - 0000000 ____D C:\Program Files\WinAVI Video Converter
2012-03-09 19:10 - 2008-01-29 16:01 - 0000000 ____D C:\Program Files\WinAVIVideoConverter
2012-03-09 19:08 - 2008-01-03 19:29 - 0000000 ____D C:\Program Files\Outlook Express
2012-03-09 19:08 - 2008-01-03 19:29 - 0000000 ____D C:\Program Files\NetMeeting
2012-03-09 19:07 - 2011-08-26 15:26 - 0000000 ____D C:\Program Files\MP3 My MP3 3.1
2012-03-09 19:07 - 2008-01-03 19:29 - 0000000 ____D C:\Program Files\Movie Maker
2012-03-09 18:58 - 2008-01-03 19:29 - 0000000 ____D C:\Program Files\Common Files\System
2012-03-09 18:33 - 2012-03-09 18:33 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-03-09 18:33 - 2012-03-09 18:31 - 0070580 ____A C:\TDSSKiller.2.7.19.0_09.03.2012_22.31.44_log.txt
2012-03-09 18:27 - 2008-01-03 19:39 - 0000000 ___HD C:\Documents and Settings\Andy & Joanna\Local Settings\Temporary Internet Files
2012-03-09 18:27 - 2008-01-03 19:38 - 0000000 __SHD C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
2012-03-09 18:24 - 2008-01-03 18:17 - 0000000 __SHD C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files
2012-03-09 18:22 - 2008-01-05 06:59 - 0000000 __HDC C:\Windows\ie7
2012-03-09 18:21 - 2009-07-04 06:54 - 0000000 __HDC C:\Windows\$NtUninstallWudf01005$
2012-03-09 18:21 - 2008-01-25 17:43 - 0000000 __HDC C:\Windows\$NtUninstallwmp11$
2012-03-09 18:20 - 2011-03-20 08:15 - 0000000 __HDC C:\Windows\$NtUninstallKB971029$
2012-03-09 18:20 - 2010-10-12 17:25 - 0000000 __HDC C:\Windows\$NtUninstallKB982132$
2012-03-09 18:20 - 2010-10-12 17:24 - 0000000 __HDC C:\Windows\$NtUninstallKB979687$
2012-03-09 18:20 - 2010-09-15 15:13 - 0000000 __HDC C:\Windows\$NtUninstallKB975558_WM8$
2012-03-09 18:20 - 2010-09-15 15:12 - 0000000 __HDC C:\Windows\$NtUninstallKB982802$
2012-03-09 18:20 - 2010-09-15 15:11 - 0000000 __HDC C:\Windows\$NtUninstallKB981322$
2012-03-09 18:20 - 2010-08-13 17:23 - 0000000 __HDC C:\Windows\$NtUninstallKB982665$
2012-03-09 18:20 - 2010-08-13 17:23 - 0000000 __HDC C:\Windows\$NtUninstallKB981997$
2012-03-09 18:20 - 2010-06-14 04:14 - 0000000 __HDC C:\Windows\$NtUninstallKB978695_WM9$
2012-03-09 18:20 - 2010-06-14 04:13 - 0000000 __HDC C:\Windows\$NtUninstallKB975562$
2012-03-09 18:20 - 2010-05-11 16:53 - 0000000 __HDC C:\Windows\$NtUninstallKB978542$
2012-03-09 18:20 - 2010-04-16 04:25 - 0000000 __HDC C:\Windows\$NtUninstallKB981349$
2012-03-09 18:20 - 2010-04-13 17:55 - 0000000 __HDC C:\Windows\$NtUninstallKB979309$
2012-03-09 18:20 - 2010-04-13 17:55 - 0000000 __HDC C:\Windows\$NtUninstallKB978601$
2012-03-09 18:20 - 2010-03-11 17:05 - 0000000 __HDC C:\Windows\$NtUninstallKB975561$
2012-03-09 18:20 - 2010-02-10 19:25 - 0000000 __HDC C:\Windows\$NtUninstallKB975713$
2012-03-09 18:20 - 2010-02-10 19:25 - 0000000 __HDC C:\Windows\$NtUninstallKB975560$
2012-03-09 18:20 - 2010-02-10 19:23 - 0000000 __HDC C:\Windows\$NtUninstallKB978706$
2012-03-09 18:20 - 2010-01-12 19:23 - 0000000 __HDC C:\Windows\$NtUninstallKB972270$
2012-03-09 18:20 - 2010-01-12 19:23 - 0000000 __HDC C:\Windows\$NtUninstallKB955759$
2012-03-09 18:20 - 2009-12-25 08:35 - 0000000 __HDC C:\Windows\$NtUninstallKB954708$
2012-03-09 18:20 - 2009-12-13 13:06 - 0000000 __HDC C:\Windows\$NtUninstallKB974318$
2012-03-09 18:20 - 2009-12-13 13:06 - 0000000 __HDC C:\Windows\$NtUninstallKB970430$
2012-03-09 18:20 - 2009-12-13 12:54 - 0000000 __HDC C:\Windows\$NtUninstallKB974392$
2012-03-09 18:20 - 2009-12-13 12:54 - 0000000 __HDC C:\Windows\$NtUninstallKB971737$
2012-03-09 18:20 - 2009-11-26 19:34 - 0000000 __HDC C:\Windows\$NtUninstallKB973687$
2012-03-09 18:20 - 2009-10-15 17:22 - 0000000 __HDC C:\Windows\$NtUninstallKB969059$
2012-03-09 18:20 - 2009-10-15 17:21 - 0000000 __HDC C:\Windows\$NtUninstallKB954155_WM9$
2012-03-09 18:20 - 2009-10-15 17:20 - 0000000 __HDC C:\Windows\$NtUninstallKB974571$
2012-03-09 18:20 - 2009-10-15 17:18 - 0000000 __HDC C:\Windows\$NtUninstallKB975467$
2012-03-09 18:20 - 2009-09-09 10:52 - 0000000 __HDC C:\Windows\$NtUninstallKB968816_WM9$
2012-03-09 18:20 - 2009-09-09 10:51 - 0000000 __HDC C:\Windows\$NtUninstallKB971961$
2012-03-09 18:20 - 2009-08-26 03:05 - 0000000 __HDC C:\Windows\$NtUninstallKB970653-v3$
2012-03-09 18:20 - 2009-08-16 07:12 - 0000000 __HDC C:\Windows\$NtUninstallKB968389$
2012-03-09 18:20 - 2009-08-13 18:36 - 0000000 __HDC C:\Windows\$NtUninstallKB960859$
2012-03-09 18:20 - 2009-08-13 18:35 - 0000000 __HDC C:\Windows\$NtUninstallKB971657$
2012-03-09 18:20 - 2009-08-13 18:35 - 0000000 __HDC C:\Windows\$NtUninstallKB956744$
2012-03-09 18:20 - 2009-08-13 18:34 - 0000000 __HDC C:\Windows\$NtUninstallKB973540_WM9$
2012-03-09 18:20 - 2009-08-13 18:34 - 0000000 __HDC C:\Windows\$NtUninstallKB973354$
2012-03-09 18:20 - 2009-08-13 18:32 - 0000000 __HDC C:\Windows\$NtUninstallKB973815$
