Bad cookies reappearing
I have this file called cookies.sqlite for firefox and it has been popping up recently. When I file shred it or sometimes just go to the file, I get a the AVG resident shield alert: in this SS it shows I just went to it, hence the process name D:\\Windows\Explorer.exe Sometimes it will be fileshredder.exe, ccleaner.exe etc. Also the threat names show up as different names.
Hope this help you to help me
my ver. of xp is tweaked a bit fyi
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:25 AM, on 1/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\AVG\AVG9\avgchsvx.exe
D:\Program Files\AVG\AVG9\avgrsx.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
D:\PROGRA~1\AVG\AVG9\avgtray.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\COMODO\COMODO Internet Security\cfp.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\AVG\AVG9\avgwdsvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\AVG\AVG9\avgemc.exe
D:\Program Files\AVG\AVG9\avgnsx.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PRONoMgr.exe] D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AVG9_TRAY] D:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261372127750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261596103937
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: CiSvc - Unknown owner - D:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: ClipSrv - Unknown owner - D:\WINDOWS\system32\clipsrv.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - D:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - E:\PICTURESSS\Random pictures\Hong Kong wallpaper.jpg
--
End of file - 6196 bytes
Combofix
ComboFix 10-01-04.01 - Administrator 01/06/2010 23:24:10.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2574 [GMT -5:00]
Running from: d:\documents and settings\Administrator\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\windows\system32\Data
d:\windows\system32\Data\CT0060W.DAT
d:\windows\system32\Data\CTP0060W.DAT
d:\windows\system32\Data\CTP0061W.DAT
d:\windows\system32\Data\CTP0070W.DAT
d:\windows\system32\Data\CTP0073W.DAT
d:\windows\system32\Data\CTP0090W.DAT
d:\windows\system32\Data\CTP0091W.DAT
d:\windows\system32\Data\CTP0092W.DAT
d:\windows\system32\Data\CTP0095W.DAT
d:\windows\system32\Data\CTP0100W.DAT
d:\windows\system32\Data\CTP0101W.DAT
d:\windows\system32\Data\CTP0102W.DAT
d:\windows\system32\Data\CTP0103W.DAT
d:\windows\system32\Data\CTP0105W.DAT
d:\windows\system32\Data\CTP0150W.DAT
d:\windows\system32\Data\CTP0161W.DAT
d:\windows\system32\Data\CTP0162W.DAT
d:\windows\system32\Data\CTP0170W.DAT
d:\windows\system32\Data\CTP017AW.DAT
d:\windows\system32\Data\CTP017BW.DAT
d:\windows\system32\Data\CTP017CW.DAT
d:\windows\system32\Data\CTP017DW.DAT
d:\windows\system32\Data\CTP017EW.DAT
d:\windows\system32\Data\CTP017FW.DAT
d:\windows\system32\Data\CTP017GW.DAT
d:\windows\system32\Data\CTP017HW.DAT
d:\windows\system32\Data\CTP0191W.DAT
d:\windows\system32\Data\CTP0192W.DAT
d:\windows\system32\Data\CTP0221W.DAT
d:\windows\system32\Data\CTP0222W.DAT
d:\windows\system32\Data\CTP0230W.DAT
d:\windows\system32\Data\CTP0231W.DAT
d:\windows\system32\Data\CTP0232W.DAT
d:\windows\system32\Data\CTP0238W.DAT
d:\windows\system32\Data\CTP0240W.DAT
d:\windows\system32\Data\CTP0242W.DAT
d:\windows\system32\Data\CTP0243W.DAT
d:\windows\system32\Data\CTP0244W.DAT
d:\windows\system32\Data\CTP0280W.DAT
d:\windows\system32\Data\CTP0320W.DAT
d:\windows\system32\Data\CTP0350W.DAT
d:\windows\system32\Data\CTP0352W.DAT
d:\windows\system32\Data\CTP0360W.DAT
d:\windows\system32\Data\CTP1140W.DAT
d:\windows\system32\Data\CTP4620W.DAT
d:\windows\system32\Data\CTP4670W.DAT
d:\windows\system32\Data\CTP4760W.DAT
d:\windows\system32\Data\CTP4780W.DAT
d:\windows\system32\Data\CTP4790W.DAT
d:\windows\system32\Data\CTP4820W.DAT
d:\windows\system32\Data\CTP4830W.DAT
d:\windows\system32\Data\CTP4831W.DAT
d:\windows\system32\Data\CTP4832W.DAT
d:\windows\system32\Data\CTP4840W.DAT
d:\windows\system32\Data\CTP4850W.DAT
d:\windows\system32\Data\CTP4870W.DAT
d:\windows\system32\Data\CTP4871W.DAT
d:\windows\system32\Data\CTP4872W.DAT
d:\windows\system32\Data\CTP4875W.DAT
d:\windows\system32\Data\CTP4890W.DAT
d:\windows\system32\Data\CTP4891W.DAT
d:\windows\system32\Data\CTP4893W.DAT
d:\windows\system32\Data\CTPDXW.DAT
d:\windows\system32\Data\CTPM002W.DAT
d:\windows\system32\msconfig.exe
d:\windows\system32\wsodsini.dll
.
((((((((((((((((((((((((( Files Created from 2009-12-07 to 2010-01-07 )))))))))))))))))))))))))))))))
.