2012-03-09 18:20 - 2009-07-15 16:04 - 0000000 __HDC C:\Windows\$NtUninstallKB971633$
2012-03-09 18:20 - 2009-07-15 16:00 - 0000000 __HDC C:\Windows\$NtUninstallKB961371$
2012-03-09 18:20 - 2009-06-23 11:47 - 0000000 __HDC C:\Windows\$NtUninstallKB961501$
2012-03-09 18:20 - 2009-06-23 11:43 - 0000000 __HDC C:\Windows\$NtUninstallKB970238$
2012-03-09 18:20 - 2009-04-15 17:42 - 0000000 __HDC C:\Windows\$NtUninstallKB961373$
2012-03-09 18:20 - 2009-04-15 17:42 - 0000000 __HDC C:\Windows\$NtUninstallKB959426$
2012-03-09 18:20 - 2009-04-15 17:39 - 0000000 __HDC C:\Windows\$NtUninstallKB960803$
2012-03-09 18:20 - 2009-04-15 17:39 - 0000000 __HDC C:\Windows\$NtUninstallKB956572$
2012-03-09 18:20 - 2009-04-15 17:39 - 0000000 __HDC C:\Windows\$NtUninstallKB952004$
2012-03-09 18:20 - 2009-03-11 19:44 - 0000000 __HDC C:\Windows\$NtUninstallKB959772_WM11$
2012-03-09 18:20 - 2008-12-12 19:37 - 0000000 __HDC C:\Windows\$NtUninstallKB955839$
2012-03-09 18:20 - 2008-12-12 19:34 - 0000000 __HDC C:\Windows\$NtUninstallKB952069_WM9$
2012-03-09 18:20 - 2008-12-12 19:33 - 0000000 __HDC C:\Windows\$NtUninstallKB956802$
2012-03-09 18:20 - 2008-11-12 19:12 - 0000000 __HDC C:\Windows\$NtUninstallKB954459$
2012-03-09 18:20 - 2008-11-12 19:11 - 0000000 __HDC C:\Windows\$NtUninstallKB955069$
2012-03-09 18:20 - 2008-10-24 19:07 - 0000000 __HDC C:\Windows\$NtUninstallKB958644$
2012-03-09 18:20 - 2008-09-25 15:48 - 0000000 __HDC C:\Windows\$NtUninstallKB952954$
2012-03-09 18:20 - 2008-09-25 15:48 - 0000000 __HDC C:\Windows\$NtUninstallKB952287$
2012-03-09 18:20 - 2008-09-10 11:42 - 0000000 __HDC C:\Windows\$NtUninstallKB954154_WM11$
2012-03-09 18:20 - 2008-08-12 17:53 - 0000000 __HDC C:\Windows\$NtUninstallKB952954_0$
2012-03-09 18:20 - 2008-08-12 17:51 - 0000000 __HDC C:\Windows\$NtUninstallKB952287_0$
2012-03-09 18:20 - 2008-01-25 17:42 - 0000000 __HDC C:\Windows\$NtUninstallWMFDist11$
2012-03-09 18:19 - 2009-04-15 17:37 - 0000000 __HDC C:\Windows\$NtUninstallKB923561$
2012-03-09 18:19 - 2008-09-27 07:26 - 0000000 __HDC C:\Windows\$NtUninstallKB951978$
2012-03-09 18:19 - 2008-09-25 15:48 - 0000000 __HDC C:\Windows\$NtUninstallKB951748$
2012-03-09 18:19 - 2008-09-25 15:48 - 0000000 __HDC C:\Windows\$NtUninstallKB951698$
2012-03-09 18:19 - 2008-09-25 15:48 - 0000000 __HDC C:\Windows\$NtUninstallKB951066$
2012-03-09 18:19 - 2008-09-25 15:48 - 0000000 __HDC C:\Windows\$NtUninstallKB950974$
2012-03-09 18:19 - 2008-09-25 15:47 - 0000000 __HDC C:\Windows\$NtUninstallKB946648$
2012-03-09 18:19 - 2008-08-12 17:53 - 0000000 __HDC C:\Windows\$NtUninstallKB946648_0$
2012-03-09 18:19 - 2008-08-12 17:51 - 0000000 __HDC C:\Windows\$NtUninstallKB951072-v2$
2012-03-09 18:19 - 2008-08-12 17:51 - 0000000 __HDC C:\Windows\$NtUninstallKB951066_0$
2012-03-09 18:19 - 2008-07-09 08:17 - 0000000 __HDC C:\Windows\$NtUninstallKB951748_0$
2012-03-09 18:19 - 2008-06-10 18:07 - 0000000 __HDC C:\Windows\$NtUninstallKB951698_0$
2012-03-09 18:19 - 2008-04-09 22:02 - 0000000 __HDC C:\Windows\$NtUninstallKB948590$
2012-03-09 18:19 - 2008-04-09 22:00 - 0000000 __HDC C:\Windows\$NtUninstallKB945553$
2012-03-09 18:19 - 2008-02-12 18:07 - 0000000 __HDC C:\Windows\$NtUninstallKB943055$
2012-03-09 18:19 - 2008-01-26 12:01 - 0000000 __HDC C:\Windows\$NtUninstallKB943485$
2012-03-09 18:19 - 2008-01-26 12:01 - 0000000 __HDC C:\Windows\$NtUninstallKB939683$
2012-03-09 18:19 - 2008-01-26 12:01 - 0000000 __HDC C:\Windows\$NtUninstallKB929399$
2012-03-09 18:19 - 2008-01-26 12:00 - 0000000 __HDC C:\Windows\$NtUninstallKB936782_WMP11$
2012-03-09 18:19 - 2008-01-05 07:02 - 0000000 __HDC C:\Windows\$NtUninstallKB942615$
2012-03-09 18:19 - 2008-01-05 07:02 - 0000000 __HDC C:\Windows\$NtUninstallKB937894$
2012-03-09 18:19 - 2008-01-05 07:01 - 0000000 __HDC C:\Windows\$NtUninstallKB941569$
2012-03-09 18:19 - 2008-01-05 06:58 - 0000000 __HDC C:\Windows\$NtUninstallKB943460$
2012-03-09 18:19 - 2008-01-05 06:52 - 0000000 __HDC C:\Windows\$NtUninstallKB943460_0$
2012-03-09 18:19 - 2008-01-05 06:52 - 0000000 __HDC C:\Windows\$NtUninstallKB941202$
2012-03-09 18:19 - 2008-01-05 06:52 - 0000000 __HDC C:\Windows\$NtUninstallKB938127$
2012-03-09 18:19 - 2008-01-05 06:52 - 0000000 __HDC C:\Windows\$NtUninstallKB936782_WMP9$
2012-03-09 18:19 - 2008-01-05 06:52 - 0000000 __HDC C:\Windows\$NtUninstallKB936021$
2012-03-09 18:19 - 2008-01-05 06:52 - 0000000 __HDC C:\Windows\$NtUninstallKB933729$
2012-03-09 18:19 - 2008-01-05 06:51 - 0000000 __HDC C:\Windows\$NtUninstallKB938829$
2012-03-09 18:19 - 2008-01-05 06:51 - 0000000 __HDC C:\Windows\$NtUninstallKB938828$
2012-03-09 18:19 - 2008-01-05 06:51 - 0000000 __HDC C:\Windows\$NtUninstallKB929123$
2012-03-09 18:19 - 2008-01-05 06:50 - 0000000 __HDC C:\Windows\$NtUninstallKB931261$
2012-03-09 18:19 - 2008-01-05 06:50 - 0000000 __HDC C:\Windows\$NtUninstallKB930178$
2012-03-09 18:19 - 2008-01-05 06:50 - 0000000 __HDC C:\Windows\$NtUninstallKB927779$
2012-03-09 18:19 - 2008-01-05 06:50 - 0000000 __HDC C:\Windows\$NtUninstallKB926436$
2012-03-09 18:19 - 2008-01-05 06:50 - 0000000 __HDC C:\Windows\$NtUninstallKB925902$
2012-03-09 18:19 - 2008-01-05 06:50 - 0000000 __HDC C:\Windows\$NtUninstallKB924667$
2012-03-09 18:19 - 2008-01-05 06:49 - 0000000 __HDC C:\Windows\$NtUninstallKB928255$
2012-03-09 18:19 - 2008-01-05 06:49 - 0000000 __HDC C:\Windows\$NtUninstallKB927802$
2012-03-09 18:19 - 2008-01-05 06:49 - 0000000 __HDC C:\Windows\$NtUninstallKB926255$
2012-03-09 18:19 - 2008-01-05 06:49 - 0000000 __HDC C:\Windows\$NtUninstallKB924496$
2012-03-09 18:19 - 2008-01-05 06:49 - 0000000 __HDC C:\Windows\$NtUninstallKB924270$
2012-03-09 18:19 - 2008-01-05 06:49 - 0000000 __HDC C:\Windows\$NtUninstallKB923980$
2012-03-09 18:19 - 2008-01-05 06:49 - 0000000 __HDC C:\Windows\$NtUninstallKB923191$
2012-03-09 18:18 - 2012-01-25 19:21 - 0000000 __HDC C:\Windows\$NtUninstallKB2585542$
2012-03-09 18:18 - 2012-01-11 16:04 - 0000000 __HDC C:\Windows\$NtUninstallKB2646524$
2012-03-09 18:18 - 2012-01-11 16:04 - 0000000 __HDC C:\Windows\$NtUninstallKB2631813$
2012-03-09 18:18 - 2012-01-11 16:00 - 0000000 __HDC C:\Windows\$NtUninstallKB2598479$
2012-03-09 18:18 - 2011-12-16 16:38 - 0000000 __HDC C:\Windows\$NtUninstallKB2624667$
2012-03-09 18:18 - 2011-12-16 16:33 - 0000000 __HDC C:\Windows\$NtUninstallKB2619339$
2012-03-09 18:18 - 2011-11-13 23:05 - 0000000 __HDC C:\Windows\$NtUninstallKB2544893-v2$
2012-03-09 18:18 - 2011-10-13 12:08 - 0000000 __HDC C:\Windows\$NtUninstallKB2564958$
2012-03-09 18:18 - 2011-08-12 17:54 - 0000000 __HDC C:\Windows\$NtUninstallKB2567680$
2012-03-09 18:18 - 2011-07-18 15:45 - 0000000 __HDC C:\Windows\$NtUninstallKB2507938$
2012-03-09 18:18 - 2011-06-15 18:13 - 0000000 __HDC C:\Windows\$NtUninstallKB2544893$
2012-03-09 18:18 - 2011-04-14 18:03 - 0000000 __HDC C:\Windows\$NtUninstallKB2510581$
2012-03-09 18:18 - 2011-04-14 17:52 - 0000000 __HDC C:\Windows\$NtUninstallKB2503658$
2012-03-09 18:18 - 2011-04-14 17:51 - 0000000 __HDC C:\Windows\$NtUninstallKB2506212$
2012-03-09 18:18 - 2011-04-14 17:47 - 0000000 __HDC C:\Windows\$NtUninstallKB2509553$
2012-03-09 18:18 - 2011-02-10 19:22 - 0000000 __HDC C:\Windows\$NtUninstallKB2483185$
2012-03-09 18:18 - 2008-01-05 06:58 - 0000000 __HDC C:\Windows\$NtUninstallKB914440$
2012-03-09 18:18 - 2008-01-05 06:51 - 0000000 __HDC C:\Windows\$NtUninstallKB921503$
2012-03-09 18:18 - 2008-01-05 06:50 - 0000000 __HDC C:\Windows\$NtUninstallKB918118$
2012-03-09 18:18 - 2008-01-05 06:49 - 0000000 __HDC C:\Windows\$NtUninstallKB920685$
2012-03-09 18:18 - 2008-01-05 06:48 - 0000000 __HDC C:\Windows\$NtUninstallKB920683$
2012-03-09 18:18 - 2008-01-05 06:48 - 0000000 __HDC C:\Windows\$NtUninstallKB918439$
2012-03-09 18:18 - 2008-01-05 06:48 - 0000000 __HDC C:\Windows\$NtUninstallKB914388$
2012-03-09 18:18 - 2008-01-05 06:48 - 0000000 __HDC C:\Windows\$NtUninstallKB913580$
2012-03-09 18:18 - 2008-01-05 06:48 - 0000000 __HDC C:\Windows\$NtUninstallKB911927$
2012-03-09 18:18 - 2008-01-05 06:48 - 0000000 __HDC C:\Windows\$NtUninstallKB911564$
2012-03-09 18:18 - 2008-01-05 06:48 - 0000000 __HDC C:\Windows\$NtUninstallKB911562$
2012-03-09 18:18 - 2008-01-05 06:48 - 0000000 __HDC C:\Windows\$NtUninstallKB911280$
2012-03-09 18:18 - 2008-01-05 06:48 - 0000000 __HDC C:\Windows\$NtUninstallKB908531$
2012-03-09 18:18 - 2008-01-05 06:47 - 0000000 __HDC C:\Windows\$NtUninstallKB910437$
2012-03-09 18:18 - 2008-01-05 06:47 - 0000000 __HDC C:\Windows\$NtUninstallKB908519$
2012-03-09 18:18 - 2008-01-05 06:47 - 0000000 __HDC C:\Windows\$NtUninstallKB905414$
2012-03-09 18:18 - 2008-01-05 06:47 - 0000000 __HDC C:\Windows\$NtUninstallKB902400$
2012-03-09 18:18 - 2008-01-05 06:47 - 0000000 __HDC C:\Windows\$NtUninstallKB901017$
2012-03-09 18:18 - 2008-01-05 06:47 - 0000000 __HDC C:\Windows\$NtUninstallKB900725$
2012-03-09 18:18 - 2008-01-05 06:45 - 0000000 __HDC C:\Windows\$NtUninstallKB901214$
2012-03-09 18:18 - 2008-01-05 06:45 - 0000000 __HDC C:\Windows\$NtUninstallKB899587$
2012-03-09 18:18 - 2008-01-05 06:45 - 0000000 __HDC C:\Windows\$NtUninstallKB896423$
2012-03-09 18:18 - 2008-01-05 06:45 - 0000000 __HDC C:\Windows\$NtUninstallKB896358$
2012-03-09 18:18 - 2008-01-05 06:45 - 0000000 __HDC C:\Windows\$NtUninstallKB894391$
2012-03-09 18:18 - 2008-01-05 06:45 - 0000000 __HDC C:\Windows\$NtUninstallKB893756$
2012-03-09 18:18 - 2008-01-05 06:45 - 0000000 __HDC C:\Windows\$NtUninstallKB890859$
2012-03-09 18:18 - 2008-01-05 06:45 - 0000000 __HDC C:\Windows\$NtUninstallKB888302$
2012-03-09 18:18 - 2008-01-05 06:45 - 0000000 __HDC C:\Windows\$NtUninstallKB887472$
2012-03-09 18:18 - 2008-01-05 06:45 - 0000000 __HDC C:\Windows\$NtUninstallKB885835$