2010-01-07 04:11 . 2010-01-07 04:11
d
w- d:\program files\Trend Micro
2010-01-07 04:11 . 2010-01-07 04:11
d
w- d:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-07 04:11 . 2009-12-30 19:55 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 04:11 . 2010-01-07 04:11
d
w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-07 04:11 . 2009-12-30 19:54 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-01-07 04:11 . 2010-01-07 04:11
d
w- d:\program files\Malwarebytes' Anti-Malware
2010-01-06 21:11 . 2010-01-06 21:11
d
w- d:\documents and settings\Administrator\Local Settings\Application Data\COMODO
2010-01-06 21:08 . 2010-01-07 04:31 781137 ----a-w- d:\windows\system32\drivers\sfi.dat
2010-01-06 20:57 . 2010-01-06 21:09
d
w- d:\documents and settings\All Users\Application Data\Comodo
2010-01-06 20:57 . 2010-01-06 20:57 87104 ----a-w- d:\windows\system32\drivers\inspect.sys
2010-01-06 20:57 . 2010-01-06 20:57 25160 ----a-w- d:\windows\system32\drivers\cmdhlp.sys
2010-01-06 20:57 . 2010-01-06 20:57 171552 ----a-w- d:\windows\system32\guard32.dll
2010-01-06 20:57 . 2010-01-06 20:57 133064 ----a-w- d:\windows\system32\drivers\cmdguard.sys
2010-01-06 20:57 . 2010-01-06 20:57
d
w- d:\program files\COMODO
2010-01-06 20:38 . 2010-01-06 20:38
d
w- d:\program files\CCleaner
2010-01-06 20:26 . 2006-08-25 03:47 115880
w- d:\windows\system32\pxinsi64.exe
2010-01-06 20:26 . 2010-01-06 20:35
d
w- d:\program files\Winamp
2010-01-06 07:54 . 2010-01-06 07:54
d
w- d:\documents and settings\Administrator\Local Settings\Application Data\CAPCOM
2010-01-06 07:42 . 2010-01-06 07:42 8 ----a-w- d:\windows\system32\nvModes.dat
2010-01-06 07:34 . 2010-01-06 07:34
d
w- d:\program files\NVIDIA Corporation
2010-01-06 05:16 . 2010-01-06 05:16
d
w- d:\program files\Music Rescue
2010-01-06 05:16 . 2010-01-06 05:16
d
w- d:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2010-01-05 23:27 . 2010-01-05 23:27
d
w- d:\documents and settings\Administrator\Application Data\Ahead
2010-01-05 05:51 . 2008-04-14 15:42 159232 ----a-w- d:\windows\system32\ptpusd.dll
2010-01-05 05:51 . 2001-08-18 08:36 5632 ----a-w- d:\windows\system32\ptpusb.dll
2010-01-05 04:47 . 2010-01-06 20:41
d
w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-05 04:47 . 2010-01-05 06:07
d
w- d:\program files\Spybot - Search & Destroy
2010-01-04 09:15 . 2010-01-04 09:15 7252 ----a-w- d:\windows\system32\d3d9caps.dat
2010-01-04 09:13 . 2010-01-04 09:21
d
w- d:\windows\NV29123660.TMP
2010-01-04 09:09 . 2008-03-05 20:56 3786760 ----a-w- d:\windows\system32\D3DX9_37.dll
2010-01-04 09:09 . 2007-07-19 23:14 3727720 ----a-w- d:\windows\system32\d3dx9_35.dll
2010-01-04 09:09 . 2007-05-16 21:45 3497832 ----a-w- d:\windows\system32\d3dx9_34.dll
2010-01-04 09:09 . 2007-04-04 23:53 81768 ----a-w- d:\windows\system32\xinput1_3.dll
2010-01-04 09:09 . 2007-03-12 21:42 3495784 ----a-w- d:\windows\system32\d3dx9_33.dll
2010-01-04 09:09 . 2005-05-26 20:34 2297552 ----a-w- d:\windows\system32\d3dx9_26.dll
2010-01-04 08:31 . 2010-01-04 08:31 691696 ----a-w- d:\windows\system32\drivers\sptd.sys
2010-01-04 08:31 . 2010-01-04 08:31
d
w- d:\program files\DAEMON Tools Lite
2010-01-04 08:31 . 2010-01-04 09:08
d
w- d:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2010-01-04 08:31 . 2010-01-04 08:31
d
w- d:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-01-04 08:05 . 2010-01-04 08:05
d-sh--w- d:\documents and settings\NetworkService\IETldCache
2010-01-04 06:57 . 2010-01-04 06:57
d
w- d:\program files\Common Files\Adobe
2009-12-31 09:01 . 2009-12-31 16:17
d
w- d:\program files\Jakes Alarm Clock
2009-12-31 09:01 . 2009-12-31 09:01 2238 ----a-r- d:\documents and settings\Administrator\Application Data\Microsoft\Installer\{831FE36D-A720-4E0D-A229-84DC8B304591}\_69525f90.exe
2009-12-31 09:01 . 2009-12-31 09:01 2238 ----a-r- d:\documents and settings\Administrator\Application Data\Microsoft\Installer\{831FE36D-A720-4E0D-A229-84DC8B304591}\_5af141bb.exe
2009-12-31 09:01 . 2009-12-31 09:01 2238 ----a-r- d:\documents and settings\Administrator\Application Data\Microsoft\Installer\{831FE36D-A720-4E0D-A229-84DC8B304591}\_26e91eb.exe
2009-12-31 09:01 . 2009-12-31 09:01 2238 ----a-r- d:\documents and settings\Administrator\Application Data\Microsoft\Installer\{831FE36D-A720-4E0D-A229-84DC8B304591}\_16496df1.exe
2009-12-29 21:08 . 2010-01-05 06:02
d
w- d:\documents and settings\Administrator\Application Data\Apple Computer
2009-12-29 21:07 . 2009-05-18 19:17 26600 ----a-w- d:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-28 20:48 . 2009-12-28 20:48
d
w- d:\documents and settings\Administrator\Application Data\Thinstall
2009-12-28 20:46 . 2009-12-28 20:47
d
w- d:\documents and settings\Administrator\Application Data\Canon
2009-12-28 20:18 . 2009-12-28 20:19 1594549 ----a-w- d:\windows\WANEUninstaller.exe
2009-12-27 07:04 . 2009-12-27 07:04
d
w- D:\STEAM
2009-12-27 07:03 . 2009-12-27 07:03
d
w- d:\documents and settings\Administrator\Application Data\U3
2009-12-27 05:42 . 2001-01-13 04:37 294912 ----a-w- d:\windows\system32\Helios.scr
2009-12-27 03:52 . 2009-12-27 03:52
d
w- d:\program files\CleanUp!
2009-12-25 09:06 . 2009-12-25 09:06
d
w- d:\documents and settings\Administrator\Application Data\CyberLink
2009-12-25 08:50 . 2009-12-25 08:50
d
w- d:\documents and settings\Administrator\Local Settings\Application Data\Scansoft
2009-12-25 08:36 . 2003-06-18 22:31 18944 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2009-12-25 08:36 . 2003-06-18 22:31 17920 ----a-w- d:\windows\system32\mdimon.dll
2009-12-25 08:36 . 2009-12-25 08:36
d
w- d:\program files\Microsoft ActiveSync
2009-12-25 08:35 . 2009-12-25 08:35
d
w- d:\documents and settings\Administrator\Application Data\Logitech
2009-12-25 08:35 . 2009-12-25 08:36
d
w- d:\windows\SHELLNEW
2009-12-25 07:03 . 2009-12-27 04:38
d
w- d:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-12-25 06:48 . 2009-12-25 06:48
d
w- d:\documents and settings\Administrator\Local Settings\Application Data\Canon Easy-PhotoPrint EX
2009-12-25 00:27 . 2009-12-25 00:27
d
w- d:\documents and settings\Administrator\Local Settings\Application Data\Help
2009-12-23 19:35 . 2009-12-23 19:35
d
w- d:\documents and settings\All Users\Application Data\InstallShield
2009-12-23 19:35 . 2009-12-23 19:35
d
w- d:\documents and settings\Administrator\Application Data\ScanSoft
2009-12-23 19:35 . 2009-12-23 19:35
d
w- d:\documents and settings\All Users\Application Data\ScanSoft
2009-12-23 19:35 . 2009-12-23 19:35
d
w- d:\program files\Common Files\ScanSoft Shared
2009-12-23 19:35 . 2009-12-23 19:35
d
w- d:\program files\ScanSoft
2009-12-23 19:34 . 2009-12-23 19:34
d
w- d:\program files\Common Files\CANON
2009-12-23 19:24 . 2009-12-23 19:24
d--h--w- d:\documents and settings\All Users\Application Data\CanonBJ