2012-03-09 18:18 - 2008-01-05 06:44 - 0000000 __HDC C:\Windows\$NtUninstallKB873339$
2012-03-09 18:17 - 2011-06-15 18:23 - 0000000 __HDC C:\Windows\$NtUninstallKB2476490$
2012-03-09 18:17 - 2011-03-11 19:26 - 0000000 __HDC C:\Windows\$NtUninstallKB2479943$
2012-03-09 18:17 - 2011-03-11 19:22 - 0000000 __HDC C:\Windows\$NtUninstallKB2481109$
2012-03-09 18:17 - 2011-02-10 19:23 - 0000000 __HDC C:\Windows\$NtUninstallKB2478971$
2012-03-09 18:17 - 2011-01-12 14:44 - 0000000 __HDC C:\Windows\$NtUninstallKB2419632$
2012-03-09 18:17 - 2010-12-16 15:29 - 0000000 __HDC C:\Windows\$NtUninstallKB2423089$
2012-03-09 18:17 - 2010-10-12 17:26 - 0000000 __HDC C:\Windows\$NtUninstallKB2387149$
2012-03-09 18:17 - 2010-10-12 17:26 - 0000000 __HDC C:\Windows\$NtUninstallKB2345886$
2012-03-09 18:17 - 2010-10-12 17:26 - 0000000 __HDC C:\Windows\$NtUninstallKB2296011$
2012-03-09 18:17 - 2010-10-12 17:25 - 0000000 __HDC C:\Windows\$NtUninstallKB2378111_WM9$
2012-03-09 18:17 - 2010-10-12 17:18 - 0000000 __HDC C:\Windows\$NtUninstallKB2360937$
2012-03-09 18:17 - 2010-09-15 15:12 - 0000000 __HDC C:\Windows\$NtUninstallKB2347290$
2012-03-09 18:17 - 2010-09-15 15:12 - 0000000 __HDC C:\Windows\$NtUninstallKB2121546$
2012-03-09 18:17 - 2010-09-15 15:07 - 0000000 __HDC C:\Windows\$NtUninstallKB2141007$
2012-03-09 18:17 - 2010-08-13 17:32 - 0000000 __HDC C:\Windows\$NtUninstallKB2079403$
2012-03-09 18:17 - 2010-08-03 14:01 - 0000000 __HDC C:\Windows\$NtUninstallKB2286198$
2012-03-09 18:17 - 2010-07-14 05:58 - 0000000 __HDC C:\Windows\$NtUninstallKB2229593$
2012-03-09 18:17 - 2006-02-28 08:00 - 0000098 ____A C:\Windows\System32\Drivers\etc\Hosts
2012-03-09 18:16 - 2012-03-09 18:16 - 0000000 ____D C:\_OTL
2012-03-09 18:15 - 2009-03-12 04:14 - 0000000 ____D C:\Program Files\Photo Viewer
2012-03-09 18:14 - 2008-01-03 19:49 - 0000000 __HDC C:\Windows\$MSI31Uninstall_KB893803v2$
2012-03-09 17:21 - 2008-01-29 16:15 - 0003787 ___AC C:\Windows\System32\TVersityMediaServer.log
2012-03-09 16:42 - 2012-03-09 16:41 - 0000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar
2012-03-09 16:42 - 2012-01-16 17:03 - 0000000 ____D C:\Windows\System32\cache
2012-03-09 16:42 - 2010-02-02 17:17 - 0000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2012-03-09 16:41 - 2012-03-09 16:41 - 0000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2012-03-09 16:41 - 2012-03-09 16:41 - 0000000 ____D C:\Documents and Settings\LocalService\Application Data\Google
2012-03-09 16:41 - 2012-03-09 16:41 - 0000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2012-03-09 15:58 - 2008-01-03 19:43 - 0073928 ____A C:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-03-09 15:57 - 2012-03-09 15:55 - 0004144 ____A C:\TDSSKiller.2.7.19.0_09.03.2012_19.55.35_log.txt
2012-03-09 15:55 - 2012-03-09 15:54 - 0062406 ____A C:\TDSSKiller.2.7.19.0_09.03.2012_19.54.31_log.txt
2012-03-09 15:26 - 2011-09-12 13:51 - 0002187 ____A C:\Documents and Settings\All Users\Desktop\Safari.lnk
2012-03-09 15:26 - 2008-12-24 10:00 - 0000000 ____D C:\Program Files\Safari
2012-03-09 13:09 - 2012-03-10 21:07 - 0475736 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\2278046drv.sys
2012-03-09 13:09 - 2012-03-10 21:07 - 0133208 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\54823927.sys
2012-03-08 18:39 - 2008-01-03 18:14 - 0277352 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-08 18:06 - 2011-08-25 07:37 - 0001813 ____A C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2012-03-07 19:37 - 2008-01-25 17:43 - 0000000 ____D C:\Program Files\Windows Media Connect 2
2012-03-07 19:31 - 2012-03-07 19:31 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-03-07 19:28 - 2009-12-25 08:38 - 0000000 ____D C:\Program Files\Microsoft Office Outlook Connector
2012-03-07 19:24 - 2009-06-25 11:52 - 0000000 ____D C:\Program Files\K-Lite Codec Pack
2012-03-07 19:24 - 2008-01-29 16:09 - 0000000 ____D C:\Program Files\Media Player Classic
2012-03-07 19:24 - 2008-01-04 19:06 - 0000000 ____D C:\Program Files\Microsoft ActiveSync
2012-03-07 19:22 - 2008-03-04 16:58 - 0000000 ____D C:\Program Files\HP
2012-03-07 19:21 - 2009-07-23 17:27 - 0000000 ____D C:\Program Files\GPLGS
2012-03-07 19:16 - 2008-01-25 17:57 - 0000000 ____D C:\Program Files\coverXP
2012-03-07 19:09 - 2011-12-16 05:14 - 0000000 ____D C:\Program Files\AVG Secure Search
2012-03-07 19:09 - 2011-02-17 14:56 - 0000000 ____D C:\Program Files\Audacity
2012-03-07 19:09 - 2008-01-26 09:14 - 0000000 ____D C:\Program Files\AnMing
2012-03-07 18:59 - 2012-03-07 18:59 - 0020003 ____A C:\Documents and Settings\Andy & Joanna\My Documents\hijackthis.log
2012-03-07 18:59 - 2008-01-03 19:39 - 0000000 ___RD C:\Documents and Settings\Andy & Joanna\My Documents
2012-03-07 18:45 - 2010-05-11 17:13 - 0000000 ____D C:\Documents and Settings\Andy & Joanna\Application Data\PriceGong
2012-03-07 18:27 - 2012-03-07 18:27 - 0000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-07 18:27 - 2010-07-19 16:54 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-03-05 18:30 - 2008-01-26 09:16 - 0000000 ____D C:\Documents and Settings\Andy & Joanna\Application Data\uTorrent
2012-03-05 16:32 - 2008-01-05 07:06 - 0032256 ____A C:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-02-29 16:15 - 2008-01-26 05:53 - 0000069 ____A C:\Windows\NeroDigital.ini
2012-02-23 19:17 - 2008-01-26 09:16 - 0000000 ____D C:\Program Files\uTorrent
2012-02-23 14:43 - 2009-07-22 17:50 - 0000000 __SHD C:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\.#
2012-02-23 14:40 - 2011-06-24 13:23 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-02-22 18:28 - 2008-01-04 19:04 - 0000000 ____D C:\Program Files\Microsoft Office
2012-02-22 18:27 - 2009-12-02 19:28 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-02-22 18:24 - 2008-01-03 18:17 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-02-17 09:29 - 2008-04-01 09:56 - 0000000 ____D C:\Documents and Settings\Andy & Joanna\My Documents\Driving Range Idea
2012-02-17 08:41 - 2008-01-25 19:04 - 0000000 ____D C:\Windows\Microsoft.NET
2012-02-17 08:34 - 2009-12-25 08:38 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-02-16 18:40 - 2012-02-16 18:40 - 0000000 __HDC C:\Windows\$NtUninstallKB2660465$
2012-02-16 18:40 - 2012-02-16 15:57 - 0212330 ____A C:\Windows\KB2647516-IE7.log
2012-02-16 18:40 - 2012-02-16 15:57 - 0131362 ____A C:\Windows\KB2660465.log
2012-02-16 18:40 - 2008-01-05 06:50 - 52550552 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-16 18:40 - 2008-01-05 06:45 - 0315545 ____A C:\Windows\updspapi.log
2012-02-16 18:40 - 2008-01-03 18:17 - 2285525 ____A C:\Windows\FaxSetup.log
2012-02-16 18:40 - 2008-01-03 18:17 - 1105515 ____A C:\Windows\ocgen.log
2012-02-16 18:40 - 2008-01-03 18:17 - 1049903 ____A C:\Windows\tsoc.log
2012-02-16 18:40 - 2008-01-03 18:17 - 0753791 ____A C:\Windows\comsetup.log
2012-02-16 18:40 - 2008-01-03 18:17 - 0710966 ____A C:\Windows\msmqinst.log
2012-02-16 18:40 - 2008-01-03 18:17 - 0534032 ____A C:\Windows\iis6.log
2012-02-16 18:40 - 2008-01-03 18:17 - 0455410 ____A C:\Windows\ntdtcsetup.log
2012-02-16 18:40 - 2008-01-03 18:17 - 0401003 ____A C:\Windows\netfxocm.log
2012-02-16 18:40 - 2008-01-03 18:17 - 0158190 ____A C:\Windows\MedCtrOC.log
2012-02-16 18:40 - 2008-01-03 18:17 - 0122657 ____A C:\Windows\ocmsn.log
2012-02-16 18:40 - 2008-01-03 18:17 - 0115545 ____A C:\Windows\tabletoc.log
2012-02-16 18:40 - 2008-01-03 18:17 - 0114686 ____A C:\Windows\msgsocm.log
2012-02-16 18:40 - 2008-01-03 18:17 - 0001374 ____A C:\Windows\imsins.log
2012-02-16 18:40 - 2008-01-03 18:17 - 0001374 ____A C:\Windows\imsins.BAK
2012-02-16 18:39 - 2008-01-05 07:00 - 0000000 ____D C:\Windows\ie7updates
2012-02-16 18:38 - 2012-02-16 18:37 - 0006654 ____A C:\Windows\KB2661637.log
2012-02-16 18:37 - 2012-02-16 18:37 - 0000000 __HDC C:\Windows\$NtUninstallKB2661637$
2012-02-16 18:37 - 2008-01-03 19:31 - 0000000 ___HD C:\Windows\$hf_mig$
2012-02-16 15:55 - 2011-07-10 14:02 - 0001052 ____A C:\Documents and Settings\Andy & Joanna\Desktop\Dropbox.lnk
2012-02-16 15:55 - 2011-07-10 14:00 - 0001052 ____A C:\Documents and Settings\Andy & Joanna\Start Menu\Programs\Startup\Dropbox.lnk
2012-02-02 18:30 - 2010-12-06 16:45 - 0000690 ____A C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
2012-01-31 10:09 - 2010-08-16 14:32 - 0590816 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2012-01-31 07:37 - 2009-01-19 14:56 - 0000000 ____D C:\Documents and Settings\Andy & Joanna\Application Data\ZoomBrowser EX
2012-01-31 06:24 - 2009-09-06 05:32 - 0000000 ____D C:\Documents and Settings\Andy & Joanna\My Documents\Jo Stuff
2012-01-31 06:24 - 2008-01-03 19:39 - 0000000 ___RD C:\Documents and Settings\Andy & Joanna\My Documents\My Pictures
2012-01-30 16:08 - 2008-01-03 18:14 - 0190053 ____A C:\Windows\setupact.log
2012-01-30 14:56 - 2011-02-17 18:48 - 0000000 ____D C:\Log
2012-01-30 14:53 - 2008-01-03 19:50 - 0000000 ___RD C:\Documents and Settings\Andy & Joanna\My Documents\My Videos
2012-01-30 14:51 - 2008-01-25 19:39 - 0000000 ____D C:\Documents and Settings\Andy & Joanna\My Documents\My Received Files
2012-01-30 14:29 - 2010-11-21 16:13 - 0000000 ____D C:\Documents and Settings\Andy & Joanna\My Documents\30yrs of Jo!
2012-01-29 15:25 - 2012-01-26 13:31 - 0017200 ____A C:\Documents and Settings\Andy & Joanna\My Documents\Mum Fletcher's Tribute 26 January 2012.docx
2012-01-29 13:46 - 2012-01-29 13:46 - 0012265 ____A C:\Documents and Settings\Andy & Joanna\My Documents\Mum Fletcher Poem 29 Jan 2012.docx
2012-01-28 08:06 - 2012-01-26 17:58 - 0154624 ____A C:\Documents and Settings\Andy & Joanna\My Documents\Hilda_Fletcher_-_Funeral_Service[1].doc