2009-12-23 19:24 . 2007-04-02 05:00 69632 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\CNMPP8U.DLL
2009-12-23 19:24 . 2007-04-02 05:00 27136 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\CNMPD8U.DLL
2009-12-23 19:24 . 2007-04-02 05:00 215040 ----a-w- d:\windows\system32\CNMLM8U.DLL
2009-12-23 19:24 . 2009-12-23 19:24
d--h--w- d:\windows\system32\CanonIJ Uninstaller Information
2009-12-23 19:24 . 2007-03-23 16:29 98304 ----a-w- d:\windows\system32\CNC470I.DLL
2009-12-23 19:24 . 2007-03-19 10:21 200704 ----a-w- d:\windows\system32\CNC470L.DLL
2009-12-23 19:24 . 2007-03-15 14:12 188416 ----a-w- d:\windows\system32\CNC470O.DLL
2009-12-23 19:24 . 2007-03-23 16:30 1400832 ----a-w- d:\windows\system32\CNC470C.DLL
2009-12-23 19:24 . 2009-12-23 19:24
d--h--w- d:\program files\CanonBJ
2009-12-23 19:23 . 2009-12-23 19:39
d
w- d:\program files\Canon
2009-12-22 08:20 . 2009-12-22 08:20
d
w- d:\documents and settings\Administrator\Application Data\Media Player Classic
2009-12-22 08:19 . 2009-08-16 15:08 178176 ----a-w- d:\windows\system32\unrar.dll
2009-12-22 08:19 . 2009-05-29 21:37 205824 ----a-w- d:\windows\system32\xvidvfw.dll
2009-12-22 08:19 . 2009-05-29 21:31 881664 ----a-w- d:\windows\system32\xvidcore.dll
2009-12-22 08:19 . 2004-01-25 16:18 217088 ----a-w- d:\windows\system32\yv12vfw.dll
2009-12-22 08:19 . 2009-12-11 18:00 85504 ----a-w- d:\windows\system32\ff_vfw.dll
2009-12-22 08:19 . 2009-12-22 08:19
d
w- d:\program files\K-Lite Codec Pack
2009-12-21 09:47 . 2009-12-21 09:47
d
w- d:\documents and settings\Administrator\Application Data\DAEMON Tools
2009-12-21 08:59 . 2010-01-06 21:09
d
w- d:\documents and settings\Administrator\Tracing
2009-12-21 08:52 . 2010-01-06 07:32
d
w- d:\documents and settings\Administrator\Application Data\uTorrent
2009-12-21 08:50 . 2009-12-21 08:50
d
w- d:\program files\Microsoft
2009-12-21 08:49 . 2009-12-21 08:49
d
w- d:\program files\Windows Live SkyDrive
2009-12-21 08:49 . 2009-12-21 08:50
d
w- d:\program files\Windows Live
2009-12-21 08:47 . 2009-12-21 08:47
d
w- d:\documents and settings\Administrator\Local Settings\Application Data\Cooliris
2009-12-21 08:47 . 2009-10-20 18:33 545280 ----a-w- d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m92i2xz8.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-12-21 08:47 . 2009-10-20 18:33 103424 ----a-w- d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m92i2xz8.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-12-21 08:47 . 2009-10-20 18:33 4716544 ----a-w- d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m92i2xz8.default\extensions\piclens@cooliris.com\components\cooliris.dll
2009-12-21 08:47 . 2009-10-20 18:33 344064 ----a-w- d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m92i2xz8.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-12-21 08:47 . 2009-10-20 18:33 153600 ----a-w- d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m92i2xz8.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-12-21 08:45 . 2009-12-21 08:45
d
w- d:\program files\Common Files\Windows Live
2009-12-21 07:44 . 2008-04-14 03:42 26624 ----a-w- d:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-21 07:30 . 2009-12-21 07:30
d
w- d:\program files\Windows Media Connect 2
2009-12-21 07:29 . 2009-12-21 07:29
d
w- d:\windows\system32\drivers\UMDF
2009-12-21 07:29 . 2009-12-21 07:29
d
w- d:\windows\system32\LogFiles
2009-12-21 07:12 . 2009-12-21 07:12
d-sh--w- d:\documents and settings\Administrator\IECompatCache
2009-12-21 07:11 . 2009-12-21 07:11
d-sh--w- d:\documents and settings\Administrator\PrivacIE
2009-12-21 07:09 . 2009-12-21 07:09
d-sh--w- d:\documents and settings\Administrator\IETldCache
2009-12-21 07:01 . 2009-12-21 07:01
d
w- d:\program files\MSXML 4.0
2009-12-21 07:00 . 2009-10-29 07:45 12800
w- d:\windows\system32\dllcache\xpshims.dll
2009-12-21 07:00 . 2009-10-29 07:45 594432
w- d:\windows\system32\dllcache\msfeeds.dll
2009-12-21 07:00 . 2009-10-29 07:45 55296
w- d:\windows\system32\dllcache\msfeedsbs.dll
2009-12-21 07:00 . 2009-10-29 07:45 246272
w- d:\windows\system32\dllcache\ieproxy.dll
2009-12-21 07:00 . 2009-10-29 07:45 1985536
w- d:\windows\system32\dllcache\iertutil.dll
2009-12-21 07:00 . 2009-10-29 07:45 11069952
w- d:\windows\system32\dllcache\ieframe.dll
2009-12-21 07:00 . 2009-12-23 19:26
d--h--w- d:\windows\$hf_mig$
2009-12-21 07:00 . 2009-12-23 19:26
d
w- d:\windows\ie8updates
2009-12-21 07:00 . 2009-10-02 04:44 92160
w- d:\windows\system32\dllcache\iecompat.dll
2009-12-21 07:00 . 2009-01-07 23:21 26144 ----a-w- d:\windows\system32\spupdsvc.exe
2009-12-21 07:00 . 2009-12-21 07:00
dc-h--w- d:\windows\ie8
2009-12-21 06:51 . 2009-11-21 15:51 471552
w- d:\windows\system32\dllcache\aclayers.dll
2009-12-21 06:51 . 2009-10-13 10:30 270336
w- d:\windows\system32\dllcache\oakley.dll
2009-12-21 06:51 . 2009-10-12 13:38 149504
w- d:\windows\system32\dllcache\rastls.dll
2009-12-21 06:51 . 2009-10-12 13:38 79872
w- d:\windows\system32\dllcache\raschap.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 05:59 . 2009-12-29 21:06
d
w- d:\documents and settings\All Users\Application Data\Apple
2009-12-29 21:07 . 2009-12-29 21:07
d
w- d:\program files\iTunes
2009-12-29 21:07 . 2009-12-29 21:07
d
w- d:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-29 21:07 . 2009-12-29 21:07
d
w- d:\program files\iPod
2009-12-29 21:07 . 2009-12-29 20:44
d
w- d:\program files\Common Files\Apple
2009-12-29 21:07 . 2009-12-29 21:07
d
w- d:\documents and settings\All Users\Application Data\Apple Computer
2009-12-29 21:07 . 2009-12-29 21:07
d
w- d:\program files\Bonjour
2009-12-29 21:07 . 2009-12-29 21:07
d
w- d:\program files\QuickTime
2009-12-29 21:06 . 2009-12-29 21:06
d
w- d:\program files\Apple Software Update
2009-12-25 00:51 . 2009-12-25 00:50
d
w- d:\program files\Common Files\Logitech
2009-12-25 00:50 . 2009-12-25 00:50
d
w- d:\program files\Logitech
2009-12-25 00:50 . 2009-12-25 00:50 10134 ----a-r- d:\documents and settings\Administrator\Application Data\Microsoft\Installer\{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}\ARPPRODUCTICON.exe
2009-12-25 00:50 . 2009-12-21 04:58
d--h--w- d:\program files\InstallShield Installation Information
2009-12-23 19:35 . 2009-12-21 04:58
d
w- d:\program files\Common Files\InstallShield
2009-12-21 06:09 . 2009-12-21 06:09 4259840 ----a-w- d:\windows\system32\SET25.tmp
2009-12-21 06:09 . 2009-12-21 06:09 4259840 ----a-w- d:\windows\system32\SET24.tmp
2009-12-21 06:09 . 2009-12-21 06:09 4259840 ----a-w- d:\windows\system32\SET23.tmp
2009-12-21 06:09 . 2009-12-21 06:09 4259840 ----a-w- d:\windows\system32\SET22.tmp
2009-12-21 06:09 . 2009-12-21 06:09 4259840 ----a-w- d:\windows\system32\SET21.tmp
2009-12-21 06:09 . 2009-12-21 06:09 4259840 ----a-w- d:\windows\system32\SET20.tmp
2009-12-21 06:09 . 2009-12-21 06:09 4259840 ----a-w- d:\windows\system32\SET1F.tmp