2012-01-25 19:21 - 2012-01-25 13:34 - 0012433 ____A C:\Windows\KB2585542.log
2012-01-25 14:43 - 2012-01-25 14:43 - 0001542 ____A C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2012-01-25 14:43 - 2009-09-14 08:55 - 0000000 ____D C:\Program Files\iTunes
2012-01-25 14:42 - 2012-01-25 14:42 - 0000000 ____D C:\Program Files\iPod
2012-01-25 14:42 - 2008-01-25 18:18 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-01-24 20:00 - 2008-01-29 16:22 - 0000805 ____A C:\Windows\System32\tversity.cookies
2012-01-16 17:17 - 2008-04-04 15:29 - 0000000 ____D C:\Documents and Settings\Andy & Joanna\My Documents\My Scans
2012-01-16 17:04 - 2011-12-16 05:14 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2012-01-14 13:43 - 2012-01-14 13:43 - 0133649 ____A C:\Documents and Settings\Andy & Joanna\My Documents\zizzi.xps
2012-01-12 12:53 - 2008-10-16 08:48 - 1859968 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\win32k.sys
2012-01-12 12:53 - 2006-02-28 08:00 - 1859968 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-11 16:04 - 2012-01-11 13:53 - 0012135 ____A C:\Windows\KB2646524.log
2012-01-11 16:04 - 2012-01-11 13:53 - 0011502 ____A C:\Windows\KB2631813.log
2012-01-11 16:00 - 2012-01-11 13:53 - 0012096 ____A C:\Windows\KB2598479.log
2012-01-11 15:42 - 2012-01-11 15:42 - 0006540 ____A C:\Windows\KB2603381.log
2012-01-11 15:42 - 2012-01-11 15:42 - 0000000 __HDC C:\Windows\$NtUninstallKB2603381$
2012-01-11 15:41 - 2012-01-11 15:41 - 0000000 __HDC C:\Windows\$NtUninstallKB2584146$
2012-01-11 15:41 - 2012-01-11 13:53 - 0010902 ____A C:\Windows\KB2584146.log
2012-01-11 15:06 - 2012-02-16 15:55 - 0003072 ____N C:\Windows\System32\iacenc.dll
2012-01-11 15:06 - 2012-02-16 15:55 - 0003072 ____C C:\Windows\System32\dllcache\iacenc.dll
2012-01-07 12:12 - 2012-01-07 12:12 - 0011446 ____A C:\Documents and Settings\Andy & Joanna\My Documents\PRAYERS.docx
2012-01-01 13:18 - 2008-01-25 18:19 - 0000000 ____D C:\Documents and Settings\Andy & Joanna\Application Data\Apple Computer
2012-01-01 12:43 - 2012-01-01 12:43 - 0001604 ____A C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2012-01-01 12:39 - 2012-01-01 12:39 - 0000000 ____D C:\Program Files\Bonjour
2011-12-19 04:13 - 2008-01-05 07:00 - 0569856 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeeds.dll
2011-12-19 04:13 - 2008-01-05 07:00 - 0482304 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieapfltr.dll
2011-12-19 04:13 - 2008-01-05 07:00 - 0268288 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iertutil.dll
2011-12-19 04:13 - 2008-01-05 07:00 - 0164352 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\icardie.dll
2011-12-19 04:13 - 2008-01-05 07:00 - 0153600 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeedsbs.dll
2011-12-19 04:13 - 2007-08-13 14:54 - 6076416 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-19 04:13 - 2007-08-13 14:54 - 0468480 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-12-19 04:13 - 2007-08-13 14:54 - 0153600 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-12-19 04:13 - 2007-08-13 14:36 - 0164352 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2011-12-19 04:13 - 2007-08-13 14:34 - 0268288 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-19 04:13 - 2007-07-11 08:27 - 0482304 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 3717632 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 3616768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 1830912 ____N (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-12-19 04:13 - 2006-02-28 08:00 - 1830912 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\inetcpl.cpl
2011-12-19 04:13 - 2006-02-28 08:00 - 1168896 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\urlmon.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 1168896 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0832512 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wininet.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0832512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0772608 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mstime.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0772608 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0580096 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtmled.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0485888 ____N (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0485888 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iedkcs32.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0478720 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0448000 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\dxtmsft.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0347136 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0334336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\webcheck.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0331264 ____N (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0331264 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieaksie.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0315904 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\dxtrans.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0294400 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msrating.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0294400 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0293376 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iepeers.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0254464 ____N (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0254464 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieakeng.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0234496 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\extmgr.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0233472 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0226304 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\advpack.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0207360 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\url.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0192512 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0145920 ____N (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0145920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iernonce.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0145408 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pngfilt.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0129024 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\jsproxy.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0124928 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0118272 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\corpol.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0102912 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\occache.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0102912 ____N (Microsoft Corporation) C:\Windows\System32\occache.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0078336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ieencode.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0078336 ____A (Microsoft Corporation) C:\Windows\System32\ieencode.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0044544 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0027648 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-19 04:13 - 2006-02-28 08:00 - 0017408 ____A (Microsoft Corporation) C:\Windows\System32\corpol.dll
2011-12-16 16:40 - 2011-12-16 05:15 - 0099171 ____A C:\Windows\KB2618444-IE7.log
2011-12-16 16:39 - 2011-12-16 05:15 - 0013163 ____A C:\Windows\KB2639417.log
2011-12-16 16:38 - 2011-12-16 16:38 - 0000000 __HDC C:\Windows\$NtUninstallKB2639417$
2011-12-16 16:38 - 2011-12-16 05:15 - 0012151 ____A C:\Windows\KB2624667.log
2011-12-16 16:33 - 2011-12-16 16:33 - 0004131 ____A C:\Windows\KB2633952.log
2011-12-16 16:33 - 2011-12-16 16:33 - 0000000 __HDC C:\Windows\$NtUninstallKB2633952$
2011-12-16 16:33 - 2011-12-16 05:14 - 0011327 ____A C:\Windows\KB2619339.log
2011-12-16 16:33 - 2008-01-05 07:01 - 0617170 ____A C:\Windows\System32\TZLog.log
2011-12-16 16:32 - 2011-12-16 16:32 - 0006816 ____A C:\Windows\KB2618451.log
2011-12-16 16:32 - 2011-12-16 16:32 - 0000000 __HDC C:\Windows\$NtUninstallKB2620712$
2011-12-16 16:32 - 2011-12-16 16:32 - 0000000 __HDC C:\Windows\$NtUninstallKB2618451$
2011-12-16 16:32 - 2011-12-16 05:14 - 0011406 ____A C:\Windows\KB2620712.log
2011-12-16 16:32 - 2011-12-16 05:13 - 0014288 ____A C:\Windows\KB2633171.log
2011-12-16 16:31 - 2011-12-16 16:31 - 0000000 __HDC C:\Windows\$NtUninstallKB2633171$
2011-12-16 08:22 - 2008-01-05 07:00 - 0114688 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieudinit.exe
2011-12-16 08:22 - 2006-02-28 08:00 - 0171520 ____N (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2011-12-16 08:22 - 2006-02-28 08:00 - 0171520 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ie4uinit.exe
2011-12-16 07:00 - 2008-01-03 19:29 - 0634680 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iexplore.exe
2011-12-16 06:58 - 2006-02-28 08:00 - 0161792 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ieakui.dll
2011-12-16 06:58 - 2006-02-28 08:00 - 0161792 ____N (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2011-12-16 05:50 - 2011-12-16 05:50 - 0000000 ____D C:\Documents and Settings\Andy & Joanna\Application Data\AVG Secure Search
2011-12-16 05:14 - 2011-12-16 05:14 - 0000000 ____D C:\Program Files\Common Files\AVG Secure Search