2009-12-21 06:09 . 2009-12-21 06:09 4259840 ----a-w- d:\windows\system32\SET1E.tmp
2009-12-21 06:08 . 2009-12-21 06:08 4259840 ----a-w- d:\windows\system32\SET1D.tmp
2009-12-21 06:08 . 2009-12-21 06:08 4259840 ----a-w- d:\windows\system32\SET1C.tmp
2009-12-21 06:08 . 2009-12-21 06:08 4259840 ----a-w- d:\windows\system32\SET1B.tmp
2009-12-21 06:07 . 2009-12-21 06:07 4259840 ----a-w- d:\windows\system32\SET1A.tmp
2009-12-21 06:07 . 2009-12-21 06:07 4259840 ----a-w- d:\windows\system32\SET19.tmp
2009-12-21 06:04 . 2009-12-21 06:04 4259840 ----a-w- d:\windows\system32\SET18.tmp
2009-12-21 06:04 . 2009-12-21 06:04 4259840 ----a-w- d:\windows\system32\SET17.tmp
2009-12-21 06:04 . 2009-12-21 06:04 4259840 ----a-w- d:\windows\system32\SET16.tmp
2009-12-21 06:04 . 2009-12-21 06:04 4259840 ----a-w- d:\windows\system32\SET15.tmp
2009-12-21 06:04 . 2009-12-21 06:04 4259840 ----a-w- d:\windows\system32\SET14.tmp
2009-12-21 06:04 . 2009-12-21 06:04 4259840 ----a-w- d:\windows\system32\SET13.tmp
2009-12-21 06:04 . 2009-12-21 06:04 4259840 ----a-w- d:\windows\system32\SET12.tmp
2009-12-21 05:26 . 2009-12-21 05:26 184 ----a-w- d:\windows\system32\e000001.dat
2009-12-21 04:58 . 2009-12-21 04:58
d
w- d:\program files\Realtek
2009-12-21 04:58 . 2009-12-21 04:58
d
w- d:\documents and settings\Administrator\Application Data\InstallShield
2009-12-21 04:57 . 2009-12-21 04:55 15600 ----a-w- d:\windows\gdrv.sys
2009-12-21 04:54 . 2009-12-21 04:54
d
w- d:\program files\Intel
2009-12-21 04:53 . 2009-12-21 04:53
d
w- d:\program files\Gigabyte
2009-12-21 04:44 . 2009-12-21 04:44 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-11-21 15:51 . 2008-04-14 03:41 471552 ----a-w- d:\windows\AppPatch\aclayers.dll
2009-11-21 02:34 . 2009-12-21 05:29 6282752 ----a-w- d:\windows\system32\SET18E.tmp
2009-11-21 02:34 . 2009-12-21 05:29 1056768 ----a-w- d:\windows\system32\SET190.tmp
2009-11-21 01:32 . 2009-11-21 01:32 278120 ----a-w- d:\windows\system32\nvmccs.dll
2009-11-21 01:32 . 2009-11-21 01:32 154216 ----a-w- d:\windows\system32\nvsvc32.exe
2009-11-21 01:32 . 2009-11-21 01:32 145000 ----a-w- d:\windows\system32\nvcolor.exe
2009-11-21 01:32 . 2009-11-21 01:32 12669544 ----a-w- d:\windows\system32\nvcpl.dll
2009-11-21 01:32 . 2009-11-21 01:32 110184 ----a-w- d:\windows\system32\nvmctray.dll
2009-11-21 01:32 . 2009-11-21 01:32 81920 ----a-w- d:\windows\system32\nvwddi.dll
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 07:45 . 2009-09-14 05:56 916480 ----a-w- d:\windows\system32\wininet.dll
2009-10-13 10:30 . 2008-04-14 03:42 270336 ----a-w- d:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 03:42 149504 ----a-w- d:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 03:42 79872 ----a-w- d:\windows\system32\raschap.dll
.
Sigcheck
[-] 2009-09-14 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . d:\windows\system32\drivers\tcpip.sys
d:\windows\System32\wscntfy.exe ... is missing !!
d:\windows\System32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"PRONoMgr.exe"="d:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"CTSysVol"="d:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 57344]
"AVG9_TRAY"="d:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-31 2033432]
"CTHelper"="CTHELPER.EXE" [2003-06-20 24576]
"AsioReg"="CTASIO.DLL" [2003-06-20 118784]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 94208]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"COMODO Internet Security"="d:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-06 1800464]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
d:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-24 593920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= e:\picturesss\Random pictures\Hong Kong wallpaper.jpg
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-21 05:25 12464 ----a-w- d:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=d:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-28 00:03 152872 ----a-w- d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-04 01:50 1603152 ----a-w- d:\program files\Canon\MyPrinter\BJMYPRT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- d:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- d:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2006-05-17 19:18 480816 ----a-w- d:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2006-05-17 15:12 243248 ----a-w- d:\program files\Common Files\Logitech\LComMgr\LVComSX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- d:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 20:57 153136 ----a-w- d:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 17:02 79400 ----a-w- d:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- d:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 01:24 32768 ----a-w- d:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
2002-12-03 23:06 45056 ----a-w- d:\program files\Creative\SB Drive Det\SBDrvDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- d:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
2006-05-24 18:31 1372160 ----a-w- d:\program files\TGTSoft\StyleXP\StyleXP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112
w- d:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StyleXPService"=2 (0x2)
"ose"=3 (0x3)
"IJPLMSVC"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\akchan36@hotmail.com\\counter-strike\\hl.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
R0 sptd;sptd;d:\windows\System32\Drivers\sptd.sys [2010-01-04 691696]
R3 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\mbamswissarmy.sys [2009-12-30 38224]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\System32\Drivers\avgldx86.sys [2009-12-21 333192]
S1 AvgTdiX;AVG Free Network Redirector;d:\windows\System32\Drivers\avgtdix.sys [2009-12-21 360584]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;d:\windows\system32\DRIVERS\cmdguard.sys [2010-01-06 133064]
S1 cmdHlp;COMODO Internet Security Helper Driver;d:\windows\system32\DRIVERS\cmdhlp.sys [2010-01-06 25160]
S2 avg9emc;AVG Free E-mail Scanner;d:\program files\AVG\AVG9\avgemc.exe [2009-12-21 906520]
S2 avg9wd;AVG Free WatchDog;d:\program files\AVG\AVG9\avgwdsvc.exe [2009-12-21 285392]
S2 LBeepKE;LBeepKE;d:\windows\system32\Drivers\LBeepKE.sys [2006-05-25 3712]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m92i2xz8.default\
FF - component: d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m92i2xz8.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - component: d:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m92i2xz8.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-NVIDIA Display Control Panel - d:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-57989841-1035525444-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,02,9c,2a,6d,7e,e2,4f,88,81,bc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,02,9c,2a,6d,7e,e2,4f,88,81,bc,\
.
Completion time: 2010-01-06 23:38:52
ComboFix-quarantined-files.txt 2010-01-07 04:38
Pre-Run: 25,047,560,192 bytes free
Post-Run: 25,016,213,504 bytes free
- - End Of File - - 9C4807F74A724B2060404CA6F65E86EF
Hope this help you to help me
my ver. of xp is tweaked a bit fyiLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:25 AM, on 1/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\AVG\AVG9\avgchsvx.exe
D:\Program Files\AVG\AVG9\avgrsx.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
D:\PROGRA~1\AVG\AVG9\avgtray.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\COMODO\COMODO Internet Security\cfp.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\AVG\AVG9\avgwdsvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\AVG\AVG9\avgemc.exe
D:\Program Files\AVG\AVG9\avgnsx.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PRONoMgr.exe] D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AVG9_TRAY] D:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261372127750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261596103937
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: CiSvc - Unknown owner - D:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: ClipSrv - Unknown owner - D:\WINDOWS\system32\clipsrv.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - D:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - E:\PICTURESSS\Random pictures\Hong Kong wallpaper.jpg
--
End of file - 6196 bytes
Combofix
ComboFix 10-01-04.01 - Administrator 01/06/2010 23:24:10.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2574 [GMT -5:00]
Running from: d:\documents and settings\Administrator\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\windows\system32\Data
d:\windows\system32\Data\CT0060W.DAT
d:\windows\system32\Data\CTP0060W.DAT
d:\windows\system32\Data\CTP0061W.DAT
d:\windows\system32\Data\CTP0070W.DAT
d:\windows\system32\Data\CTP0073W.DAT
d:\windows\system32\Data\CTP0090W.DAT
d:\windows\system32\Data\CTP0091W.DAT
d:\windows\system32\Data\CTP0092W.DAT
d:\windows\system32\Data\CTP0095W.DAT
d:\windows\system32\Data\CTP0100W.DAT
d:\windows\system32\Data\CTP0101W.DAT
d:\windows\system32\Data\CTP0102W.DAT
d:\windows\system32\Data\CTP0103W.DAT
d:\windows\system32\Data\CTP0105W.DAT
d:\windows\system32\Data\CTP0150W.DAT
d:\windows\system32\Data\CTP0161W.DAT
d:\windows\system32\Data\CTP0162W.DAT
d:\windows\system32\Data\CTP0170W.DAT
d:\windows\system32\Data\CTP017AW.DAT
d:\windows\system32\Data\CTP017BW.DAT
d:\windows\system32\Data\CTP017CW.DAT
d:\windows\system32\Data\CTP017DW.DAT
d:\windows\system32\Data\CTP017EW.DAT
d:\windows\system32\Data\CTP017FW.DAT
d:\windows\system32\Data\CTP017GW.DAT
d:\windows\system32\Data\CTP017HW.DAT
d:\windows\system32\Data\CTP0191W.DAT
d:\windows\system32\Data\CTP0192W.DAT
d:\windows\system32\Data\CTP0221W.DAT
d:\windows\system32\Data\CTP0222W.DAT
d:\windows\system32\Data\CTP0230W.DAT
d:\windows\system32\Data\CTP0231W.DAT
d:\windows\system32\Data\CTP0232W.DAT
d:\windows\system32\Data\CTP0238W.DAT
d:\windows\system32\Data\CTP0240W.DAT
d:\windows\system32\Data\CTP0242W.DAT
d:\windows\system32\Data\CTP0243W.DAT
d:\windows\system32\Data\CTP0244W.DAT
d:\windows\system32\Data\CTP0280W.DAT
d:\windows\system32\Data\CTP0320W.DAT
d:\windows\system32\Data\CTP0350W.DAT
d:\windows\system32\Data\CTP0352W.DAT
d:\windows\system32\Data\CTP0360W.DAT
d:\windows\system32\Data\CTP1140W.DAT
d:\windows\system32\Data\CTP4620W.DAT
d:\windows\system32\Data\CTP4670W.DAT
d:\windows\system32\Data\CTP4760W.DAT
d:\windows\system32\Data\CTP4780W.DAT
d:\windows\system32\Data\CTP4790W.DAT
d:\windows\system32\Data\CTP4820W.DAT
d:\windows\system32\Data\CTP4830W.DAT
d:\windows\system32\Data\CTP4831W.DAT
d:\windows\system32\Data\CTP4832W.DAT
d:\windows\system32\Data\CTP4840W.DAT
d:\windows\system32\Data\CTP4850W.DAT
d:\windows\system32\Data\CTP4870W.DAT
d:\windows\system32\Data\CTP4871W.DAT
d:\windows\system32\Data\CTP4872W.DAT
d:\windows\system32\Data\CTP4875W.DAT
d:\windows\system32\Data\CTP4890W.DAT
d:\windows\system32\Data\CTP4891W.DAT
d:\windows\system32\Data\CTP4893W.DAT
d:\windows\system32\Data\CTPDXW.DAT
d:\windows\system32\Data\CTPM002W.DAT
d:\windows\system32\msconfig.exe
d:\windows\system32\wsodsini.dll
.
((((((((((((((((((((((((( Files Created from 2009-12-07 to 2010-01-07 )))))))))))))))))))))))))))))))
.
2010-01-07 04:11 . 2010-01-07 04:11
d
w- d:\program files\Trend Micro
2010-01-07 04:11 . 2010-01-07 04:11
d
w- d:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-07 04:11 . 2009-12-30 19:55 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 04:11 . 2010-01-07 04:11
d
w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-07 04:11 . 2009-12-30 19:54 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-01-07 04:11 . 2010-01-07 04:11
d
w- d:\program files\Malwarebytes' Anti-Malware
2010-01-06 21:11 . 2010-01-06 21:11
d
w- d:\documents and settings\Administrator\Local Settings\Application Data\COMODO
2010-01-06 21:08 . 2010-01-07 04:31 781137 ----a-w- d:\windows\system32\drivers\sfi.dat
2010-01-06 20:57 . 2010-01-06 21:09
d
w- d:\documents and settings\All Users\Application Data\Comodo
2010-01-06 20:57 . 2010-01-06 20:57 87104 ----a-w- d:\windows\system32\drivers\inspect.sys
2010-01-06 20:57 . 2010-01-06 20:57 25160 ----a-w- d:\windows\system32\drivers\cmdhlp.sys
2010-01-06 20:57 . 2010-01-06 20:57 171552 ----a-w- d:\windows\system32\guard32.dll
2010-01-06 20:57 . 2010-01-06 20:57 133064 ----a-w- d:\windows\system32\drivers\cmdguard.sys
2010-01-06 20:57 . 2010-01-06 20:57
d
w- d:\program files\COMODO
2010-01-06 20:38 . 2010-01-06 20:38
d
w- d:\program files\CCleaner
2010-01-06 20:26 . 2006-08-25 03:47 115880
w- d:\windows\system32\pxinsi64.exe
2010-01-06 20:26 . 2010-01-06 20:35
d
w- d:\program files\Winamp
2010-01-06 07:54 . 2010-01-06 07:54
d
w- d:\documents and settings\Administrator\Local Settings\Application Data\CAPCOM
2010-01-06 07:42 . 2010-01-06 07:42 8 ----a-w- d:\windows\system32\nvModes.dat
2010-01-06 07:34 . 2010-01-06 07:34
d
w- d:\program files\NVIDIA Corporation
2010-01-06 05:16 . 2010-01-06 05:16
d
w- d:\program files\Music Rescue
2010-01-06 05:16 . 2010-01-06 05:16
d
w- d:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2010-01-05 23:27 . 2010-01-05 23:27
d
w- d:\documents and settings\Administrator\Application Data\Ahead
2010-01-05 05:51 . 2008-04-14 15:42 159232 ----a-w- d:\windows\system32\ptpusd.dll
2010-01-05 05:51 . 2001-08-18 08:36 5632 ----a-w- d:\windows\system32\ptpusb.dll
2010-01-05 04:47 . 2010-01-06 20:41
d
w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-05 04:47 . 2010-01-05 06:07
d
w- d:\program files\Spybot - Search & Destroy
2010-01-04 09:15 . 2010-01-04 09:15 7252 ----a-w- d:\windows\system32\d3d9caps.dat
2010-01-04 09:13 . 2010-01-04 09:21
d
w- d:\windows\NV29123660.TMP
2010-01-04 09:09 . 2008-03-05 20:56 3786760 ----a-w- d:\windows\system32\D3DX9_37.dll
2010-01-04 09:09 . 2007-07-19 23:14 3727720 ----a-w- d:\windows\system32\d3dx9_35.dll
2010-01-04 09:09 . 2007-05-16 21:45 3497832 ----a-w- d:\windows\system32\d3dx9_34.dll
2010-01-04 09:09 . 2007-04-04 23:53 81768 ----a-w- d:\windows\system32\xinput1_3.dll
2010-01-04 09:09 . 2007-03-12 21:42 3495784 ----a-w- d:\windows\system32\d3dx9_33.dll
2010-01-04 09:09 . 2005-05-26 20:34 2297552 ----a-w- d:\windows\system32\d3dx9_26.dll
2010-01-04 08:31 . 2010-01-04 08:31 691696 ----a-w- d:\windows\system32\drivers\sptd.sys
2010-01-04 08:31 . 2010-01-04 08:31
d
w- d:\program files\DAEMON Tools Lite
2010-01-04 08:31 . 2010-01-04 09:08
d
w- d:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2010-01-04 08:31 . 2010-01-04 08:31
d
w- d:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-01-04 08:05 . 2010-01-04 08:05
d-sh--w- d:\documents and settings\NetworkService\IETldCache
2010-01-04 06:57 . 2010-01-04 06:57
d
w- d:\program files\Common Files\Adobe
2009-12-31 09:01 . 2009-12-31 16:17
d
w- d:\program files\Jakes Alarm Clock
2009-12-31 09:01 . 2009-12-31 09:01 2238 ----a-r- d:\documents and settings\Administrator\Application Data\Microsoft\Installer\{831FE36D-A720-4E0D-A229-84DC8B304591}\_69525f90.exe
2009-12-31 09:01 . 2009-12-31 09:01 2238 ----a-r- d:\documents and settings\Administrator\Application Data\Microsoft\Installer\{831FE36D-A720-4E0D-A229-84DC8B304591}\_5af141bb.exe
2009-12-31 09:01 . 2009-12-31 09:01 2238 ----a-r- d:\documents and settings\Administrator\Application Data\Microsoft\Installer\{831FE36D-A720-4E0D-A229-84DC8B304591}\_26e91eb.exe
2009-12-31 09:01 . 2009-12-31 09:01 2238 ----a-r- d:\documents and settings\Administrator\Application Data\Microsoft\Installer\{831FE36D-A720-4E0D-A229-84DC8B304591}\_16496df1.exe
2009-12-29 21:08 . 2010-01-05 06:02
d
w- d:\documents and settings\Administrator\Application Data\Apple Computer
2009-12-29 21:07 . 2009-05-18 19:17 26600 ----a-w- d:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-28 20:48 . 2009-12-28 20:48
d
w- d:\documents and settings\Administrator\Application Data\Thinstall
2009-12-28 20:46 . 2009-12-28 20:47
d
w- d:\documents and settings\Administrator\Application Data\Canon
2009-12-28 20:18 . 2009-12-28 20:19 1594549 ----a-w- d:\windows\WANEUninstaller.exe
2009-12-27 07:04 . 2009-12-27 07:04
d
w- D:\STEAM
2009-12-27 07:03 . 2009-12-27 07:03
d
w- d:\documents and settings\Administrator\Application Data\U3
2009-12-27 05:42 . 2001-01-13 04:37 294912 ----a-w- d:\windows\system32\Helios.scr
2009-12-27 03:52 . 2009-12-27 03:52
d
w- d:\program files\CleanUp!
2009-12-25 09:06 . 2009-12-25 09:06
d
w- d:\documents and settings\Administrator\Application Data\CyberLink
2009-12-25 08:50 . 2009-12-25 08:50
d
w- d:\documents and settings\Administrator\Local Settings\Application Data\Scansoft
2009-12-25 08:36 . 2003-06-18 22:31 18944 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2009-12-25 08:36 . 2003-06-18 22:31 17920 ----a-w- d:\windows\system32\mdimon.dll
2009-12-25 08:36 . 2009-12-25 08:36
d
w- d:\program files\Microsoft ActiveSync
2009-12-25 08:35 . 2009-12-25 08:35
d
w- d:\documents and settings\Administrator\Application Data\Logitech
2009-12-25 08:35 . 2009-12-25 08:36
d
w- d:\windows\SHELLNEW
2009-12-25 07:03 . 2009-12-27 04:38
d
w- d:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-12-25 06:48 . 2009-12-25 06:48
d
w- d:\documents and settings\Administrator\Local Settings\Application Data\Canon Easy-PhotoPrint EX
2009-12-25 00:27 . 2009-12-25 00:27
d
w- d:\documents and settings\Administrator\Local Settings\Application Data\Help
2009-12-23 19:35 . 2009-12-23 19:35
d
w- d:\documents and settings\All Users\Application Data\InstallShield
2009-12-23 19:35 . 2009-12-23 19:35
d
w- d:\documents and settings\Administrator\Application Data\ScanSoft
2009-12-23 19:35 . 2009-12-23 19:35
d
w- d:\documents and settings\All Users\Application Data\ScanSoft
2009-12-23 19:35 . 2009-12-23 19:35
d
w- d:\program files\Common Files\ScanSoft Shared
2009-12-23 19:35 . 2009-12-23 19:35
d
w- d:\program files\ScanSoft
2009-12-23 19:34 . 2009-12-23 19:34
d
w- d:\program files\Common Files\CANON
2009-12-23 19:24 . 2009-12-23 19:24
d--h--w- d:\documents and settings\All Users\Application Data\CanonBJ
2009-12-23 19:24 . 2007-04-02 05:00 69632 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\CNMPP8U.DLL
2009-12-23 19:24 . 2007-04-02 05:00 27136 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\CNMPD8U.DLL
2009-12-23 19:24 . 2007-04-02 05:00 215040 ----a-w- d:\windows\system32\CNMLM8U.DLL
2009-12-23 19:24 . 2009-12-23 19:24
d--h--w- d:\windows\system32\CanonIJ Uninstaller Information
2009-12-23 19:24 . 2007-03-23 16:29 98304 ----a-w- d:\windows\system32\CNC470I.DLL
2009-12-23 19:24 . 2007-03-19 10:21 200704 ----a-w- d:\windows\system32\CNC470L.DLL
2009-12-23 19:24 . 2007-03-15 14:12 188416 ----a-w- d:\windows\system32\CNC470O.DLL
2009-12-23 19:24 . 2007-03-23 16:30 1400832 ----a-w- d:\windows\system32\CNC470C.DLL
2009-12-23 19:24 . 2009-12-23 19:24
d--h--w- d:\program files\CanonBJ
2009-12-23 19:23 . 2009-12-23 19:39
d
w- d:\program files\Canon
2009-12-22 08:20 . 2009-12-22 08:20
d
w- d:\documents and settings\Administrator\Application Data\Media Player Classic
2009-12-22 08:19 . 2009-08-16 15:08 178176 ----a-w- d:\windows\system32\unrar.dll
2009-12-22 08:19 . 2009-05-29 21:37 205824 ----a-w- d:\windows\system32\xvidvfw.dll
2009-12-22 08:19 . 2009-05-29 21:31 881664 ----a-w- d:\windows\system32\xvidcore.dll
2009-12-22 08:19 . 2004-01-25 16:18 217088 ----a-w- d:\windows\system32\yv12vfw.dll
2009-12-22 08:19 . 2009-12-11 18:00 85504 ----a-w- d:\windows\system32\ff_vfw.dll
2009-12-22 08:19 . 2009-12-22 08:19
d
w- d:\program files\K-Lite Codec Pack
2009-12-21 09:47 . 2009-12-21 09:47
d
w- d:\documents and settings\Administrator\Application Data\DAEMON Tools
2009-12-21 08:59 . 2010-01-06 21:09
d
w- d:\documents and settings\Administrator\Tracing
2009-12-21 08:52 . 2010-01-06 07:32
d
w- d:\documents and settings\Administrator\Application Data\uTorrent
2009-12-21 08:50 . 2009-12-21 08:50
d
w- d:\program files\Microsoft
2009-12-21 08:49 . 2009-12-21 08:49
d
w- d:\program files\Windows Live SkyDrive
2009-12-21 08:49 . 2009-12-21 08:50
d
w- d:\program files\Windows Live
2009-12-21 08:47 . 2009-12-21 08:47
d
w- d:\documents and settings\Administrator\Local Settings\Application Data\Cooliris
2009-12-21 08:47 . 2009-10-20 18:33 545280 ----a-w- d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m92i2xz8.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-12-21 08:47 . 2009-10-20 18:33 103424 ----a-w- d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m92i2xz8.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-12-21 08:47 . 2009-10-20 18:33 4716544 ----a-w- d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m92i2xz8.default\extensions\piclens@cooliris.com\components\cooliris.dll
2009-12-21 08:47 . 2009-10-20 18:33 344064 ----a-w- d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m92i2xz8.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-12-21 08:47 . 2009-10-20 18:33 153600 ----a-w- d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m92i2xz8.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-12-21 08:45 . 2009-12-21 08:45
d
w- d:\program files\Common Files\Windows Live
2009-12-21 07:44 . 2008-04-14 03:42 26624 ----a-w- d:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-21 07:30 . 2009-12-21 07:30
d
w- d:\program files\Windows Media Connect 2
2009-12-21 07:29 . 2009-12-21 07:29
d
w- d:\windows\system32\drivers\UMDF
2009-12-21 07:29 . 2009-12-21 07:29
d
w- d:\windows\system32\LogFiles
2009-12-21 07:12 . 2009-12-21 07:12
d-sh--w- d:\documents and settings\Administrator\IECompatCache
2009-12-21 07:11 . 2009-12-21 07:11
d-sh--w- d:\documents and settings\Administrator\PrivacIE
2009-12-21 07:09 . 2009-12-21 07:09
d-sh--w- d:\documents and settings\Administrator\IETldCache
2009-12-21 07:01 . 2009-12-21 07:01
d
w- d:\program files\MSXML 4.0
2009-12-21 07:00 . 2009-10-29 07:45 12800
w- d:\windows\system32\dllcache\xpshims.dll
2009-12-21 07:00 . 2009-10-29 07:45 594432
w- d:\windows\system32\dllcache\msfeeds.dll
2009-12-21 07:00 . 2009-10-29 07:45 55296
w- d:\windows\system32\dllcache\msfeedsbs.dll
2009-12-21 07:00 . 2009-10-29 07:45 246272
w- d:\windows\system32\dllcache\ieproxy.dll
2009-12-21 07:00 . 2009-10-29 07:45 1985536
w- d:\windows\system32\dllcache\iertutil.dll
2009-12-21 07:00 . 2009-10-29 07:45 11069952
w- d:\windows\system32\dllcache\ieframe.dll
2009-12-21 07:00 . 2009-12-23 19:26
d--h--w- d:\windows\$hf_mig$
2009-12-21 07:00 . 2009-12-23 19:26
d
w- d:\windows\ie8updates
2009-12-21 07:00 . 2009-10-02 04:44 92160
w- d:\windows\system32\dllcache\iecompat.dll
2009-12-21 07:00 . 2009-01-07 23:21 26144 ----a-w- d:\windows\system32\spupdsvc.exe
2009-12-21 07:00 . 2009-12-21 07:00
dc-h--w- d:\windows\ie8
2009-12-21 06:51 . 2009-11-21 15:51 471552
w- d:\windows\system32\dllcache\aclayers.dll
2009-12-21 06:51 . 2009-10-13 10:30 270336
w- d:\windows\system32\dllcache\oakley.dll
2009-12-21 06:51 . 2009-10-12 13:38 149504
w- d:\windows\system32\dllcache\rastls.dll
2009-12-21 06:51 . 2009-10-12 13:38 79872
w- d:\windows\system32\dllcache\raschap.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 05:59 . 2009-12-29 21:06
d
w- d:\documents and settings\All Users\Application Data\Apple
2009-12-29 21:07 . 2009-12-29 21:07
d
w- d:\program files\iTunes
2009-12-29 21:07 . 2009-12-29 21:07
d
w- d:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-29 21:07 . 2009-12-29 21:07
d
w- d:\program files\iPod
2009-12-29 21:07 . 2009-12-29 20:44
d
w- d:\program files\Common Files\Apple
2009-12-29 21:07 . 2009-12-29 21:07
d
w- d:\documents and settings\All Users\Application Data\Apple Computer
2009-12-29 21:07 . 2009-12-29 21:07
d
w- d:\program files\Bonjour
2009-12-29 21:07 . 2009-12-29 21:07
d
w- d:\program files\QuickTime
2009-12-29 21:06 . 2009-12-29 21:06
d
w- d:\program files\Apple Software Update
2009-12-25 00:51 . 2009-12-25 00:50
d
w- d:\program files\Common Files\Logitech
2009-12-25 00:50 . 2009-12-25 00:50
d
w- d:\program files\Logitech
2009-12-25 00:50 . 2009-12-25 00:50 10134 ----a-r- d:\documents and settings\Administrator\Application Data\Microsoft\Installer\{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}\ARPPRODUCTICON.exe
2009-12-25 00:50 . 2009-12-21 04:58
d--h--w- d:\program files\InstallShield Installation Information
2009-12-23 19:35 . 2009-12-21 04:58
d
w- d:\program files\Common Files\InstallShield
2009-12-21 06:09 . 2009-12-21 06:09 4259840 ----a-w- d:\windows\system32\SET25.tmp
2009-12-21 06:09 . 2009-12-21 06:09 4259840 ----a-w- d:\windows\system32\SET24.tmp
2009-12-21 06:09 . 2009-12-21 06:09 4259840 ----a-w- d:\windows\system32\SET23.tmp
2009-12-21 06:09 . 2009-12-21 06:09 4259840 ----a-w- d:\windows\system32\SET22.tmp
2009-12-21 06:09 . 2009-12-21 06:09 4259840 ----a-w- d:\windows\system32\SET21.tmp
2009-12-21 06:09 . 2009-12-21 06:09 4259840 ----a-w- d:\windows\system32\SET20.tmp
2009-12-21 06:09 . 2009-12-21 06:09 4259840 ----a-w- d:\windows\system32\SET1F.tmp
2009-12-21 06:09 . 2009-12-21 06:09 4259840 ----a-w- d:\windows\system32\SET1E.tmp
2009-12-21 06:08 . 2009-12-21 06:08 4259840 ----a-w- d:\windows\system32\SET1D.tmp
2009-12-21 06:08 . 2009-12-21 06:08 4259840 ----a-w- d:\windows\system32\SET1C.tmp
2009-12-21 06:08 . 2009-12-21 06:08 4259840 ----a-w- d:\windows\system32\SET1B.tmp
2009-12-21 06:07 . 2009-12-21 06:07 4259840 ----a-w- d:\windows\system32\SET1A.tmp
2009-12-21 06:07 . 2009-12-21 06:07 4259840 ----a-w- d:\windows\system32\SET19.tmp
2009-12-21 06:04 . 2009-12-21 06:04 4259840 ----a-w- d:\windows\system32\SET18.tmp
2009-12-21 06:04 . 2009-12-21 06:04 4259840 ----a-w- d:\windows\system32\SET17.tmp
2009-12-21 06:04 . 2009-12-21 06:04 4259840 ----a-w- d:\windows\system32\SET16.tmp
2009-12-21 06:04 . 2009-12-21 06:04 4259840 ----a-w- d:\windows\system32\SET15.tmp
2009-12-21 06:04 . 2009-12-21 06:04 4259840 ----a-w- d:\windows\system32\SET14.tmp
2009-12-21 06:04 . 2009-12-21 06:04 4259840 ----a-w- d:\windows\system32\SET13.tmp
2009-12-21 06:04 . 2009-12-21 06:04 4259840 ----a-w- d:\windows\system32\SET12.tmp
2009-12-21 05:26 . 2009-12-21 05:26 184 ----a-w- d:\windows\system32\e000001.dat
2009-12-21 04:58 . 2009-12-21 04:58
d
w- d:\program files\Realtek
2009-12-21 04:58 . 2009-12-21 04:58
d
w- d:\documents and settings\Administrator\Application Data\InstallShield
2009-12-21 04:57 . 2009-12-21 04:55 15600 ----a-w- d:\windows\gdrv.sys
2009-12-21 04:54 . 2009-12-21 04:54
d
w- d:\program files\Intel
2009-12-21 04:53 . 2009-12-21 04:53
d
w- d:\program files\Gigabyte
2009-12-21 04:44 . 2009-12-21 04:44 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-11-21 15:51 . 2008-04-14 03:41 471552 ----a-w- d:\windows\AppPatch\aclayers.dll
2009-11-21 02:34 . 2009-12-21 05:29 6282752 ----a-w- d:\windows\system32\SET18E.tmp
2009-11-21 02:34 . 2009-12-21 05:29 1056768 ----a-w- d:\windows\system32\SET190.tmp
2009-11-21 01:32 . 2009-11-21 01:32 278120 ----a-w- d:\windows\system32\nvmccs.dll
2009-11-21 01:32 . 2009-11-21 01:32 154216 ----a-w- d:\windows\system32\nvsvc32.exe
2009-11-21 01:32 . 2009-11-21 01:32 145000 ----a-w- d:\windows\system32\nvcolor.exe
2009-11-21 01:32 . 2009-11-21 01:32 12669544 ----a-w- d:\windows\system32\nvcpl.dll
2009-11-21 01:32 . 2009-11-21 01:32 110184 ----a-w- d:\windows\system32\nvmctray.dll
2009-11-21 01:32 . 2009-11-21 01:32 81920 ----a-w- d:\windows\system32\nvwddi.dll
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 07:45 . 2009-09-14 05:56 916480 ----a-w- d:\windows\system32\wininet.dll
2009-10-13 10:30 . 2008-04-14 03:42 270336 ----a-w- d:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 03:42 149504 ----a-w- d:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 03:42 79872 ----a-w- d:\windows\system32\raschap.dll
.
Sigcheck
[-] 2009-09-14 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . d:\windows\system32\drivers\tcpip.sys
d:\windows\System32\wscntfy.exe ... is missing !!
d:\windows\System32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"PRONoMgr.exe"="d:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"CTSysVol"="d:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 57344]
"AVG9_TRAY"="d:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-31 2033432]
"CTHelper"="CTHELPER.EXE" [2003-06-20 24576]
"AsioReg"="CTASIO.DLL" [2003-06-20 118784]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 94208]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"COMODO Internet Security"="d:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-06 1800464]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
d:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-24 593920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= e:\picturesss\Random pictures\Hong Kong wallpaper.jpg
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-21 05:25 12464 ----a-w- d:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=d:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-28 00:03 152872 ----a-w- d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-04 01:50 1603152 ----a-w- d:\program files\Canon\MyPrinter\BJMYPRT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- d:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- d:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2006-05-17 19:18 480816 ----a-w- d:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2006-05-17 15:12 243248 ----a-w- d:\program files\Common Files\Logitech\LComMgr\LVComSX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- d:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 20:57 153136 ----a-w- d:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 17:02 79400 ----a-w- d:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- d:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 01:24 32768 ----a-w- d:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
2002-12-03 23:06 45056 ----a-w- d:\program files\Creative\SB Drive Det\SBDrvDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- d:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
2006-05-24 18:31 1372160 ----a-w- d:\program files\TGTSoft\StyleXP\StyleXP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112
w- d:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StyleXPService"=2 (0x2)
"ose"=3 (0x3)
"IJPLMSVC"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\akchan36@hotmail.com\\counter-strike\\hl.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
R0 sptd;sptd;d:\windows\System32\Drivers\sptd.sys [2010-01-04 691696]
R3 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\mbamswissarmy.sys [2009-12-30 38224]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\System32\Drivers\avgldx86.sys [2009-12-21 333192]
S1 AvgTdiX;AVG Free Network Redirector;d:\windows\System32\Drivers\avgtdix.sys [2009-12-21 360584]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;d:\windows\system32\DRIVERS\cmdguard.sys [2010-01-06 133064]
S1 cmdHlp;COMODO Internet Security Helper Driver;d:\windows\system32\DRIVERS\cmdhlp.sys [2010-01-06 25160]
S2 avg9emc;AVG Free E-mail Scanner;d:\program files\AVG\AVG9\avgemc.exe [2009-12-21 906520]
S2 avg9wd;AVG Free WatchDog;d:\program files\AVG\AVG9\avgwdsvc.exe [2009-12-21 285392]
S2 LBeepKE;LBeepKE;d:\windows\system32\Drivers\LBeepKE.sys [2006-05-25 3712]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m92i2xz8.default\
FF - component: d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m92i2xz8.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - component: d:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m92i2xz8.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-NVIDIA Display Control Panel - d:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-57989841-1035525444-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,02,9c,2a,6d,7e,e2,4f,88,81,bc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,02,9c,2a,6d,7e,e2,4f,88,81,bc,\
.
Completion time: 2010-01-06 23:38:52
ComboFix-quarantined-files.txt 2010-01-07 04:38
Pre-Run: 25,047,560,192 bytes free
Post-Run: 25,016,213,504 bytes free
- - End Of File - - 9C4807F74A724B2060404CA6F65E86EF
0
Comments