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points (XP) =====================

RP: -> 2012-03-10 13:37 - 028672 _restore{BE19214C-0968-4AF8-9B16-06D5279C8F65}\RP1049

RP: -> 2012-03-09 18:24 - 028672 _restore{BE19214C-0968-4AF8-9B16-06D5279C8F65}\RP1048

RP: -> 2012-03-09 17:35 - 028672 _restore{BE19214C-0968-4AF8-9B16-06D5279C8F65}\RP1047


========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 2046.48 MB
Available physical RAM: 1754.89 MB
Total Pagefile: 1877.14 MB
Available Pagefile: 1799.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 2003.18 MB

======================= Partitions =========================

2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: () (Fixed) (Total:232.88 GB) (Free:11.27 GB) NTFS ==>[Drive with boot components (Windows XP)]
8 Drive h: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
9 Drive i: () (Removable) (Total:0.95 GB) (Free:0.82 GB) FAT32
10 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 4 Online 233 GB 0 B

Partitions of Disk 4:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 233 GB 32 KB
======================================================================================================

Disk: 4
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 C NTFS Partition 233 GB Healthy
======================================================================================================
======================= End Of Log ==========================
  • 0

#82
Essexboy
Posted 12 March 2012 - 04:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Does the other XP that appears in the boot menu allow you access ?

If not I will attempt a system restore
  • 0

#83
nobbyburton
Posted 12 March 2012 - 05:04 PM

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
No get same message witheither , the 3 restore points noted on the scan 2 were on the 9th, which was night one of trying to fix virus, I think the virus was stable.ish before I made the fatal decision to mess with the boot using msconfig which was on the 10th, and this stupid dialog box was not happening at all when the virus was rife, it only happened after I messed with msconfig, though I only unchecked 2 apps
  • 0

#84
Essexboy
Posted 12 March 2012 - 05:11 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I will restore to the first point we made on the 9th

Ok save this to the FSRT usb drive
Then run the fix again
[attachment=56589:fixlist.txt]
If this fails we may have to do a full reset of the MBR
  • 0

#85
nobbyburton
Posted 12 March 2012 - 05:15 PM

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
ok doing now, does file have to be called fixlist, as theres two on usb its auto named it fixlist_1, presume this okay

rebooting REATGO to got a minute or so of boot time

what does the final sentence mean about full reset of MBR
  • 0

Advertisements

#86
Essexboy
Posted 12 March 2012 - 05:18 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes it has to be called fixlist - it should overwrite the previous copy on the stick

What I will be looking at is using FixMBR
  • 0

#87
nobbyburton
Posted 12 March 2012 - 05:21 PM

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
ok will rename and move/delete earlier one

just about finished booting, thanks again for your patience
  • 0

#88
nobbyburton
Posted 12 March 2012 - 05:27 PM

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 11-03-2012
Ran by SYSTEM at 2012-03-13 05:26:04 R:2
Running from I:\

==============================================

SAM hive was successfully restored from Restore Point.
SECURITY hive was successfully restored from Restore Point.
Software hive was successfully restored from Restore Point.
System hive was successfully restored from Restore Point.
Default hive was successfully restored from Restore Point.

==== End of Fixlog ====
  • 0

#89
nobbyburton
Posted 12 March 2012 - 05:28 PM

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
will this take us back (if it works) to before the virus was removed?
  • 0

#90
nobbyburton
Posted 12 March 2012 - 05:46 PM

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
Rebooted as scan looked like itnsaidnrestore went okay, no joy same as before
Speak tomorrow
Tanks
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP