Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS.tdl4 infection on a 64-bit Windows 7 machine


  • Please log in to reply
14 replies to this topic

#1 tdl4_sadface

tdl4_sadface

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 13 December 2010 - 10:20 PM

Here are the logs from the requested scans.

I should note that even though I did not post a gmer scan, I was unable to check several of the options that are normally requested. Almost all of the options are grayed out. (I'm assuming this has something to do with my OS being Windows 7 x64?)


DDS Log:



DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Mashkhith at 22:08:31.77 on Mon 12/13/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2763 [GMT -5:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Mashkhith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mashkhith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mashkhith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mashkhith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Mashkhith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mashkhith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mashkhith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mashkhith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mashkhith\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=101912&l=dis
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Google Update] "C:\Users\Mashkhith\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
mRun-x64: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-25 203776]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2010-12-13 46136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-11-25 8120320]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-11-25 289792]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-13 79360]

=============== Created Last 30 ================

2010-12-14 01:31:41 -------- d-----w- C:\Program Files (x86)\Nero
2010-12-14 01:31:33 -------- d-----w- C:\PROGRA~3\Nero
2010-12-14 01:19:28 -------- d-----w- C:\Program Files (x86)\Ask.com
2010-12-14 01:19:17 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2010-12-14 01:19:03 3497832 ----a-w- C:\Windows\SysWow64\d3dx9_34.dll
2010-12-14 01:18:23 -------- d-----w- C:\Windows\Panther
2010-12-14 00:49:53 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{4E857D14-33F7-4F25-9A63-1143FE6F83A3}\mpengine.dll
2010-12-13 23:51:51 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-13 23:45:03 98816 ----a-w- C:\Windows\sed.exe
2010-12-13 23:45:03 89088 ----a-w- C:\Windows\MBR.exe
2010-12-13 23:45:03 256512 ----a-w- C:\Windows\PEV.exe
2010-12-13 23:45:03 161792 ----a-w- C:\Windows\SWREG.exe
2010-12-13 23:29:07 0 ----a-w- C:\Windows\ativpsrm.bin
2010-12-13 23:27:06 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2010-12-13 23:27:06 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2010-12-13 23:27:06 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2010-12-13 23:27:06 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2010-12-13 23:27:04 2902495 ------w- C:\Windows\SysWow64\Sens_oal.dll
2010-12-13 23:27:04 1939968 ------w- C:\Windows\System32\Sens_oal.dll
2010-12-13 23:26:47 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared
2010-12-13 23:26:38 -------- d-----w- C:\Program Files\Creative
2010-12-13 23:26:35 -------- d-----w- C:\Program Files (x86)\Creative
2010-12-13 23:26:29 -------- d-----w- C:\Program Files (x86)\RocketFish
2010-12-13 23:26:03 89088 ----a-w- C:\Windows\System32\CmdRtr64.DLL
2010-12-13 23:26:03 73728 ----a-w- C:\Windows\SysWow64\CmdRtr.DLL
2010-12-13 23:26:03 214528 ----a-w- C:\Windows\System32\APOMgr64.DLL
2010-12-13 23:26:03 166912 ----a-w- C:\Windows\SysWow64\APOMngr.DLL
2010-12-13 23:13:22 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
2010-12-13 23:13:19 -------- d-----w- C:\Program Files\Microsoft Security Essentials
2010-12-13 23:10:15 -------- d-----w- C:\Program Files (x86)\VideoLAN
2010-12-13 23:07:28 -------- d-----w- C:\Program Files (x86)\foobar2000
2010-12-13 23:06:30 -------- d-----w- C:\Program Files\TeraCopy
2010-12-13 23:06:20 -------- d-----w- C:\Program Files (x86)\Steam
2010-12-13 23:06:20 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2010-12-13 23:06:12 -------- d-----w- C:\Users\MASHKH~1\AppData\Roaming\uTorrent
2010-12-13 23:06:12 -------- d-----w- C:\Program Files (x86)\uTorrent
2010-12-13 23:06:00 -------- d-----w- C:\Users\MASHKH~1\AppData\Local\Google
2010-12-13 23:01:13 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{88632F1E-9CEA-4272-BDA3-8CCDB00EF8F5}\mpengine.dll
2010-12-13 23:01:13 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-12-13 22:58:08 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2010-12-13 22:57:26 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2010-12-13 22:57:04 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2010-12-13 22:55:18 -------- d-----w- C:\AMD
2010-12-13 22:49:30 -------- d-----w- C:\Users\MASHKH~1\AppData\Local\Logitech
2010-12-13 22:39:30 -------- d-----w- C:\Users\MASHKH~1\AppData\Local\ATI
2010-12-13 22:39:11 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2010-12-13 22:39:10 -------- d-sh--w- C:\Windows\Installer
2010-12-13 22:39:10 -------- d-----w- C:\Program Files\ATI
2010-12-13 22:38:48 -------- d-----w- C:\Program Files\ATI Technologies
2010-12-13 22:38:22 -------- d-----w- C:\ATI
2010-12-13 22:25:57 -------- d-----w- C:\Recovery
2010-11-26 04:20:20 8120320 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-11-26 03:19:32 21610496 ----a-w- C:\Windows\System32\atio6axx.dll
2010-11-26 03:02:08 16702976 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-11-26 02:58:22 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-11-26 02:58:12 550400 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-11-26 02:57:08 648704 ----a-w- C:\Windows\System32\aticfx64.dll
2010-11-26 02:54:58 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-11-26 02:54:48 478720 ----a-w- C:\Windows\System32\atieclxx.exe
2010-11-26 02:54:12 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-11-26 02:53:00 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-11-26 02:52:42 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2010-11-26 02:52:36 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-11-26 02:52:26 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-11-26 02:52:20 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2010-11-26 02:52:16 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-11-26 02:52:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-11-26 02:49:04 4066816 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-11-26 02:40:14 4794368 ----a-w- C:\Windows\System32\atidxx64.dll
2010-11-26 02:30:20 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-11-26 02:30:20 4122624 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-11-26 02:30:18 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-11-26 02:30:10 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-11-26 02:30:08 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-11-26 02:29:58 6815232 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-11-26 02:29:52 3217408 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-11-26 02:28:44 5441024 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-11-26 02:24:38 58880 ----a-w- C:\Windows\System32\coinst.dll
2010-11-26 02:24:06 5258240 ----a-w- C:\Windows\System32\atiumd64.dll
2010-11-26 02:22:26 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-11-26 02:17:28 351232 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-11-26 02:17:20 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-11-26 02:17:08 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-11-26 02:17:04 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-11-26 02:17:04 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-11-26 02:17:00 31744 ----a-w- C:\Windows\System32\atig6txx.dll
2010-11-26 02:16:54 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-11-26 02:16:46 289792 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-11-26 02:16:04 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-11-26 02:15:58 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-11-26 02:15:52 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-11-26 02:15:42 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-11-26 02:15:00 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-11-26 02:09:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-11-26 02:09:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-11-26 02:09:12 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-11-26 02:09:12 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-11-17 12:04:32 115216 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys

==================== Find3M ====================

2010-12-13 23:24:00 506368 ----a-w- C:\Windows\SysWow64\P17APO32.dll
2010-11-11 19:32:36 805 ----a-w- C:\Windows\System32\RTSLCS.dll
2010-11-11 17:08:01 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-11-11 17:08:01 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-11-11 17:07:36 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-11-11 17:07:36 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-11-11 17:07:10 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-11-11 17:07:10 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-11-11 17:06:28 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-11 17:06:28 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-11 17:06:28 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-11 17:06:28 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-11 17:06:28 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-11 17:06:28 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-11 17:06:28 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-11 17:06:28 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-11-11 17:05:43 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-11-11 17:05:43 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-11-11 17:05:43 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-11-11 17:05:43 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-11-11 17:05:43 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-11-11 17:05:19 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-11-11 17:05:19 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-11-11 17:04:52 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-11-11 17:04:51 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-11-11 17:04:51 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-11-11 17:04:51 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-11-11 17:04:51 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-11-11 17:04:51 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-11-11 17:04:51 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-11-11 17:04:20 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-11-11 17:04:20 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-11-11 17:03:58 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-11-11 17:03:34 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-11-11 17:03:34 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-11-11 17:03:12 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-11-11 17:03:12 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-11-11 17:02:48 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-11-11 17:02:24 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2010-11-11 17:02:24 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2010-11-11 17:01:57 2085376 ----a-w- C:\Windows\System32\ole32.dll
2010-11-11 17:01:57 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-11-11 16:58:37 1877504 ----a-w- C:\Windows\System32\msxml3.dll
2010-11-11 16:58:37 1233920 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-11-11 16:58:14 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-11-11 16:57:52 52224 ----a-w- C:\Windows\System32\rtutils.dll
2010-11-11 16:57:52 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
2010-11-11 16:57:10 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-11-11 16:56:04 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2010-11-11 16:56:04 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2010-11-11 16:55:39 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2010-11-11 16:55:39 3955080 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2010-11-11 16:55:39 3899784 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2010-11-11 16:54:49 612352 ----a-w- C:\Windows\System32\vbscript.dll
2010-11-11 16:54:49 427520 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-11-11 16:54:22 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2010-11-11 16:54:22 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2010-11-11 16:53:52 1736608 ----a-w- C:\Windows\System32\ntdll.dll
2010-11-11 16:53:52 1289528 ----a-w- C:\Windows\SysWow64\ntdll.dll
2010-11-11 16:52:55 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2010-11-11 16:52:55 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2010-11-11 16:52:55 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2010-11-11 16:52:55 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2010-11-11 16:52:25 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2010-11-11 16:52:25 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2010-11-11 16:52:25 125952 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2010-11-11 16:52:04 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-11-11 16:52:04 366080 ----a-w- C:\Windows\System32\atmfd.dll
2010-11-11 16:52:04 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-11-11 16:52:04 293888 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-11-11 16:51:23 84992 ----a-w- C:\Windows\System32\asycfilt.dll
2010-11-11 16:51:23 67584 ----a-w- C:\Windows\SysWow64\asycfilt.dll
2010-11-11 16:51:02 139264 ----a-w- C:\Windows\System32\cabview.dll
2010-11-11 16:51:02 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2010-11-11 16:49:53 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2010-11-11 16:49:53 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2010-11-11 16:49:53 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2010-11-11 16:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2010-11-11 16:49:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2010-11-11 16:49:53 2048 ----a-w- C:\Windows\SysWow64\user.exe
2010-11-11 16:49:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2010-11-11 16:49:29 220672 ----a-w- C:\Windows\System32\wintrust.dll
2010-11-11 16:49:29 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2010-11-11 16:49:05 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2010-11-11 16:49:05 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2010-11-11 16:48:40 389632 ----a-w- C:\Windows\System32\winlogon.exe
2010-11-11 16:48:40 2870272 ----a-w- C:\Windows\explorer.exe
2010-11-11 16:48:40 2614272 ----a-w- C:\Windows\SysWow64\explorer.exe
2010-11-11 16:46:44 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2010-11-11 16:46:44 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2010-11-11 16:46:23 46592 ----a-w- C:\Windows\System32\msasn1.dll
2010-11-11 16:46:23 34816 ----a-w- C:\Windows\SysWow64\msasn1.dll
2010-11-11 16:45:47 982600 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2010-11-11 16:45:47 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll
2010-11-11 16:45:47 1320960 ----a-w- C:\Windows\SysWow64\CertEnroll.dll
2010-11-11 16:45:07 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2010-11-11 16:45:07 100864 ----a-w- C:\Windows\System32\fontsub.dll
2010-11-11 16:43:28 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-11-11 16:43:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-11-11 16:43:03 2048 ----a-w- C:\Windows\System32\tzres.dll

============= FINISH: 22:08:58.34 ===============






ComboFix Log:


ComboFix 10-12-13.02 - Mashkhith 12/13/2010 22:16:02.2.3 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2676 [GMT -5:00]
Running from: c:\users\Mashkhith\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-11-14 to 2010-12-14 )))))))))))))))))))))))))))))))
.

2010-12-14 03:18 . 2010-12-14 03:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-14 01:31 . 2010-12-14 01:32 -------- d-----w- c:\program files (x86)\Common Files\Nero
2010-12-14 01:31 . 2010-12-14 01:31 -------- d-----w- c:\program files (x86)\Nero
2010-12-14 01:31 . 2010-12-14 01:31 -------- d-----w- c:\programdata\Nero
2010-12-14 01:19 . 2010-12-14 01:19 -------- d-----w- c:\program files (x86)\Ask.com
2010-12-14 01:19 . 2008-10-15 11:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2010-12-14 01:19 . 2007-05-16 21:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
2010-12-14 01:18 . 2010-12-13 22:26 -------- d-----w- c:\windows\Panther
2010-12-14 00:49 . 2010-11-10 02:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E857D14-33F7-4F25-9A63-1143FE6F83A3}\mpengine.dll
2010-12-13 23:29 . 2010-12-13 23:29 -------- d-----w- c:\programdata\ATI
2010-12-13 23:29 . 2010-12-13 23:29 0 ----a-w- c:\windows\ativpsrm.bin
2010-12-13 23:27 . 2010-12-13 23:27 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-13 23:27 . 2010-12-13 23:27 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2010-12-13 23:27 . 2010-12-13 23:27 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-13 23:27 . 2010-12-13 23:27 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2010-12-13 23:27 . 2009-09-03 23:30 1939968 ------w- c:\windows\system32\Sens_oal.dll
2010-12-13 23:27 . 2009-09-03 23:30 2902495 ------w- c:\windows\SysWow64\Sens_oal.dll
2010-12-13 23:26 . 2010-12-13 23:26 -------- d-----w- c:\program files (x86)\Common Files\Creative Labs Shared
2010-12-13 23:26 . 2010-12-13 23:26 -------- d-----w- c:\program files\Creative
2010-12-13 23:26 . 2010-12-13 23:27 -------- d-----w- c:\program files (x86)\Creative
2010-12-13 23:26 . 2010-12-13 23:27 -------- d-----w- c:\program files (x86)\RocketFish
2010-12-13 23:26 . 2010-12-13 23:26 -------- d-----w- c:\programdata\Creative
2010-12-13 23:26 . 2009-07-10 14:09 214528 ----a-w- c:\windows\system32\APOMgr64.DLL
2010-12-13 23:26 . 2009-07-10 14:07 166912 ----a-w- c:\windows\SysWow64\APOMngr.DLL
2010-12-13 23:26 . 2009-02-06 23:53 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL
2010-12-13 23:26 . 2009-02-06 23:52 73728 ----a-w- c:\windows\SysWow64\CmdRtr.DLL
2010-12-13 23:25 . 2010-12-13 23:25 -------- d-----w- c:\windows\system32\Data
2010-12-13 23:25 . 2010-12-13 23:23 11264 ----a-w- c:\windows\SysWow64\INRES.DLL
2010-12-13 23:25 . 2010-12-13 23:23 10752 ----a-w- c:\windows\system32\INRES.DLL
2010-12-13 23:25 . 2010-12-13 23:27 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2010-12-13 23:25 . 2010-12-13 23:25 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2010-12-13 23:13 . 2010-12-13 23:13 -------- d-----w- c:\program files (x86)\Microsoft Antimalware
2010-12-13 23:13 . 2010-12-13 23:13 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-12-13 23:10 . 2010-12-13 23:10 -------- d-----w- c:\program files (x86)\VideoLAN
2010-12-13 23:08 . 2010-12-13 23:08 -------- d-----w- c:\program files (x86)\Notepad++
2010-12-13 23:07 . 2010-12-13 23:07 -------- d-----w- c:\program files (x86)\foobar2000
2010-12-13 23:06 . 2010-12-13 23:06 -------- d-----w- c:\program files\TeraCopy
2010-12-13 23:06 . 2010-12-14 02:40 -------- d-----w- c:\program files (x86)\Steam
2010-12-13 23:06 . 2010-12-13 23:06 -------- d-----w- c:\program files (x86)\Common Files\Steam
2010-12-13 23:06 . 2010-12-13 23:06 -------- d-----w- c:\program files (x86)\uTorrent
2010-12-13 23:01 . 2010-11-16 17:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88632F1E-9CEA-4272-BDA3-8CCDB00EF8F5}\mpengine.dll
2010-12-13 23:01 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-12-13 22:58 . 2010-12-13 22:58 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2010-12-13 22:57 . 2010-02-18 14:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2010-12-13 22:57 . 2010-12-13 22:57 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-12-13 22:55 . 2010-12-13 22:55 -------- d-----w- C:\AMD
2010-12-13 22:53 . 2010-12-13 23:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2010-12-13 22:49 . 2010-12-13 22:49 -------- d-----w- c:\programdata\Logitech
2010-12-13 22:49 . 2010-12-13 22:49 -------- d-----w- c:\program files\Logitech
2010-12-13 22:49 . 2010-12-13 22:49 -------- d-----w- c:\program files (x86)\Logitech
2010-12-13 22:39 . 2010-12-13 22:58 -------- d-----w- c:\program files (x86)\ATI Technologies
2010-12-13 22:39 . 2010-12-14 01:32 -------- d-sh--w- c:\windows\Installer
2010-12-13 22:39 . 2010-12-13 22:39 -------- d-----w- c:\program files\ATI
2010-12-13 22:38 . 2010-12-13 22:57 -------- d-----w- c:\program files\ATI Technologies
2010-12-13 22:38 . 2010-12-13 22:38 -------- d-----w- C:\ATI
2010-12-13 22:33 . 2010-12-13 22:33 -------- d-----w- c:\windows\SysWow64\Macromed
2010-12-13 22:26 . 2010-12-13 22:26 -------- d-----w- c:\users\Mashkhith
2010-12-13 22:25 . 2010-12-13 22:25 -------- d-----w- C:\Recovery
2010-11-26 04:20 . 2010-11-26 04:20 8120320 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-11-26 03:19 . 2010-11-26 03:19 21610496 ----a-w- c:\windows\system32\atio6axx.dll
2010-11-26 03:02 . 2010-11-26 03:02 16702976 ----a-w- c:\windows\SysWow64\atioglxx.dll
2010-11-26 02:58 . 2010-11-26 02:58 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:58 . 2010-11-26 02:58 550400 ----a-w- c:\windows\SysWow64\aticfx32.dll
2010-11-26 02:57 . 2010-11-26 02:57 648704 ----a-w- c:\windows\system32\aticfx64.dll
2010-11-26 02:54 . 2010-11-26 02:54 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2010-11-26 02:54 478720 ----a-w- c:\windows\system32\atieclxx.exe
2010-11-26 02:54 . 2010-11-26 02:54 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2010-11-26 02:53 . 2010-11-26 02:53 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-11-26 02:52 . 2010-11-26 02:52 423424 ----a-w- c:\windows\system32\atipdl64.dll
2010-11-26 02:52 . 2010-11-26 02:52 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2010-11-26 02:52 . 2010-11-26 02:52 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2010-11-26 02:52 . 2010-11-26 02:52 16384 ----a-w- c:\windows\system32\atimuixx.dll
2010-11-26 02:52 . 2010-11-26 02:52 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-11-26 02:52 . 2010-11-26 02:52 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2010-11-26 02:49 . 2010-11-26 02:49 4066816 ----a-w- c:\windows\SysWow64\atidxx32.dll
2010-11-26 02:40 . 2010-11-26 02:40 4794368 ----a-w- c:\windows\system32\atidxx64.dll
2010-11-26 02:30 . 2010-11-26 02:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2010-11-26 02:30 . 2010-11-26 02:30 4122624 ----a-w- c:\windows\SysWow64\atiumdag.dll
2010-11-26 02:30 . 2010-11-26 02:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2010-11-26 02:30 . 2010-11-26 02:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2010-11-26 02:30 . 2010-11-26 02:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2010-11-26 02:29 . 2010-11-26 02:29 6815232 ----a-w- c:\windows\system32\aticaldd64.dll
2010-11-26 02:29 . 2010-11-26 02:29 3217408 ----a-w- c:\windows\system32\atiumd6a.dll
2010-11-26 02:28 . 2010-11-26 02:28 5441024 ----a-w- c:\windows\SysWow64\aticaldd.dll
2010-11-26 02:24 . 2010-11-26 02:24 58880 ----a-w- c:\windows\system32\coinst.dll
2010-11-26 02:24 . 2010-11-26 02:24 5258240 ----a-w- c:\windows\system32\atiumd64.dll
2010-11-26 02:22 . 2010-11-26 02:22 3460096 ----a-w- c:\windows\SysWow64\atiumdva.dll
2010-11-26 02:17 . 2010-11-26 02:17 351232 ----a-w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2010-11-26 02:17 . 2010-11-26 02:17 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 31744 ----a-w- c:\windows\system32\atig6txx.dll
2010-11-26 02:16 . 2010-11-26 02:16 27136 ----a-w- c:\windows\SysWow64\atigktxx.dll
2010-11-26 02:16 . 2010-11-26 02:16 289792 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-11-26 02:16 . 2010-11-26 02:16 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2010-11-26 02:15 . 2010-11-26 02:15 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2010-11-26 02:15 . 2010-11-26 02:15 37888 ----a-w- c:\windows\system32\atiu9p64.dll
2010-11-26 02:15 . 2010-11-26 02:15 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2010-11-26 02:15 . 2010-11-26 02:15 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:09 . 2010-11-26 02:09 53760 ----a-w- c:\windows\system32\atimpc64.dll
2010-11-26 02:09 . 2010-11-26 02:09 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2010-11-17 12:04 . 2010-11-17 12:04 115216 ----a-w- c:\windows\system32\drivers\AtihdW76.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-13 23:24 . 2009-04-21 02:38 506368 ----a-w- c:\windows\SysWow64\P17APO32.dll
2010-12-13 23:23 . 2009-08-25 03:08 1306624 ----a-w- c:\windows\system32\drivers\P17.sys
2010-12-13 23:23 . 2009-08-25 02:33 613503 ----a-w- c:\windows\SysWow64\APOIM64.exe
2010-12-13 23:23 . 2009-07-28 14:38 73728 ----a-w- c:\windows\system32\ctcoins1.dll
2010-12-13 23:23 . 2009-07-28 14:38 217600 ----a-w- c:\windows\system32\ctdvins1.dll
2010-12-13 23:23 . 2009-04-21 02:40 57856 ----a-w- c:\windows\system32\P17pld64.dll
2010-12-13 23:23 . 2009-04-21 02:40 581120 ----a-w- c:\windows\system32\P17APO64.dll
2010-12-13 23:23 . 2009-09-08 09:44 22146048 ----a-w- c:\windows\SysWow64\AppSetup.exe
2010-12-13 23:23 . 2009-08-13 07:19 144384 ----a-w- c:\windows\SysWow64\OemSpiE.dll
2010-12-13 23:23 . 2009-02-26 01:36 140800 ----a-w- c:\windows\system32\P17res.dll
2010-12-13 23:23 . 2008-08-26 08:30 8704 ----a-w- c:\windows\ResDefE.exe
2010-12-13 23:23 . 2008-03-28 07:57 14848 ----a-w- c:\windows\SysWow64\P17RunE.dll
2010-12-13 23:23 . 2006-12-04 13:56 42496 ----a-w- c:\windows\SysWow64\AddCat.exe
2010-11-11 19:32 . 2010-11-11 17:08 805 ----a-w- c:\windows\system32\RTSLCS.dll
2010-11-11 17:08 . 2010-11-11 17:08 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2010-11-11 17:08 . 2010-11-11 17:08 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2010-11-11 17:07 . 2010-11-11 17:07 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2010-11-11 17:07 . 2010-11-11 17:07 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2010-11-11 17:07 . 2010-11-11 17:07 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2010-11-11 17:07 . 2010-11-11 17:07 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2010-11-11 17:06 . 2010-11-11 17:06 978432 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-11 17:06 . 2010-11-11 17:06 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-11 17:06 . 2010-11-11 17:06 482816 ----a-w- c:\windows\system32\html.iec
2010-11-11 17:06 . 2010-11-11 17:06 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-11 17:06 . 2010-11-11 17:06 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-11 17:06 . 2010-11-11 17:06 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-11-11 17:06 . 2010-11-11 17:06 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-11 17:06 . 2010-11-11 17:06 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-11-11 17:05 . 2010-11-11 17:05 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2010-11-11 17:05 . 2010-11-11 17:05 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2010-11-11 17:05 . 2010-11-11 17:05 402944 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-11-11 17:05 . 2010-11-11 17:05 236032 ----a-w- c:\windows\system32\srvsvc.dll
2010-11-11 17:05 . 2010-11-11 17:05 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-11-11 17:05 . 2010-11-11 17:05 633856 ----a-w- c:\windows\system32\comctl32.dll
2010-11-11 17:05 . 2010-11-11 17:05 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2010-11-11 17:04 . 2010-11-11 17:04 552960 ----a-w- c:\windows\system32\msdri.dll
2010-11-11 17:04 . 2010-11-11 17:04 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-11-11 17:04 . 2010-11-11 17:04 641536 ----a-w- c:\windows\SysWow64\CPFilters.dll
2010-11-11 17:04 . 2010-11-11 17:04 288256 ----a-w- c:\windows\system32\MSNP.ax
2010-11-11 17:04 . 2010-11-11 17:04 258560 ----a-w- c:\windows\system32\mpg2splt.ax
2010-11-11 17:04 . 2010-11-11 17:04 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2010-11-11 17:04 . 2010-11-11 17:04 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2010-11-11 17:04 . 2010-11-11 17:04 738816 ----a-w- c:\windows\SysWow64\wmpmde.dll
2010-11-11 17:04 . 2010-11-11 17:04 1024512 ----a-w- c:\windows\system32\wmpmde.dll
2010-11-11 17:03 . 2010-11-11 17:03 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-11-11 17:03 . 2010-11-11 17:03 340992 ----a-w- c:\windows\system32\schannel.dll
2010-11-11 17:03 . 2010-11-11 17:03 224256 ----a-w- c:\windows\SysWow64\schannel.dll
2010-11-11 17:03 . 2010-11-11 17:03 148992 ----a-w- c:\windows\system32\t2embed.dll
2010-11-11 17:03 . 2010-11-11 17:03 109056 ----a-w- c:\windows\SysWow64\t2embed.dll
2010-11-11 17:02 . 2010-11-11 17:02 3123712 ----a-w- c:\windows\system32\win32k.sys
2010-11-11 17:02 . 2010-11-11 17:02 483840 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-11-11 17:02 . 2010-11-11 17:02 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll
2010-11-11 17:01 . 2010-11-11 17:01 2085376 ----a-w- c:\windows\system32\ole32.dll
2010-11-11 17:01 . 2010-11-11 17:01 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2010-11-11 16:58 . 2010-11-11 16:58 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-11-11 16:58 . 2010-11-11 16:58 1233920 ----a-w- c:\windows\SysWow64\msxml3.dll
2010-11-11 16:58 . 2010-11-11 16:58 144384 ----a-w- c:\windows\system32\cdd.dll
2010-11-11 16:57 . 2010-11-11 16:57 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-11-11 16:57 . 2010-11-11 16:57 37376 ----a-w- c:\windows\SysWow64\rtutils.dll
2010-11-11 16:57 . 2010-11-11 16:57 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
2010-11-11 16:56 . 2010-11-11 16:56 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-11-11 16:56 . 2010-11-11 16:56 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2010-11-11 16:55 . 2010-11-11 16:55 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-11-11 16:55 . 2010-11-11 16:55 3955080 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2010-11-11 16:55 . 2010-11-11 16:55 3899784 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2010-11-11 16:54 . 2010-11-11 16:54 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-11-11 16:54 . 2010-11-11 16:54 427520 ----a-w- c:\windows\SysWow64\vbscript.dll
2010-11-11 16:54 . 2010-11-11 16:54 613888 ----a-w- c:\windows\system32\psisdecd.dll
2010-11-11 16:54 . 2010-11-11 16:54 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2010-11-11 16:53 . 2010-11-11 16:53 1736608 ----a-w- c:\windows\system32\ntdll.dll
2010-11-11 16:53 . 2010-11-11 16:53 1289528 ----a-w- c:\windows\SysWow64\ntdll.dll
2010-11-11 16:52 . 2010-11-11 16:52 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2010-11-11 16:52 . 2010-11-11 16:52 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2010-11-11 16:52 . 2010-11-11 16:52 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-11-11 16:52 . 2010-11-11 16:52 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2010-11-11 16:52 . 2010-11-11 16:52 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-11-11 16:52 . 2010-11-11 16:52 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-11-11 16:52 . 2010-11-11 16:52 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-11-11 16:52 . 2010-11-11 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-11-11 16:52 . 2010-11-11 16:52 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-11-11 16:52 . 2010-11-11 16:52 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-11-11 16:52 . 2010-11-11 16:52 293888 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-11-11 16:51 . 2010-11-11 16:51 84992 ----a-w- c:\windows\system32\asycfilt.dll
2010-11-11 16:51 . 2010-11-11 16:51 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2010-11-11 16:51 . 2010-11-11 16:51 139264 ----a-w- c:\windows\system32\cabview.dll
2010-11-11 16:51 . 2010-11-11 16:51 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2010-11-11 16:50 . 2010-11-11 16:50 85504 ----a-w- c:\windows\SysWow64\secproc_ssp_isv.dll
2010-11-11 16:50 . 2010-11-11 16:50 85504 ----a-w- c:\windows\SysWow64\secproc_ssp.dll
2010-11-11 16:50 . 2010-11-11 16:50 424960 ----a-w- c:\windows\system32\secproc.dll
2010-11-11 16:50 . 2010-11-11 16:50 422912 ----a-w- c:\windows\system32\secproc_isv.dll
2010-11-11 16:50 . 2010-11-11 16:50 369152 ----a-w- c:\windows\SysWow64\secproc.dll
2010-11-11 16:50 . 2010-11-11 16:50 365568 ----a-w- c:\windows\SysWow64\secproc_isv.dll
2010-11-11 16:50 . 2010-11-11 16:50 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-11-11 16:50 . 2010-11-11 16:50 356352 ----a-w- c:\windows\system32\RMActivate.exe
2010-11-11 16:50 . 2010-11-11 16:50 324608 ----a-w- c:\windows\SysWow64\RMActivate_isv.exe
2010-11-11 16:50 . 2010-11-11 16:50 320512 ----a-w- c:\windows\SysWow64\RMActivate.exe
2010-11-11 16:50 . 2010-11-11 16:50 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-11-11 16:50 . 2010-11-11 16:50 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-11-11 16:50 . 2010-11-11 16:50 280064 ----a-w- c:\windows\SysWow64\RMActivate_ssp.exe
2010-11-11 16:50 . 2010-11-11 16:50 277504 ----a-w- c:\windows\SysWow64\RMActivate_ssp_isv.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-12-13_23.47.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-13 23:30 . 2010-12-14 02:41 17824 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2010-12-14 02:41 33356 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 04:46 . 2010-12-13 23:28 72456 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2010-12-14 02:55 72456 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-12-13 22:49 . 2010-12-13 23:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-13 22:49 . 2010-12-14 02:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-13 22:49 . 2010-12-13 23:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-13 22:49 . 2010-12-14 02:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-14 02:54 . 2010-12-14 02:54 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\80feaa74c880469ddc54e7708b2e8d7e\napcrypt.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\0d1d86b7a1b8afb09bf7cb07eabde485\Microsoft.WSMan.Runtime.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\d51b95e6e77bfdd633b59c9f516ac9ef\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\98d8366d100cc319471868a5def009ed\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\8a92b05c00b890ec0cb98307df3d7739\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\731bbc3df07f3a2b76262cd92e4c1f02\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\62cbb2d90042efa51c5e2824634f1e6b\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\4b6134d905d751a3042b7518fa25bc21\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\0501f44f470d4f55a3cde31e427e8bf7\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\37320799550691a787e6574b6899d0ee\Microsoft.Build.Framework.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\27dbf2aba276101442ddbe86a8665057\Microsoft.Build.Framework.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a0fb35ff977ffedbdb27f7262c979d3e\dfsvc.ni.exe
+ 2010-12-13 22:45 . 2010-12-14 02:41 3202 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-35121409-3287810490-1152339797-1000_UserData.bin
- 2010-12-13 23:29 . 2010-12-13 23:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-14 02:36 . 2010-12-14 02:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-14 02:36 . 2010-12-14 02:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-13 23:29 . 2010-12-13 23:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-15 00:05 . 2009-09-15 00:05 374064 c:\windows\SysWOW64\twnlib4.dll
+ 2009-09-15 00:05 . 2009-09-15 00:05 808240 c:\windows\SysWOW64\imagxra7.dll
+ 2009-09-15 00:05 . 2009-09-15 00:05 263472 c:\windows\SysWOW64\imagxr7.dll
+ 2009-09-15 00:04 . 2009-09-15 00:04 497296 c:\windows\SysWOW64\imagxpr7.dll
+ 2009-07-14 02:36 . 2010-12-14 02:41 615122 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2010-12-13 23:33 615122 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2010-12-14 02:41 103496 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2010-12-13 23:33 103496 c:\windows\system32\perfc009.dat
+ 2010-12-13 23:50 . 2010-12-14 02:36 138664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2009-07-14 05:01 234392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2010-12-14 02:36 234392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-14 00:31 . 2010-12-14 02:36 234392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-35121409-3287810490-1152339797-1000-12288.dat
+ 2010-12-14 01:31 . 2010-12-14 01:31 300328 c:\windows\Installer\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}\ARPPRODUCTICON.exe
+ 2010-12-14 01:32 . 2010-12-14 01:32 587048 c:\windows\Installer\{943CFD7D-5336-47AF-9418-E02473A5A517}\ARPPRODUCTICON.exe
+ 2010-12-14 01:19 . 2010-12-14 01:19 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2010-12-14 01:32 . 2010-12-14 01:32 587048 c:\windows\Installer\{7A5D731D-B4B3-490E-B339-75685712BAAB}\ScBurningROMStartM_FF88F478D1E748AC86035D457D563142.exe
+ 2010-12-14 01:32 . 2010-12-14 01:32 587048 c:\windows\Installer\{7A5D731D-B4B3-490E-B339-75685712BAAB}\ScBurningROMStartM_7533AE23D677474387D2A66427FA7052.exe
+ 2010-12-14 01:32 . 2010-12-14 01:32 587048 c:\windows\Installer\{7A5D731D-B4B3-490E-B339-75685712BAAB}\ARPPRODUCTICON.exe
+ 2010-12-14 01:31 . 2010-12-14 01:31 587048 c:\windows\Installer\{6DFB899F-17A2-48F0-A533-ED8D6866CF38}\ScControlCenterSta_FC2653898C5047A6A872CAF6433C43A8.exe
+ 2010-12-14 01:31 . 2010-12-14 01:31 587048 c:\windows\Installer\{6DFB899F-17A2-48F0-A533-ED8D6866CF38}\ARPPRODUCTICON.exe
+ 2010-12-14 02:53 . 2010-12-14 02:53 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\b3fbd794181d7b93b807a5e74991b0f9\UIAutomationClient.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\50583e3d9a03c78b8107b826068f4541\System.Messaging.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\1a8dbe792bff04609faff69f9327630f\System.IdentityModel.Selectors.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9de488bf62eebca425759ea94d9a70e8\SMDiagnostics.ni.dll
+ 2010-12-14 02:54 . 2010-12-14 02:54 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\b3292b929a636a82c1237bb885bb82e6\napinit.ni.dll
+ 2010-12-14 02:54 . 2010-12-14 02:54 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\05238736304f9b2c5f451607ab71ae18\naphlpr.ni.dll
+ 2010-12-14 02:54 . 2010-12-14 02:54 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\b6e1a1590a2fcf08ed4145fb92357391\MSBuild.ni.exe
+ 2010-12-14 02:53 . 2010-12-14 02:53 531456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\cd4fdf78b0ca8b2d9f22d95e64b006b5\Microsoft.WSMan.Management.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\528fb7c1f755e446a1ed500d1b58ebd4\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 210944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\7d4f154cb5ab95ea6ecfc9b8edfe3e8c\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8eaa696f746aa53be548f88dbb0c98fe\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8e65ea44f0c453e0f399e12605c373bf\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\5214f2892b88be6b998053009bdf3f8e\Microsoft.PowerShell.Security.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\49326f12d03146d04ec67446e1637bb2\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 785920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0b9e7ba162d54f09f56bb20307c9e26f\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\757d1a493508c965f98e23807e226f72\Microsoft.Build.Utilities.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\6466be199d39a2af445708e711095775\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8f3a62f35106a0a83f7b1be20142f5b6\Microsoft.Build.Engine.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0f63bf412ade976b62296fe9b9bec6f4\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\a19346462fbc57a1f768822f8a426509\EventViewer.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\149c74602e3720d5e12fd34691793f45\CustomMarshalers.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\0026d2a5ef652dd0f2ffafc5c6be0e5a\ComSvcConfig.ni.exe
+ 2009-09-15 00:05 . 2009-09-15 00:05 1762608 c:\windows\SysWOW64\imagx7.dll
- 2009-07-14 04:45 . 2010-12-13 23:14 3607983 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2010-12-14 01:31 3607983 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-12-14 01:19 . 2010-12-14 01:19 2717260 c:\windows\Installer\2ac08f.msi
+ 2009-07-12 07:35 . 2009-07-12 07:35 2736640 c:\windows\Installer\2ac087.msi
+ 2010-12-14 01:17 . 2010-12-14 01:17 1096704 c:\windows\Installer\267e9.msi
+ 2010-12-14 01:17 . 2010-12-14 01:17 1097216 c:\windows\Installer\267e0.msi
+ 2010-12-14 01:17 . 2010-12-14 01:17 1096192 c:\windows\Installer\267d7.msi
+ 2010-12-14 01:17 . 2010-12-14 01:17 1574400 c:\windows\Installer\267ce.msi
+ 2010-12-14 01:17 . 2010-12-14 01:17 7268352 c:\windows\Installer\267bc.msi
+ 2010-12-14 01:17 . 2010-12-14 01:17 2054656 c:\windows\Installer\267b3.msi
+ 2010-12-14 01:17 . 2010-12-14 01:17 9542144 c:\windows\Installer\267ab.msi
+ 2010-12-14 02:53 . 2010-12-14 02:53 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\86d34fbd2a7c582105eb53cbbd55c29e\System.Runtime.Serialization.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 8871936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\8621fb593b7e35cdab4d5680c8ea77f4\System.Management.Automation.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 1072128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e1f487716bc10cf0b290e87d32f25252\System.IdentityModel.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\b1a619266964bede98b18ef83eb1c559\System.Core.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\87b1ca611b5c770217555e9d78ff726f\MMCEx.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 6434304 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\89713af86ff161490962fe41a01cd5f7\MIGUIControls.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\401d4cd2a06122a32cf094d541dcdd63\Microsoft.VisualBasic.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 1092608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\976f7d50a8d1d8bbe74b11679e784185\Microsoft.Transactions.Bridge.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 1705472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fb7affa6ddb40f9e0bf982c66da8b04a\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ed3cf725dda20006fb8134469d4837e3\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2e071174a8b54bbd5eb02fb54e10dec6\Microsoft.PowerShell.Editor.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\5196e176b6eade8e55e30404f6842a48\Microsoft.Ink.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a6e90a53a09e50dda9122b432f48e275\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\0d33e9ce3f1f04cf48bff4c2dfb9f4eb\Microsoft.Build.Tasks.ni.dll
+ 2010-12-14 02:53 . 2010-12-14 02:53 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ff7ebb17690b1ccc7ee8c6cfa2d107b8\Microsoft.Build.Engine.ni.dll
- 2009-07-14 02:34 . 2010-12-13 23:42 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2010-12-14 02:35 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-12-14 01:17 . 2010-12-14 01:17 11741696 c:\windows\Installer\267c5.msi
+ 2010-12-14 02:53 . 2010-12-14 02:53 17400320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\cbc67ea9e93f7bebfbc341d39a4f838f\System.ServiceModel.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-21 17:17 1233288 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Mashkhith\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-09-01 136176]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-12-13 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 336384]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-13 79360]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 40832]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

.
Contents of the 'Scheduled Tasks' folder

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-35121409-3287810490-1152339797-1000Core.job
- c:\users\Mashkhith\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-13 06:15]

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-35121409-3287810490-1152339797-1000UA.job
- c:\users\Mashkhith\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-13 06:15]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 2093128]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 4271688]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1448568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com?o=101912&l=dis
mLocal Page = c:\windows\SysWOW64\blank.htm
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-13 22:19:21
ComboFix-quarantined-files.txt 2010-12-14 03:19
ComboFix2.txt 2010-12-13 23:48

Pre-Run: 296,581,881,856 bytes free
Post-Run: 296,608,378,880 bytes free

- - End Of File - - E7FEC42439B1AB7D29AD330710087B17

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:50 AM

Posted 23 December 2010 - 12:23 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 tdl4_sadface

tdl4_sadface
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 24 December 2010 - 11:38 AM

Hello Gringo, I appreciate your help in solving this problem for me.

Here are the contents of the new DDS scan.


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Mashkhith at 11:33:20.57 on Fri 12/24/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2664 [GMT -5:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
X:\Steam\steam.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Users\Mashkhith\Downloads\dds(2).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=101912&l=dis
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Google Update] "C:\Users\Mashkhith\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "X:\Steam\Steam.exe" -silent
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
mRun-x64: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

================= FIREFOX ===================

FF - ProfilePath - C:\Users\MASHKH~1\AppData\Roaming\Mozilla\Firefox\Profiles\xc53zmp3.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Mashkhith\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-25 203776]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2010-12-13 46136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-11-25 8120320]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-11-25 289792]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-13 79360]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-15 1255736]

=============== Created Last 30 ================

2010-12-24 09:34:21 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{EDED5606-DD34-45D2-A189-00E3DE1D8D60}\mpengine.dll
2010-12-23 22:25:54 -------- d-----w- C:\Users\MASHKH~1\AppData\Roaming\.minecraft
2010-12-23 22:25:41 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-12-23 22:25:41 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-23 22:22:45 -------- d-----w- C:\Users\MASHKH~1\AppData\Roaming\TeraCopy
2010-12-22 00:54:22 -------- d-----w- C:\Users\MASHKH~1\AppData\Roaming\TS3Client
2010-12-22 00:53:04 -------- d-----w- C:\Program Files (x86)\TeamSpeak 3 Client
2010-12-16 02:21:56 -------- d-----w- C:\Program Files\Ventrilo
2010-12-16 02:21:38 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-12-15 22:25:16 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-12-15 22:24:58 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-12-15 10:27:11 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-15 08:00:28 -------- d-----w- C:\Windows\SysWow64\Wat
2010-12-15 08:00:28 -------- d-----w- C:\Windows\System32\Wat
2010-12-15 00:35:51 -------- d-----w- C:\Users\MASHKH~1\AppData\Roaming\foobar2000
2010-12-14 22:14:32 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-14 22:10:55 -------- d-----w- C:\Users\MASHKH~1\AppData\Roaming\LolClient
2010-12-14 12:19:31 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2010-12-14 12:19:31 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2010-12-14 12:19:31 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2010-12-14 12:19:31 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2010-12-14 12:19:30 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2010-12-14 12:17:05 -------- d-----w- C:\Riot Games
2010-12-14 03:48:05 -------- d-----w- C:\Users\MASHKH~1\AppData\Local\PMB Files
2010-12-14 03:48:04 -------- d-----w- C:\PROGRA~3\PMB Files
2010-12-14 03:47:37 -------- d-----w- C:\Program Files (x86)\Pando Networks
2010-12-14 01:31:41 -------- d-----w- C:\Program Files (x86)\Nero
2010-12-14 01:31:33 -------- d-----w- C:\PROGRA~3\Nero
2010-12-14 01:19:28 -------- d-----w- C:\Program Files (x86)\Ask.com
2010-12-14 01:19:17 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2010-12-14 01:19:03 3497832 ----a-w- C:\Windows\SysWow64\d3dx9_34.dll
2010-12-14 01:18:23 -------- d-----w- C:\Windows\Panther
2010-12-13 23:45:03 98816 ----a-w- C:\Windows\sed.exe
2010-12-13 23:45:03 89088 ----a-w- C:\Windows\MBR.exe
2010-12-13 23:45:03 256512 ----a-w- C:\Windows\PEV.exe
2010-12-13 23:45:03 161792 ----a-w- C:\Windows\SWREG.exe
2010-12-13 23:29:07 0 ----a-w- C:\Windows\ativpsrm.bin
2010-12-13 23:27:06 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2010-12-13 23:27:06 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2010-12-13 23:27:06 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2010-12-13 23:27:06 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2010-12-13 23:27:04 2902495 ------w- C:\Windows\SysWow64\Sens_oal.dll
2010-12-13 23:27:04 1939968 ------w- C:\Windows\System32\Sens_oal.dll
2010-12-13 23:26:47 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared
2010-12-13 23:26:38 -------- d-----w- C:\Program Files\Creative
2010-12-13 23:26:35 -------- d-----w- C:\Program Files (x86)\Creative
2010-12-13 23:26:29 -------- d-----w- C:\Program Files (x86)\RocketFish
2010-12-13 23:26:03 89088 ----a-w- C:\Windows\System32\CmdRtr64.DLL
2010-12-13 23:26:03 73728 ----a-w- C:\Windows\SysWow64\CmdRtr.DLL
2010-12-13 23:26:03 214528 ----a-w- C:\Windows\System32\APOMgr64.DLL
2010-12-13 23:26:03 166912 ----a-w- C:\Windows\SysWow64\APOMngr.DLL
2010-12-13 23:13:22 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
2010-12-13 23:13:19 -------- d-----w- C:\Program Files\Microsoft Security Essentials
2010-12-13 23:10:15 -------- d-----w- C:\Program Files (x86)\VideoLAN
2010-12-13 23:07:28 -------- d-----w- C:\Program Files (x86)\foobar2000
2010-12-13 23:06:30 -------- d-----w- C:\Program Files\TeraCopy
2010-12-13 23:06:20 -------- d-----w- C:\Program Files (x86)\Steam.old
2010-12-13 23:06:20 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2010-12-13 23:06:12 -------- d-----w- C:\Users\MASHKH~1\AppData\Roaming\uTorrent
2010-12-13 23:06:12 -------- d-----w- C:\Program Files (x86)\uTorrent
2010-12-13 23:06:00 -------- d-----w- C:\Users\MASHKH~1\AppData\Local\Google
2010-12-13 23:01:13 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{88632F1E-9CEA-4272-BDA3-8CCDB00EF8F5}\mpengine.dll
2010-12-13 23:01:13 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-12-13 22:58:08 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2010-12-13 22:57:26 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2010-12-13 22:57:04 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2010-12-13 22:55:18 -------- d-----w- C:\AMD
2010-12-13 22:49:30 -------- d-----w- C:\Users\MASHKH~1\AppData\Local\Logitech
2010-12-13 22:39:30 -------- d-----w- C:\Users\MASHKH~1\AppData\Local\ATI
2010-12-13 22:39:11 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2010-12-13 22:39:10 -------- d-sh--w- C:\Windows\Installer
2010-12-13 22:39:10 -------- d-----w- C:\Program Files\ATI
2010-12-13 22:38:48 -------- d-----w- C:\Program Files\ATI Technologies
2010-12-13 22:38:22 -------- d-----w- C:\ATI
2010-12-13 22:25:57 -------- d-----w- C:\Recovery
2010-11-26 04:20:20 8120320 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-11-26 03:19:32 21610496 ----a-w- C:\Windows\System32\atio6axx.dll
2010-11-26 03:02:08 16702976 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-11-26 02:58:22 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-11-26 02:58:12 550400 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-11-26 02:57:08 648704 ----a-w- C:\Windows\System32\aticfx64.dll
2010-11-26 02:54:58 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-11-26 02:54:48 478720 ----a-w- C:\Windows\System32\atieclxx.exe
2010-11-26 02:54:12 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-11-26 02:53:00 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-11-26 02:52:42 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2010-11-26 02:52:36 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-11-26 02:52:26 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-11-26 02:52:20 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2010-11-26 02:52:16 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-11-26 02:52:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-11-26 02:49:04 4066816 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-11-26 02:40:14 4794368 ----a-w- C:\Windows\System32\atidxx64.dll
2010-11-26 02:30:20 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-11-26 02:30:20 4122624 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-11-26 02:30:18 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-11-26 02:30:10 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-11-26 02:30:08 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-11-26 02:29:58 6815232 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-11-26 02:29:52 3217408 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-11-26 02:28:44 5441024 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-11-26 02:24:38 58880 ----a-w- C:\Windows\System32\coinst.dll
2010-11-26 02:24:06 5258240 ----a-w- C:\Windows\System32\atiumd64.dll
2010-11-26 02:22:26 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-11-26 02:17:28 351232 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-11-26 02:17:20 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-11-26 02:17:08 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-11-26 02:17:04 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-11-26 02:17:04 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-11-26 02:17:00 31744 ----a-w- C:\Windows\System32\atig6txx.dll
2010-11-26 02:16:54 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-11-26 02:16:46 289792 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-11-26 02:16:04 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-11-26 02:15:58 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-11-26 02:15:52 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-11-26 02:15:42 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-11-26 02:15:00 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-11-26 02:09:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-11-26 02:09:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-11-26 02:09:12 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-11-26 02:09:12 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

==================== Find3M ====================

2010-12-13 23:24:00 506368 ----a-w- C:\Windows\SysWow64\P17APO32.dll
2010-11-17 12:04:32 115216 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2010-11-11 19:32:36 805 ----a-w- C:\Windows\System32\RTSLCS.dll
2010-11-11 17:08:01 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-11-11 17:08:01 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-11-11 17:07:36 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-11-11 17:07:36 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-11-11 17:07:10 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-11-11 17:07:10 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-11-11 17:05:43 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-11-11 17:05:43 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-11-11 17:05:43 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-11-11 17:05:43 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-11-11 17:05:43 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-11-11 17:05:19 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-11-11 17:05:19 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-11-11 17:04:52 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-11-11 17:04:51 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-11-11 17:04:51 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-11-11 17:04:51 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-11-11 17:04:51 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-11-11 17:04:51 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-11-11 17:04:51 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-11-11 17:04:20 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-11-11 17:04:20 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-11-11 17:03:58 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-11-11 17:03:34 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-11-11 17:03:34 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-11-11 17:03:12 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-11-11 17:03:12 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-11-11 17:02:24 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2010-11-11 17:02:24 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2010-11-11 17:01:57 2085376 ----a-w- C:\Windows\System32\ole32.dll
2010-11-11 17:01:57 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-11-11 16:58:37 1877504 ----a-w- C:\Windows\System32\msxml3.dll
2010-11-11 16:58:37 1233920 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-11-11 16:58:14 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-11-11 16:57:52 52224 ----a-w- C:\Windows\System32\rtutils.dll
2010-11-11 16:57:52 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
2010-11-11 16:57:10 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-11-11 16:56:04 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2010-11-11 16:56:04 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2010-11-11 16:55:39 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2010-11-11 16:55:39 3955080 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2010-11-11 16:55:39 3899784 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2010-11-11 16:54:49 612352 ----a-w- C:\Windows\System32\vbscript.dll
2010-11-11 16:54:49 427520 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-11-11 16:54:22 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2010-11-11 16:54:22 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2010-11-11 16:53:52 1736608 ----a-w- C:\Windows\System32\ntdll.dll
2010-11-11 16:53:52 1289528 ----a-w- C:\Windows\SysWow64\ntdll.dll
2010-11-11 16:52:55 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2010-11-11 16:52:55 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2010-11-11 16:52:55 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2010-11-11 16:52:55 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2010-11-11 16:52:25 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2010-11-11 16:52:25 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2010-11-11 16:52:25 125952 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2010-11-11 16:51:23 84992 ----a-w- C:\Windows\System32\asycfilt.dll
2010-11-11 16:51:23 67584 ----a-w- C:\Windows\SysWow64\asycfilt.dll
2010-11-11 16:51:02 139264 ----a-w- C:\Windows\System32\cabview.dll
2010-11-11 16:51:02 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2010-11-11 16:49:53 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2010-11-11 16:49:53 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2010-11-11 16:49:53 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2010-11-11 16:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2010-11-11 16:49:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2010-11-11 16:49:53 2048 ----a-w- C:\Windows\SysWow64\user.exe
2010-11-11 16:49:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2010-11-11 16:49:29 220672 ----a-w- C:\Windows\System32\wintrust.dll
2010-11-11 16:49:29 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2010-11-11 16:49:05 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2010-11-11 16:49:05 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2010-11-11 16:48:40 389632 ----a-w- C:\Windows\System32\winlogon.exe
2010-11-11 16:48:40 2870272 ----a-w- C:\Windows\explorer.exe
2010-11-11 16:48:40 2614272 ----a-w- C:\Windows\SysWow64\explorer.exe
2010-11-11 16:46:44 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2010-11-11 16:46:44 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2010-11-11 16:46:23 46592 ----a-w- C:\Windows\System32\msasn1.dll
2010-11-11 16:46:23 34816 ----a-w- C:\Windows\SysWow64\msasn1.dll
2010-11-11 16:45:47 982600 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2010-11-11 16:45:47 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll
2010-11-11 16:45:47 1320960 ----a-w- C:\Windows\SysWow64\CertEnroll.dll
2010-11-11 16:45:07 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2010-11-11 16:45:07 100864 ----a-w- C:\Windows\System32\fontsub.dll
2010-11-11 16:43:28 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-11-11 16:41:47 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-11-11 16:41:21 51712 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2010-11-11 16:41:21 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2010-11-11 16:40:57 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-11-11 16:40:57 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-11-11 16:40:57 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-11-11 16:40:57 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-11-11 16:40:57 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-11-11 16:40:57 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-11-11 16:40:57 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-11-11 16:40:57 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-11-11 16:40:57 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-11-11 16:40:57 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll

============= FINISH: 11:33:40.93 ===============









UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/13/2010 5:26:02 PM
System Uptime: 12/23/2010 4:27:25 AM (31 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA770T-UD3
Processor: AMD Athlon™ II X3 445 Processor | Socket M2 | 3100/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 206.145 GiB free.
D: is FIXED (NTFS) - 75 GiB total, 74.438 GiB free.
E: is CDROM ()
X: is FIXED (NTFS) - 1397 GiB total, 887.163 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP25: 12/23/2010 3:00:10 AM - Windows Update
RP26: 12/23/2010 5:25:17 PM - Installed Java™ 6 Update 23
RP27: 12/24/2010 4:34:02 AM - Windows Update

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
Ask Toolbar
Audio Control Panel
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Desktop
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
foobar2000 v1.1.1
Google Chrome
Google Gmail Notifier
Hacker Evolution
Host OpenAL
Java Auto Updater
Java™ 6 Update 23
League of Legends
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.13)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Notepad++
Pando Media Booster
RocketFish 5.1 PCI Sound Card
Steam
TeamSpeak 3 Client
VLC media player 1.1.5

==== Event Viewer Messages From Past Week ========

12/23/2010 4:28:09 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff880046a4817, 0xfffff880089e0900, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122310-35443-01.

==== End Of File ===========================









Aside from the crash that happened early yesterday morning, there has been nothing unusual. No popups or anything out of the ordinary.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:50 AM

Posted 24 December 2010 - 12:06 PM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 tdl4_sadface

tdl4_sadface
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 24 December 2010 - 09:49 PM

2010/12/24 21:44:32.0949 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/24 21:44:32.0949 ================================================================================
2010/12/24 21:44:32.0949 SystemInfo:
2010/12/24 21:44:32.0949
2010/12/24 21:44:32.0949 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/24 21:44:32.0949 Product type: Workstation
2010/12/24 21:44:32.0949 ComputerName: MASHKHITH-PC
2010/12/24 21:44:32.0949 UserName: Mashkhith
2010/12/24 21:44:32.0949 Windows directory: C:\Windows
2010/12/24 21:44:32.0949 System windows directory: C:\Windows
2010/12/24 21:44:32.0949 Running under WOW64
2010/12/24 21:44:32.0949 Processor architecture: Intel x64
2010/12/24 21:44:32.0949 Number of processors: 3
2010/12/24 21:44:32.0949 Page size: 0x1000
2010/12/24 21:44:32.0949 Boot type: Normal boot
2010/12/24 21:44:32.0949 ================================================================================
2010/12/24 21:44:32.0950 Utility is running under WOW64
2010/12/24 21:44:36.0291 Initialize success
2010/12/24 21:44:39.0155 ================================================================================
2010/12/24 21:44:39.0156 Scan started
2010/12/24 21:44:39.0156 Mode: Manual;
2010/12/24 21:44:39.0156 ================================================================================
2010/12/24 21:44:39.0549 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/24 21:44:39.0594 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/24 21:44:39.0621 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/24 21:44:39.0656 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/24 21:44:39.0689 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/24 21:44:39.0718 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/24 21:44:39.0757 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/12/24 21:44:39.0787 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/24 21:44:39.0819 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/24 21:44:39.0852 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/24 21:44:39.0882 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2010/12/24 21:44:39.0913 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/24 21:44:40.0081 amdkmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/24 21:44:40.0252 amdkmdap (20b63276a1920b41e1c56720b395049b) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/12/24 21:44:40.0300 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/24 21:44:40.0332 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/24 21:44:40.0346 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/24 21:44:40.0362 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/24 21:44:40.0396 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/12/24 21:44:40.0459 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/12/24 21:44:40.0563 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/24 21:44:40.0605 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/24 21:44:40.0637 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/24 21:44:40.0684 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
2010/12/24 21:44:40.0748 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/12/24 21:44:40.0793 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/12/24 21:44:40.0823 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/12/24 21:44:40.0867 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/24 21:44:40.0881 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/24 21:44:40.0911 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/24 21:44:40.0922 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/24 21:44:40.0953 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/12/24 21:44:40.0967 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/24 21:44:40.0981 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/24 21:44:40.0995 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/24 21:44:41.0010 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/24 21:44:41.0067 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/24 21:44:41.0100 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/24 21:44:41.0143 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/24 21:44:41.0182 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/12/24 21:44:41.0214 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/24 21:44:41.0241 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/24 21:44:41.0265 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/12/24 21:44:41.0290 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/24 21:44:41.0308 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/24 21:44:41.0330 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/24 21:44:41.0379 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2010/12/24 21:44:41.0421 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/12/24 21:44:41.0448 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/12/24 21:44:41.0473 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/12/24 21:44:41.0512 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/12/24 21:44:41.0543 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/24 21:44:41.0648 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/12/24 21:44:41.0752 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/24 21:44:41.0786 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/24 21:44:41.0819 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/12/24 21:44:41.0839 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/12/24 21:44:41.0867 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/24 21:44:41.0902 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/12/24 21:44:41.0927 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/12/24 21:44:41.0949 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/24 21:44:41.0962 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/12/24 21:44:41.0992 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/12/24 21:44:42.0010 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/24 21:44:42.0030 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/24 21:44:42.0051 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/24 21:44:42.0071 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/24 21:44:42.0116 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/12/24 21:44:42.0140 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/24 21:44:42.0152 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/24 21:44:42.0166 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/24 21:44:42.0194 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/24 21:44:42.0227 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/24 21:44:42.0255 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/24 21:44:42.0285 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/12/24 21:44:42.0339 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/24 21:44:42.0373 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/24 21:44:42.0393 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/24 21:44:42.0445 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/24 21:44:42.0490 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/24 21:44:42.0541 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/24 21:44:42.0561 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/24 21:44:42.0586 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/24 21:44:42.0600 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/12/24 21:44:42.0628 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/12/24 21:44:42.0648 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/24 21:44:42.0672 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/24 21:44:42.0695 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/24 21:44:42.0722 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/24 21:44:42.0747 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/24 21:44:42.0761 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/24 21:44:42.0786 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/12/24 21:44:42.0843 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
2010/12/24 21:44:42.0863 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
2010/12/24 21:44:42.0899 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/24 21:44:42.0975 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/24 21:44:42.0997 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/24 21:44:43.0009 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/24 21:44:43.0028 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/24 21:44:43.0052 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/12/24 21:44:43.0076 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/24 21:44:43.0090 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/24 21:44:43.0114 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/12/24 21:44:43.0138 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/24 21:44:43.0166 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/24 21:44:43.0195 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/24 21:44:43.0215 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/12/24 21:44:43.0242 MpFilter (c4d8c3031c7cd5884ca856b15307e997) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/12/24 21:44:43.0264 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/24 21:44:43.0281 MpNWMon (a768f58c55d3f303e686a7646348aec3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/12/24 21:44:43.0293 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/24 21:44:43.0324 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/24 21:44:43.0351 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/24 21:44:43.0373 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/24 21:44:43.0389 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/24 21:44:43.0410 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/24 21:44:43.0434 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/24 21:44:43.0465 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/12/24 21:44:43.0484 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/24 21:44:43.0508 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/24 21:44:43.0544 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/24 21:44:43.0572 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/24 21:44:43.0592 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/12/24 21:44:43.0619 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/12/24 21:44:43.0645 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/24 21:44:43.0669 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/12/24 21:44:43.0688 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/24 21:44:43.0709 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/12/24 21:44:43.0743 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/24 21:44:43.0788 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/12/24 21:44:43.0849 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/24 21:44:43.0891 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/24 21:44:43.0905 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/24 21:44:43.0933 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/24 21:44:43.0950 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/12/24 21:44:43.0979 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/24 21:44:43.0997 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/24 21:44:44.0038 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/24 21:44:44.0062 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/12/24 21:44:44.0078 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/24 21:44:44.0120 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/12/24 21:44:44.0166 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/12/24 21:44:44.0189 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/24 21:44:44.0208 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/24 21:44:44.0230 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/24 21:44:44.0242 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/24 21:44:44.0303 P17 (ae2b4a6695999277fc8a35488686163f) C:\Windows\system32\drivers\P17.sys
2010/12/24 21:44:44.0386 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/12/24 21:44:44.0413 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/12/24 21:44:44.0439 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/12/24 21:44:44.0484 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/24 21:44:44.0509 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/24 21:44:44.0536 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/12/24 21:44:44.0566 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/12/24 21:44:44.0689 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/24 21:44:44.0706 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/12/24 21:44:44.0744 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/24 21:44:44.0783 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/24 21:44:44.0828 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/24 21:44:44.0851 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/24 21:44:44.0869 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/24 21:44:44.0909 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/24 21:44:44.0946 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/24 21:44:44.0975 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/24 21:44:44.0995 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/24 21:44:45.0015 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/24 21:44:45.0033 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/24 21:44:45.0059 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/24 21:44:45.0085 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2010/12/24 21:44:45.0106 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/24 21:44:45.0127 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/24 21:44:45.0139 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/12/24 21:44:45.0164 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/12/24 21:44:45.0206 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/24 21:44:45.0250 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
2010/12/24 21:44:45.0275 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/12/24 21:44:45.0299 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/24 21:44:45.0328 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/24 21:44:45.0367 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/12/24 21:44:45.0401 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/24 21:44:45.0433 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/12/24 21:44:45.0451 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/24 21:44:45.0477 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/24 21:44:45.0491 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/24 21:44:45.0505 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/24 21:44:45.0518 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/24 21:44:45.0555 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/24 21:44:45.0577 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/24 21:44:45.0606 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/12/24 21:44:45.0637 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/12/24 21:44:45.0672 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/24 21:44:45.0698 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/24 21:44:45.0721 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/24 21:44:45.0753 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/24 21:44:45.0782 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/12/24 21:44:45.0800 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2010/12/24 21:44:45.0818 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/24 21:44:45.0877 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/12/24 21:44:45.0949 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/24 21:44:45.0974 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/24 21:44:45.0996 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/12/24 21:44:46.0007 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/12/24 21:44:46.0040 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/24 21:44:46.0063 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/24 21:44:46.0096 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/24 21:44:46.0131 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/24 21:44:46.0161 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/24 21:44:46.0186 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/24 21:44:46.0218 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/24 21:44:46.0245 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/24 21:44:46.0257 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/24 21:44:46.0303 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2010/12/24 21:44:46.0323 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/24 21:44:46.0349 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/24 21:44:46.0369 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/24 21:44:46.0409 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/24 21:44:46.0455 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/24 21:44:46.0491 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/24 21:44:46.0511 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/24 21:44:46.0529 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/24 21:44:46.0575 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/24 21:44:46.0595 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/24 21:44:46.0615 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/12/24 21:44:46.0642 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/24 21:44:46.0661 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/24 21:44:46.0682 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2010/12/24 21:44:46.0695 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/12/24 21:44:46.0720 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/24 21:44:46.0740 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/12/24 21:44:46.0763 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/24 21:44:46.0787 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/24 21:44:46.0808 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2010/12/24 21:44:46.0827 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/24 21:44:46.0863 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/24 21:44:46.0876 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/24 21:44:46.0917 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/12/24 21:44:46.0968 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/24 21:44:47.0051 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/24 21:44:47.0070 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/12/24 21:44:47.0119 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/24 21:44:47.0148 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/24 21:44:47.0191 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/12/24 21:44:47.0230 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/24 21:44:47.0297 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
2010/12/24 21:44:47.0405 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/24 21:44:47.0448 ================================================================================
2010/12/24 21:44:47.0448 Scan finished
2010/12/24 21:44:47.0448 ================================================================================
2010/12/24 21:44:47.0460 Detected object count: 1
2010/12/24 21:45:00.0244 \HardDisk1 - will be cured after reboot
2010/12/24 21:45:00.0244 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2010/12/24 21:45:02.0878 Deinitialize success


I did not run the scan a second time, but in the past when I have ran this utility this was the same behavior I would get. This process would run through and after a reboot I would scan to find the infection still present on the machine.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:50 AM

Posted 24 December 2010 - 09:53 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 tdl4_sadface

tdl4_sadface
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 24 December 2010 - 10:05 PM

Interestingly, this time upon running ComboFix, I was presented with an error message while it was generating the report. The error message is as follows:

Problem signature:
Problem Event Name: BEX
Application Name: PEV.cfxxe
Application Version: 0.0.0.0
Application Timestamp: 4bd0e994
Fault Module Name: PEV.cfxxe
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 4bd0e994
Exception Offset: 00082899
Exception Code: c0000417
Exception Data: 00000000
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033
Additional Information 1: a18b
Additional Information 2: a18b76c918258790b67df1332fee2996
Additional Information 3: 19dd
Additional Information 4: 19dda5d6ef68b5ffa3db2bf0717c45f7

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt


Here is the ComboFix log:

ComboFix 10-12-24.01 - Mashkhith 12/24/2010 21:58:19.3.3 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.3044 [GMT -5:00]
Running from: c:\users\Mashkhith\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-11-25 to 2010-12-25 )))))))))))))))))))))))))))))))
.

2010-12-25 03:00 . 2010-12-25 03:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-24 09:34 . 2010-11-10 02:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EDED5606-DD34-45D2-A189-00E3DE1D8D60}\mpengine.dll
2010-12-23 22:25 . 2010-12-23 22:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2010-12-23 22:25 . 2010-12-23 22:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-23 22:25 . 2010-12-23 22:25 -------- d-----w- c:\program files (x86)\Java
2010-12-22 00:53 . 2010-12-22 00:53 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client
2010-12-16 02:21 . 2010-12-16 02:21 -------- d-----w- c:\program files\Ventrilo
2010-12-16 02:21 . 2010-12-16 02:21 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2010-12-15 22:25 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-12-15 22:25 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-12-15 22:25 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-12-15 22:25 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-12-15 22:25 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-12-15 22:25 . 2010-10-20 04:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-15 22:25 . 2010-10-20 02:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-15 10:27 . 2010-11-10 02:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-15 08:00 . 2010-12-15 08:00 -------- d-----w- c:\windows\SysWow64\Wat
2010-12-14 12:19 . 2008-07-31 15:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2010-12-14 12:19 . 2008-07-31 15:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2010-12-14 12:19 . 2008-07-12 13:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2010-12-14 12:19 . 2008-07-12 13:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2010-12-14 12:19 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2010-12-14 12:17 . 2010-12-14 12:17 -------- d-----w- C:\Riot Games
2010-12-14 03:48 . 2010-12-14 03:48 -------- d-----w- c:\programdata\PMB Files
2010-12-14 03:47 . 2010-12-14 03:47 -------- d-----w- c:\program files (x86)\Pando Networks
2010-12-14 03:22 . 2010-12-14 03:22 -------- d-----w- c:\program files (x86)\Google
2010-12-14 01:31 . 2010-12-14 01:32 -------- d-----w- c:\program files (x86)\Common Files\Nero
2010-12-14 01:31 . 2010-12-14 01:31 -------- d-----w- c:\program files (x86)\Nero
2010-12-14 01:31 . 2010-12-14 01:31 -------- d-----w- c:\programdata\Nero
2010-12-14 01:19 . 2010-12-14 01:19 -------- d-----w- c:\program files (x86)\Ask.com
2010-12-14 01:19 . 2008-10-15 11:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2010-12-14 01:19 . 2007-05-16 21:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
2010-12-14 01:18 . 2010-12-13 22:26 -------- d-----w- c:\windows\Panther
2010-12-13 23:29 . 2010-12-13 23:29 -------- d-----w- c:\programdata\ATI
2010-12-13 23:29 . 2010-12-13 23:29 0 ----a-w- c:\windows\ativpsrm.bin
2010-12-13 23:27 . 2010-12-13 23:27 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2010-12-13 23:27 . 2010-12-13 23:27 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2010-12-13 23:27 . 2009-09-03 23:30 2902495 ------w- c:\windows\SysWow64\Sens_oal.dll
2010-12-13 23:26 . 2010-12-13 23:26 -------- d-----w- c:\program files (x86)\Common Files\Creative Labs Shared
2010-12-13 23:26 . 2010-12-13 23:26 -------- d-----w- c:\program files\Creative
2010-12-13 23:26 . 2010-12-13 23:27 -------- d-----w- c:\program files (x86)\Creative
2010-12-13 23:26 . 2010-12-13 23:27 -------- d-----w- c:\program files (x86)\RocketFish
2010-12-13 23:26 . 2010-12-13 23:26 -------- d-----w- c:\programdata\Creative
2010-12-13 23:26 . 2009-07-10 14:07 166912 ----a-w- c:\windows\SysWow64\APOMngr.DLL
2010-12-13 23:26 . 2009-02-06 23:52 73728 ----a-w- c:\windows\SysWow64\CmdRtr.DLL
2010-12-13 23:25 . 2010-12-13 23:23 11264 ----a-w- c:\windows\SysWow64\INRES.DLL
2010-12-13 23:25 . 2010-12-14 12:16 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2010-12-13 23:25 . 2010-12-13 23:25 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2010-12-13 23:13 . 2010-12-13 23:13 -------- d-----w- c:\program files (x86)\Microsoft Antimalware
2010-12-13 23:13 . 2010-12-13 23:13 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-12-13 22:49 . 2010-12-13 22:49 -------- d-----w- c:\programdata\Logitech
2010-12-13 22:49 . 2010-12-13 22:49 -------- d-----w- c:\program files\Logitech
2010-12-13 22:49 . 2010-12-13 22:49 -------- d-----w- c:\program files (x86)\Logitech
2010-12-13 22:39 . 2010-12-13 22:58 -------- d-----w- c:\program files (x86)\ATI Technologies
2010-12-13 22:39 . 2010-12-23 22:25 -------- d-sh--w- c:\windows\Installer
2010-12-13 22:39 . 2010-12-13 22:39 -------- d-----w- c:\program files\ATI
2010-12-13 22:38 . 2010-12-13 22:57 -------- d-----w- c:\program files\ATI Technologies
2010-12-13 22:38 . 2010-12-13 22:38 -------- d-----w- C:\ATI
2010-12-13 22:33 . 2010-12-13 22:33 -------- d-----w- c:\windows\SysWow64\Macromed
2010-12-13 22:26 . 2010-12-24 16:32 -------- d-----w- c:\users\Mashkhith
2010-12-13 22:25 . 2010-12-13 22:25 -------- d-----w- C:\Recovery
2010-11-26 03:02 . 2010-11-26 03:02 16702976 ----a-w- c:\windows\SysWow64\atioglxx.dll
2010-11-26 02:58 . 2010-11-26 02:58 550400 ----a-w- c:\windows\SysWow64\aticfx32.dll
2010-11-26 02:52 . 2010-11-26 02:52 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2010-11-26 02:52 . 2010-11-26 02:52 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2010-11-26 02:52 . 2010-11-26 02:52 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2010-11-26 02:49 . 2010-11-26 02:49 4066816 ----a-w- c:\windows\SysWow64\atidxx32.dll
2010-11-26 02:30 . 2010-11-26 02:30 4122624 ----a-w- c:\windows\SysWow64\atiumdag.dll
2010-11-26 02:30 . 2010-11-26 02:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2010-11-26 02:30 . 2010-11-26 02:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2010-11-26 02:28 . 2010-11-26 02:28 5441024 ----a-w- c:\windows\SysWow64\aticaldd.dll
2010-11-26 02:22 . 2010-11-26 02:22 3460096 ----a-w- c:\windows\SysWow64\atiumdva.dll
2010-11-26 02:17 . 2010-11-26 02:17 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2010-11-26 02:16 . 2010-11-26 02:16 27136 ----a-w- c:\windows\SysWow64\atigktxx.dll
2010-11-26 02:15 . 2010-11-26 02:15 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2010-11-26 02:15 . 2010-11-26 02:15 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-13 23:24 . 2009-04-21 02:38 506368 ----a-w- c:\windows\SysWow64\P17APO32.dll
2010-12-13 23:23 . 2009-08-25 02:33 613503 ----a-w- c:\windows\SysWow64\APOIM64.exe
2010-12-13 23:23 . 2009-09-08 09:44 22146048 ----a-w- c:\windows\SysWow64\AppSetup.exe
2010-12-13 23:23 . 2009-08-13 07:19 144384 ----a-w- c:\windows\SysWow64\OemSpiE.dll
2010-12-13 23:23 . 2008-08-26 08:30 8704 ----a-w- c:\windows\ResDefE.exe
2010-12-13 23:23 . 2008-03-28 07:57 14848 ----a-w- c:\windows\SysWow64\P17RunE.dll
2010-12-13 23:23 . 2006-12-04 13:56 42496 ----a-w- c:\windows\SysWow64\AddCat.exe
2010-11-11 17:08 . 2010-11-11 17:08 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2010-11-11 17:08 . 2010-11-11 17:08 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2010-11-11 17:07 . 2010-11-11 17:07 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2010-11-11 17:07 . 2010-11-11 17:07 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2010-11-11 17:07 . 2010-11-11 17:07 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2010-11-11 17:05 . 2010-11-11 17:05 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2010-11-11 17:05 . 2010-11-11 17:05 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2010-11-11 17:04 . 2010-11-11 17:04 641536 ----a-w- c:\windows\SysWow64\CPFilters.dll
2010-11-11 17:04 . 2010-11-11 17:04 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2010-11-11 17:04 . 2010-11-11 17:04 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2010-11-11 17:04 . 2010-11-11 17:04 738816 ----a-w- c:\windows\SysWow64\wmpmde.dll
2010-11-11 17:03 . 2010-11-11 17:03 224256 ----a-w- c:\windows\SysWow64\schannel.dll
2010-11-11 17:03 . 2010-11-11 17:03 109056 ----a-w- c:\windows\SysWow64\t2embed.dll
2010-11-11 17:02 . 2010-11-11 17:02 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll
2010-11-11 17:01 . 2010-11-11 17:01 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2010-11-11 16:58 . 2010-11-11 16:58 1233920 ----a-w- c:\windows\SysWow64\msxml3.dll
2010-11-11 16:57 . 2010-11-11 16:57 37376 ----a-w- c:\windows\SysWow64\rtutils.dll
2010-11-11 16:57 . 2010-11-11 16:57 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
2010-11-11 16:56 . 2010-11-11 16:56 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2010-11-11 16:55 . 2010-11-11 16:55 3955080 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2010-11-11 16:55 . 2010-11-11 16:55 3899784 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2010-11-11 16:54 . 2010-11-11 16:54 427520 ----a-w- c:\windows\SysWow64\vbscript.dll
2010-11-11 16:54 . 2010-11-11 16:54 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2010-11-11 16:53 . 2010-11-11 16:53 1289528 ----a-w- c:\windows\SysWow64\ntdll.dll
2010-11-11 16:52 . 2010-11-11 16:52 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2010-11-11 16:52 . 2010-11-11 16:52 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2010-11-11 16:51 . 2010-11-11 16:51 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2010-11-11 16:51 . 2010-11-11 16:51 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2010-11-11 16:50 . 2010-11-11 16:50 85504 ----a-w- c:\windows\SysWow64\secproc_ssp_isv.dll
2010-11-11 16:50 . 2010-11-11 16:50 85504 ----a-w- c:\windows\SysWow64\secproc_ssp.dll
2010-11-11 16:50 . 2010-11-11 16:50 369152 ----a-w- c:\windows\SysWow64\secproc.dll
2010-11-11 16:50 . 2010-11-11 16:50 365568 ----a-w- c:\windows\SysWow64\secproc_isv.dll
2010-11-11 16:50 . 2010-11-11 16:50 324608 ----a-w- c:\windows\SysWow64\RMActivate_isv.exe
2010-11-11 16:50 . 2010-11-11 16:50 320512 ----a-w- c:\windows\SysWow64\RMActivate.exe
2010-11-11 16:50 . 2010-11-11 16:50 280064 ----a-w- c:\windows\SysWow64\RMActivate_ssp.exe
2010-11-11 16:50 . 2010-11-11 16:50 277504 ----a-w- c:\windows\SysWow64\RMActivate_ssp_isv.exe
2010-11-11 16:49 . 2010-11-11 16:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2010-11-11 16:49 . 2010-11-11 16:49 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2010-11-11 16:49 . 2010-11-11 16:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2010-11-11 16:49 . 2010-11-11 16:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2010-11-11 16:49 . 2010-11-11 16:49 2048 ----a-w- c:\windows\SysWow64\user.exe
2010-11-11 16:49 . 2010-11-11 16:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2010-11-11 16:49 . 2010-11-11 16:49 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2010-11-11 16:49 . 2010-11-11 16:49 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2010-11-11 16:48 . 2010-11-11 16:48 2870272 ----a-w- c:\windows\explorer.exe
2010-11-11 16:48 . 2010-11-11 16:48 2614272 ----a-w- c:\windows\SysWow64\explorer.exe
2010-11-11 16:47 . 2010-11-11 16:47 91648 ----a-w- c:\windows\SysWow64\avifil32.dll
2010-11-11 16:47 . 2010-11-11 16:47 84480 ----a-w- c:\windows\SysWow64\mciavi32.dll
2010-11-11 16:47 . 2010-11-11 16:47 50176 ----a-w- c:\windows\SysWow64\iyuv_32.dll
2010-11-11 16:47 . 2010-11-11 16:47 31744 ----a-w- c:\windows\SysWow64\msvidc32.dll
2010-11-11 16:47 . 2010-11-11 16:47 22016 ----a-w- c:\windows\SysWow64\msyuv.dll
2010-11-11 16:47 . 2010-11-11 16:47 13312 ----a-w- c:\windows\SysWow64\msrle32.dll
2010-11-11 16:47 . 2010-11-11 16:47 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2010-11-11 16:47 . 2010-11-11 16:47 12288 ----a-w- c:\windows\SysWow64\tsbyuv.dll
2010-11-11 16:46 . 2010-11-11 16:46 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2010-11-11 16:46 . 2010-11-11 16:46 34816 ----a-w- c:\windows\SysWow64\msasn1.dll
2010-11-11 16:45 . 2010-11-11 16:45 1320960 ----a-w- c:\windows\SysWow64\CertEnroll.dll
2010-11-11 16:45 . 2010-11-11 16:45 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2010-11-11 16:40 . 2010-11-11 16:40 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2010-11-11 16:40 . 2010-11-11 16:40 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2010-11-11 16:40 . 2010-11-11 16:40 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2010-11-11 16:40 . 2010-11-11 16:40 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2010-11-11 16:40 . 2010-11-11 16:40 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-12-14_03.18.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-11-11 17:06 . 2010-11-11 17:06 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2010-12-15 22:24 . 2010-11-04 05:49 67072 c:\windows\SysWOW64\mshtmled.dll
- 2010-11-11 17:06 . 2010-11-11 17:06 12800 c:\windows\SysWOW64\msfeedssync.exe
+ 2010-12-15 22:24 . 2010-11-04 05:46 12800 c:\windows\SysWOW64\msfeedssync.exe
- 2010-11-11 17:06 . 2010-11-11 17:06 64512 c:\windows\SysWOW64\msfeedsbs.dll
+ 2010-12-15 22:24 . 2010-11-04 05:49 64512 c:\windows\SysWOW64\msfeedsbs.dll
- 2010-11-11 17:06 . 2010-11-11 17:06 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2010-12-15 22:24 . 2010-11-04 05:52 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2010-11-11 17:06 . 2010-11-11 17:06 44544 c:\windows\SysWOW64\licmgr10.dll
+ 2010-12-15 22:24 . 2010-11-04 05:48 44544 c:\windows\SysWOW64\licmgr10.dll
+ 2010-12-15 22:24 . 2010-11-04 05:48 48128 c:\windows\SysWOW64\jsproxy.dll
- 2010-11-11 17:06 . 2010-11-11 17:06 48128 c:\windows\SysWOW64\jsproxy.dll
+ 2010-12-14 12:14 . 2010-12-14 12:14 72558 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-12-13 23:30 . 2010-12-25 02:47 19344 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2010-12-25 02:47 35168 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-15 22:24 . 2010-11-04 06:32 97280 c:\windows\system32\mshtmled.dll
- 2010-11-11 17:06 . 2010-11-11 17:06 97280 c:\windows\system32\mshtmled.dll
+ 2010-12-15 22:24 . 2010-11-04 06:28 12288 c:\windows\system32\msfeedssync.exe
- 2010-11-11 17:06 . 2010-11-11 17:06 12288 c:\windows\system32\msfeedssync.exe
- 2010-11-11 17:06 . 2010-11-11 17:06 82944 c:\windows\system32\msfeedsbs.dll
+ 2010-12-15 22:24 . 2010-11-04 06:32 82944 c:\windows\system32\msfeedsbs.dll
- 2010-11-11 17:06 . 2010-11-11 17:06 95232 c:\windows\system32\migration\WininetPlugin.dll
+ 2010-12-15 22:24 . 2010-11-04 06:35 95232 c:\windows\system32\migration\WininetPlugin.dll
+ 2010-12-15 22:24 . 2010-11-04 06:31 57856 c:\windows\system32\licmgr10.dll
- 2010-11-11 17:06 . 2010-11-11 17:06 57856 c:\windows\system32\licmgr10.dll
- 2010-11-11 17:06 . 2010-11-11 17:06 64512 c:\windows\system32\jsproxy.dll
+ 2010-12-15 22:24 . 2010-11-04 06:31 64512 c:\windows\system32\jsproxy.dll
- 2010-12-13 22:23 . 2010-12-13 23:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-13 22:23 . 2010-12-15 23:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-13 22:23 . 2010-12-15 23:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-13 22:23 . 2010-12-13 23:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-15 23:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-13 23:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-15 22:25 . 2010-10-20 05:20 46080 c:\windows\system32\atmlib.dll
- 2010-11-11 16:52 . 2010-11-11 16:52 46080 c:\windows\system32\atmlib.dll
+ 2009-07-14 04:46 . 2010-12-25 02:52 71944 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-12-13 22:49 . 2010-12-14 02:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-13 22:49 . 2010-12-25 02:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-13 22:49 . 2010-12-25 02:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-13 22:49 . 2010-12-14 02:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-14 04:00 . 2010-12-14 04:00 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\3eb00c0f6d2c75c4c701c912683efd87\System.Windows.Presentation.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\83c64207e6517ef87908d7a8f7329217\System.Web.DynamicData.Design.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\f39d125fbdc6bc9a7568e11938dd95ba\PresentationFontCache.ni.exe
+ 2010-12-14 03:59 . 2010-12-14 03:59 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\be4f294ba46b2fd36757d2c17c60c3f3\Microsoft.WSMan.Runtime.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\d28f913c8a12c10245cea18b3c65f378\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\b6e3206c605bbec8694ff23a81600fe7\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\b4fff36537d1433bed9f84e8ea5fe711\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\a4bd3a5abf568160feaa162d8547aa8e\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\9da6c9d2af70ee02d54dd32d56127539\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\9d13f5da5756c9b3eb640533ad7f6847\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2010-12-14 03:58 . 2010-12-14 03:58 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\915f3ffe18049638fc89207afb30418f\dfsvc.ni.exe
+ 2010-12-14 03:57 . 2010-12-14 03:57 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\101740bb080b93dcd57cca0b49561b5b\System.Windows.Presentation.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e822673e35e142ea7337480e677ae0db\System.Web.DynamicData.Design.ni.dll
+ 2010-12-14 03:56 . 2010-12-14 03:56 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\4f643751eda6cafe890f0884a6ec7392\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-12-14 03:56 . 2010-12-14 03:56 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\89a9ddc116df21673f60cc7d1ed63e4b\System.AddIn.Contract.ni.dll
+ 2010-12-14 03:56 . 2010-12-14 03:56 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\cda6307ec359333afe51ed90f61db564\PresentationFontCache.ni.exe
+ 2010-12-13 22:45 . 2010-12-25 02:47 4216 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-35121409-3287810490-1152339797-1000_UserData.bin
+ 2010-12-15 22:25 . 2010-10-27 05:06 2048 c:\windows\system32\tzres.dll
- 2010-11-11 16:43 . 2010-11-11 16:43 2048 c:\windows\system32\tzres.dll
+ 2010-12-25 02:45 . 2010-12-25 02:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-14 02:36 . 2010-12-14 02:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-14 02:36 . 2010-12-14 02:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-25 02:45 . 2010-12-25 02:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-15 22:24 . 2010-11-04 05:52 978944 c:\windows\SysWOW64\wininet.dll
+ 2010-12-15 22:24 . 2010-10-16 04:36 314368 c:\windows\SysWOW64\webio.dll
+ 2010-12-15 08:00 . 2010-12-15 08:00 128424 c:\windows\SysWOW64\Wat\WatWeb.dll
+ 2010-12-15 08:00 . 2010-12-15 08:00 114600 c:\windows\SysWOW64\Wat\npWatWeb.dll
+ 2010-12-15 22:24 . 2010-11-04 05:49 606208 c:\windows\SysWOW64\mstime.dll
- 2010-11-11 17:06 . 2010-11-11 17:06 606208 c:\windows\SysWOW64\mstime.dll
+ 2010-12-15 22:24 . 2010-11-04 05:49 599040 c:\windows\SysWOW64\msfeeds.dll
- 2010-11-11 17:06 . 2010-11-11 17:06 599040 c:\windows\SysWOW64\msfeeds.dll
+ 2010-12-23 22:25 . 2010-12-23 22:25 157472 c:\windows\SysWOW64\javaws.exe
+ 2010-12-23 22:25 . 2010-12-23 22:25 145184 c:\windows\SysWOW64\javaw.exe
+ 2010-12-23 22:25 . 2010-12-23 22:25 145184 c:\windows\SysWOW64\java.exe
+ 2010-12-15 22:24 . 2010-11-04 05:48 176640 c:\windows\SysWOW64\ieui.dll
- 2010-11-11 17:06 . 2010-11-11 17:06 176640 c:\windows\SysWOW64\ieui.dll
+ 2010-12-15 22:24 . 2010-11-04 05:48 185856 c:\windows\SysWOW64\iepeers.dll
- 2010-11-11 17:06 . 2010-11-11 17:06 185856 c:\windows\SysWOW64\iepeers.dll
- 2010-11-11 17:06 . 2010-11-11 17:06 381440 c:\windows\SysWOW64\iedkcs32.dll
+ 2010-12-15 22:24 . 2010-11-04 05:48 381440 c:\windows\SysWOW64\iedkcs32.dll
+ 2010-12-15 22:25 . 2010-11-02 05:18 524288 c:\windows\system32\wmicmiplugin.dll
+ 2010-12-15 22:24 . 2010-10-16 05:19 395776 c:\windows\system32\webio.dll
+ 2010-12-15 08:00 . 2010-12-15 08:00 152888 c:\windows\system32\Wat\WatWeb.dll
+ 2010-12-15 08:00 . 2010-12-15 08:00 249656 c:\windows\system32\Wat\WatUX.exe
+ 2010-12-15 08:00 . 2010-12-15 08:00 138664 c:\windows\system32\Wat\npWatWeb.dll
+ 2010-12-15 22:25 . 2010-11-02 05:10 464384 c:\windows\system32\taskeng.exe
- 2009-07-13 23:47 . 2009-07-14 01:41 473600 c:\windows\system32\taskcomp.dll
+ 2010-12-15 22:25 . 2010-11-02 05:17 473600 c:\windows\system32\taskcomp.dll
+ 2010-12-15 22:25 . 2010-11-02 05:10 285696 c:\windows\system32\schtasks.exe
- 2009-07-14 02:36 . 2010-12-14 02:41 615122 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2010-12-25 02:50 615122 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2010-12-14 02:41 103496 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2010-12-25 02:50 103496 c:\windows\system32\perfc009.dat
+ 2010-12-15 22:24 . 2010-11-04 06:32 703488 c:\windows\system32\msfeeds.dll
- 2010-11-11 17:06 . 2010-11-11 17:06 247808 c:\windows\system32\ieui.dll
+ 2010-12-15 22:24 . 2010-11-04 06:31 247808 c:\windows\system32\ieui.dll
+ 2010-12-15 22:24 . 2010-11-04 06:31 256000 c:\windows\system32\iepeers.dll
- 2010-11-11 17:06 . 2010-11-11 17:06 256000 c:\windows\system32\iepeers.dll
+ 2010-12-15 22:24 . 2010-11-04 06:31 445952 c:\windows\system32\iedkcs32.dll
- 2010-11-11 17:06 . 2010-11-11 17:06 445952 c:\windows\system32\iedkcs32.dll
- 2009-07-14 04:45 . 2010-12-14 01:19 274320 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2010-12-15 23:43 274320 c:\windows\system32\FNTCACHE.DAT
+ 2010-12-15 22:24 . 2010-10-16 05:23 112000 c:\windows\system32\consent.exe
+ 2010-12-15 22:25 . 2010-10-20 03:05 367104 c:\windows\system32\atmfd.dll
+ 2010-12-13 23:50 . 2010-12-25 02:45 389616 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2010-12-25 02:45 234392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2010-12-14 02:36 234392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-12-14 00:31 . 2010-12-14 02:36 234392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-35121409-3287810490-1152339797-1000-12288.dat
+ 2010-12-14 00:31 . 2010-12-25 02:45 234392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-35121409-3287810490-1152339797-1000-12288.dat
+ 2010-12-23 22:25 . 2010-12-23 22:25 183808 c:\windows\Installer\2c84d4e.msi
+ 2009-07-22 05:23 . 2009-07-22 05:23 199680 c:\windows\Installer\25d502e9.msi
+ 2008-08-08 19:11 . 2008-08-08 19:11 232960 c:\windows\Installer\1f278f6c.msi
+ 2010-12-14 04:00 . 2010-12-14 04:00 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\c4343e5f4e9e9fd4ded688747c93d541\WsatConfig.ni.exe
+ 2010-12-14 04:00 . 2010-12-14 04:00 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\233c5b7d4eee16e35d7edbc2aec30325\WindowsFormsIntegration.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\82738204150743962b3def5f4c991cd9\UIAutomationClient.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\d960505bdc9f512bcff90c60e1d69b06\TaskScheduler.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\968d5779801bd2c7407c32e7c9abd95e\System.Xml.Linq.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\02df6648ef501c7febb72ef9c59fab47\System.Web.Routing.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\41a3cd5d1a21e48f3abb9736e77664ae\System.Web.Entity.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\c859c4a6661db4ca62a5006df6427bc8\System.Web.Entity.Design.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\e96d65644a700fe5c931accdfa1fc319\System.Web.DynamicData.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\c5e32b71231a8276885dbbedf1d8f9cd\System.Web.Abstractions.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\b37554a9cdde45fd2ab3a40a6084edcf\System.Net.ni.dll
+ 2010-12-14 03:58 . 2010-12-14 03:58 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\86a2c57b86dcd107e1539ccc119bf544\System.Messaging.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\a708c96ae60ebaff995a3c277504ccce\System.Management.Instrumentation.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 569344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\fbed4a169aa926fa08a347a1528bba48\System.IO.Log.ni.dll
+ 2010-12-14 03:58 . 2010-12-14 03:58 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\8974c0a6cddc49c583bf410f9b28603c\System.IdentityModel.Selectors.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 493056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\173cab3cdcbcb1c9312d0578e42136d6\System.Data.Services.Design.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\3e3e3779ca0193f5484e4a10cf5adade\System.Data.DataSetExtensions.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\08a9c49ecfc099e06ca1f3e9de73833b\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 889344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\adc497446614c25e14fbff819cfcabda\System.AddIn.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\d4ca5b3dbb32f4ec202f58edee0dc1b4\System.AddIn.Contract.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\0b14eb3dd0cc94176e583f5ab092ee72\sysglobl.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\7110a5c937257cffcde87dffc17feede\SMSvcHost.ni.exe
+ 2010-12-14 03:58 . 2010-12-14 03:58 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\cb76d26ed91014ae960341336cb63ea1\SMDiagnostics.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\9811a2782f82fa784a0300bd8962245b\napsnap.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\c5eb588728aa4e2f4c11869226b8511d\napinit.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 175104 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\d6131e672a5110808183e3d8ebd2b904\naphlpr.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 127488 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\9eab1c32ff3e9694b3d2cc4bbd7cca2d\napcrypt.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\9ecbbd3818dbda33f2d1fd240aafa8a7\MSBuild.ni.exe
+ 2010-12-14 03:59 . 2010-12-14 03:59 681472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\38755f1a0c77c357c6fdf049a607239f\Microsoft.WSMan.Management.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\541dc5c0280a5a53d540cc99cc7674ab\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\773a981da7d5a5290c6b4a0c5ac02a96\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 318976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\82e66d51dcfdbb4572e3faeafc8b4149\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f78e791e5ca15a05cce600add3baf882\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\d63ae63e9d4d23527c1cfa631ecde452\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\aba40e6723350deb7f60f41b87ff3881\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\2415021b699a6c435d7eaa17108e2e2d\Microsoft.PowerShell.Security.ni.dll
+ 2010-12-14 03:58 . 2010-12-14 03:58 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\626d8a42ad333d178c5ac48466844835\Microsoft.Build.Utilities.ni.dll
+ 2010-12-14 03:58 . 2010-12-14 03:58 244224 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\508b2697a80dc02411c50594f73b4dc3\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-12-14 03:58 . 2010-12-14 03:58 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\97175b8ae893544f30de92d6d97477b0\Microsoft.Build.Framework.ni.dll
+ 2010-12-14 03:58 . 2010-12-14 03:58 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\066cfc497b40d35b4cf7ca9429e9ae55\Microsoft.Build.Framework.ni.dll
+ 2010-12-14 03:58 . 2010-12-14 03:58 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\4dbdaa72ede9c3cfbc3820a56a0d705f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-12-14 03:58 . 2010-12-14 03:58 107008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\b293a37fe66aacce3a15dc1d9dae1cbb\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
+ 2010-12-14 03:58 . 2010-12-14 03:58 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\beef5e008b9a6c96e1ed196bd5fe1702\EventViewer.ni.dll
+ 2010-12-14 03:58 . 2010-12-14 03:58 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\ab62702a03dd4f7aa8a7193bef3f3868\CustomMarshalers.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\9dd877c1cce22143de2bbc0d087305c0\ComSvcConfig.ni.exe
+ 2010-12-14 03:57 . 2010-12-14 03:57 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\1eab6ceaf2bc688df423255ff9490d60\WsatConfig.ni.exe
+ 2010-12-14 03:57 . 2010-12-14 03:57 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\d3ab00af09cebaa9eeef352712b6f6bf\WindowsFormsIntegration.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\3118353bd1e1ba3f065418d837bd479e\TaskScheduler.ni.dll
+ 2010-12-14 03:56 . 2010-12-14 03:56 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\cc523d58068d01f874b18e665d49eb67\System.Xml.Linq.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\1af53304e3fe10a7b15dc9937f607fc2\System.Web.Routing.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\20b3c587af6b5c9c9d36a21cd7baa2f4\System.Web.Extensions.Design.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\b67882ca3c8f2b92606b8f9673626286\System.Web.Entity.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\df335f174e9789ff675fa67b6a254761\System.Web.Entity.Design.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\531e45c33d3984d0c186c740fc9f5e48\System.Web.DynamicData.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\115364cd934c1f77bbfd953c08ddacaf\System.Web.Abstractions.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\c9c7532609177f639fac55991c882d1f\System.Net.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\9d42bf7e1d49e083bf8ca3dc44ee2b19\System.Management.Instrumentation.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\8dd494a51a34de9bb8dc459287fe01bc\System.IO.Log.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 887808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\cd5561592e50ed277e3b1a45d529c1a4\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 356864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d1d2e67b4b6908a0119966021363b7dc\System.Data.Services.Design.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 946176 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b7d5d32033299d1e34180f80aeb71748\System.Data.Services.Client.ni.dll
+ 2010-12-14 03:56 . 2010-12-14 03:56 762880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\41ebde9c737eff80b86ac671b545b999\System.Data.Entity.Design.ni.dll
+ 2010-12-14 03:56 . 2010-12-14 03:56 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b35e8ee9e538de0ce43719f73aca5833\System.Data.DataSetExtensions.ni.dll
+ 2010-12-14 03:56 . 2010-12-14 03:56 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\85b263ee17ce8086d74c45fed21c1180\System.AddIn.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\999b0b3c1e99cdf46f6afbb7daf1ae49\sysglobl.ni.dll
+ 2010-12-14 03:56 . 2010-12-14 03:56 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\cb96e1d6de2c7a0c2d518761d6d139b2\SMSvcHost.ni.exe
+ 2010-12-14 03:56 . 2010-12-14 03:56 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\4fc3b5a097ef3fa5bec6f4671350ab62\napsnap.ni.dll
- 2010-11-11 17:06 . 2010-11-11 17:06 1226752 c:\windows\SysWOW64\urlmon.dll
+ 2010-12-15 22:24 . 2010-11-04 05:52 1226752 c:\windows\SysWOW64\urlmon.dll
+ 2010-12-15 22:24 . 2010-11-04 05:49 5978112 c:\windows\SysWOW64\mshtml.dll
+ 2010-12-15 22:24 . 2010-11-04 05:48 2063360 c:\windows\SysWOW64\iertutil.dll
+ 2010-12-15 22:24 . 2010-11-04 06:35 1194496 c:\windows\system32\wininet.dll
+ 2010-12-15 22:24 . 2010-10-20 03:09 3124224 c:\windows\system32\win32k.sys
+ 2010-12-15 08:00 . 2010-12-15 08:00 1255736 c:\windows\system32\Wat\WatAdminSvc.exe
- 2010-11-11 17:06 . 2010-11-11 17:06 1495040 c:\windows\system32\urlmon.dll
+ 2010-12-15 22:24 . 2010-11-04 06:35 1495040 c:\windows\system32\urlmon.dll
+ 2010-12-15 22:25 . 2010-11-02 05:17 1169408 c:\windows\system32\taskschd.dll
+ 2010-12-15 22:25 . 2010-11-02 05:16 1114624 c:\windows\system32\schedsvc.dll
+ 2010-12-15 22:24 . 2010-11-04 06:32 1026560 c:\windows\system32\mstime.dll
+ 2010-12-15 22:24 . 2010-11-04 06:32 9306624 c:\windows\system32\mshtml.dll
+ 2010-12-15 22:24 . 2010-11-04 06:31 2447872 c:\windows\system32\iertutil.dll
- 2009-07-14 04:45 . 2010-12-14 01:31 3607983 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2010-12-23 09:30 3607983 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-12-16 02:21 . 2010-12-16 02:21 4066816 c:\windows\Installer\9247bf.msi
+ 2010-12-03 23:25 . 2010-12-03 23:25 2003456 c:\windows\Installer\2155496.msi
+ 2010-12-14 04:00 . 2010-12-14 04:00 1458688 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\34620bb9f7b76dd7537bb19b9d03833f\UIAutomationClientsideProviders.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 1817600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\079464502044f67e5faca79c8b9ae845\System.WorkflowServices.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\2a93c1b65fcd65d5ac8bc70ee3345980\System.Web.Mobile.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\a9f6a435824423acb5008f7d47a6fb29\System.Web.Extensions.Design.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 3041792 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\47659b19dff2f4aa280266cb15598663\System.Web.Extensions.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\8d10b18b785d7ab5a9c5d2d3aea5d1c9\System.Speech.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\b2a2a4fac227c6a58fc3e088d5dab67c\System.ServiceModel.Web.ni.dll
+ 2010-12-14 03:58 . 2010-12-14 03:58 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\96c165505a07b660f7ce052aec3e852e\System.Runtime.Serialization.ni.dll
+ 2010-12-14 03:58 . 2010-12-14 03:58 1433088 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\9b1ee10609a0ab1c8a8aa7873e63cd1f\System.IdentityModel.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 1229824 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\95574f8ac2037523f9a4b9c6073280cd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 1846272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\68e422101e69b43e80836fa3cf60f3df\System.Data.Services.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 1289728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\55b60613e1429bbcbb26f9fd58133b60\System.Data.Services.Client.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\4774b729f858ea0eaa4a95570b38a2ef\System.Data.Linq.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\28cdeef8684c6e89513184acaa34eb4b\System.Data.Entity.Design.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\6ef98a068f45cbf57702eab0f623d007\System.Core.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 1881088 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\e53a2610392e48e17989f4ad367f2977\PresentationBuildTasks.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\1a5fd0996e762030f511928d6a4ced9c\Narrator.ni.exe
+ 2010-12-14 03:59 . 2010-12-14 03:59 2327040 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\53cd5c84e9dba16758a0e7cd02a4273b\MMCEx.ni.dll
+ 2010-12-14 03:58 . 2010-12-14 03:58 7966208 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\dbb8eb73740f0996a7133b8ee4bbf7a5\MIGUIControls.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\1f03b7bea2b4a9902b8261b37dcf1fce\Microsoft.VisualBasic.ni.dll
+ 2010-12-14 03:58 . 2010-12-14 03:58 1598464 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\1373ce573f0d3f7227f9e421d2ff5835\Microsoft.Transactions.Bridge.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\fab827a918c6e54a3f98e1343104e301\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a024925125c462477531181a1a6f4d96\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 5351424 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\8e62f18bcf8190be5ffec8f91ad1dc45\Microsoft.PowerShell.Editor.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 2175488 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\02f868da68a342ea7ccd26004237dcb6\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2010-12-14 03:58 . 2010-12-14 03:58 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\3cbe486812df2d42ddc020fc5dfabed9\Microsoft.Ink.ni.dll
+ 2010-12-14 03:58 . 2010-12-14 03:58 2677760 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\a91245ed32301dbdf5c83e1ae3405edd\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-12-14 03:58 . 2010-12-14 03:58 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\0709611492fc13f2411be23ad51cb0ca\Microsoft.Build.Tasks.ni.dll
+ 2010-12-14 03:58 . 2010-12-14 03:58 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\0790fcd0efb3fea836d422865bbb22b6\Microsoft.Build.Engine.ni.dll
+ 2010-12-14 03:58 . 2010-12-14 03:58 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\02ec0de6762545765ce22535769c0f4f\Microsoft.Build.Engine.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\316d55123fabfb1b92b6364d294ccf65\UIAutomationClientsideProviders.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\49bea010bf1cd3d114a44ac029d8aeaf\System.WorkflowServices.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\53878cd05f58c4959147cbd3b1d69d04\System.Web.Mobile.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 2402816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\55d8256368344958d49ffffc4b31d42d\System.Web.Extensions.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\d9d7b2b31f2139f7f8ec4679a21bcdb0\System.Speech.ni.dll
+ 2010-12-14 03:57 . 2010-12-14 03:57 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\177dc5c63e6c72ebd19d897c0fddab1b\System.ServiceModel.Web.ni.dll
+ 2010-12-14 03:56 . 2010-12-14 03:56 1328640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\192e017f3b0f1f3efbf1e3041cd0fa34\System.Data.Services.ni.dll
+ 2010-12-14 03:56 . 2010-12-14 03:56 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\6e6ded3ee35572638262578c00afd4dc\System.Data.Linq.ni.dll
+ 2010-12-14 03:56 . 2010-12-14 03:56 9921024 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6e9445f6c035f07b31a86296f4e2be3f\System.Data.Entity.ni.dll
+ 2010-12-14 03:56 . 2010-12-14 03:56 1449984 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\a3bcad5eb6d5b5dd1942f2ce44a67b5b\PresentationBuildTasks.ni.dll
+ 2010-12-14 03:56 . 2010-12-14 03:56 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\0241f268cfd049156b84d8aad8c794bc\Narrator.ni.exe
+ 2010-12-15 22:24 . 2010-11-04 05:48 10989056 c:\windows\SysWOW64\ieframe.dll
- 2009-07-14 02:34 . 2010-12-14 02:35 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2010-12-24 09:44 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-12-15 22:24 . 2010-11-04 06:31 12369408 c:\windows\system32\ieframe.dll
- 2010-11-11 17:06 . 2010-11-11 17:06 12369408 c:\windows\system32\ieframe.dll
+ 2010-12-23 22:24 . 2010-12-23 22:24 12604928 c:\windows\Installer\2c84d47.msi
+ 2010-12-14 03:58 . 2010-12-14 03:58 23812096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\e000a1cd822ffb6f6483426a67622d75\System.ServiceModel.ni.dll
+ 2010-12-14 03:59 . 2010-12-14 03:59 11898880 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\99302fb278fb0b61ce185cb0ddd44bd9\System.Management.Automation.ni.dll
+ 2010-12-14 04:00 . 2010-12-14 04:00 13757952 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\1fb6f8743f783684031b530b7eb3d5cc\System.Data.Entity.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-21 17:17 1233288 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Mashkhith\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-09-01 136176]
"Steam"="x:\steam\Steam.exe" [2010-12-20 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 336384]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-13 79360]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-15 1255736]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 40832]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

.
Contents of the 'Scheduled Tasks' folder

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-35121409-3287810490-1152339797-1000Core.job
- c:\users\Mashkhith\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-13 06:15]

2010-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-35121409-3287810490-1152339797-1000UA.job
- c:\users\Mashkhith\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-13 06:15]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 2093128]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 4271688]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1448568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com?o=101912&l=dis
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\Mashkhith\AppData\Roaming\Mozilla\Firefox\Profiles\xc53zmp3.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-24 22:02:37
ComboFix-quarantined-files.txt 2010-12-25 03:02
ComboFix2.txt 2010-12-14 03:19
ComboFix3.txt 2010-12-13 23:48

Pre-Run: 221,077,319,680 bytes free
Post-Run: 221,066,924,032 bytes free

- - End Of File - - B989DE1787B22422C5470F0594A89600




TDSSKiller is still reporting the presence of TDSS.tdl4 on hd1.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:50 AM

Posted 24 December 2010 - 10:11 PM

Hello

System Recovery Environment

To access the System Recovery Environment in Windows 7, simply boot your PC,

  • just before the system loads the Windows operating system, hit the [F8] Function 8 key on your keyboard which will launch the Advanced Boot Options menu.
  • There you will see a new option 'Repair Your Computer', select this option and hit 'Enter' on your keyboard.
  • Now, from the System Recovery Options dialog, select the "Operating System" you want to repair, then click Next:
  • From the "Choose a Recovery Tool" dialog menu, select "Command Prompt":
  • Type the following into the "Command Prompt Window": and press enter

    bootrec.exe /fixmbr

If you have problems booting the computer after you have run that command boot back into the System Recovery Environment and Type the following into the "Command Prompt Window": and press enter

bootrec.exe /fixboot

rerun tdsskiller after you run this and send me the report


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 tdl4_sadface

tdl4_sadface
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 24 December 2010 - 10:22 PM

Okay, I did that, and tdsskiller is still detecting an infection. I killed the task before attempting to clean the infection once again (so I didn't have to restart again), but here is the log from it:

2010/12/24 22:17:07.0716 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/24 22:17:07.0716 ================================================================================
2010/12/24 22:17:07.0716 SystemInfo:
2010/12/24 22:17:07.0716
2010/12/24 22:17:07.0716 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/24 22:17:07.0716 Product type: Workstation
2010/12/24 22:17:07.0716 ComputerName: MASHKHITH-PC
2010/12/24 22:17:07.0716 UserName: Mashkhith
2010/12/24 22:17:07.0716 Windows directory: C:\Windows
2010/12/24 22:17:07.0716 System windows directory: C:\Windows
2010/12/24 22:17:07.0716 Running under WOW64
2010/12/24 22:17:07.0716 Processor architecture: Intel x64
2010/12/24 22:17:07.0716 Number of processors: 3
2010/12/24 22:17:07.0716 Page size: 0x1000
2010/12/24 22:17:07.0716 Boot type: Normal boot
2010/12/24 22:17:07.0716 ================================================================================
2010/12/24 22:17:07.0716 Utility is running under WOW64
2010/12/24 22:17:08.0199 Initialize success
2010/12/24 22:17:11.0350 ================================================================================
2010/12/24 22:17:11.0350 Scan started
2010/12/24 22:17:11.0350 Mode: Manual;
2010/12/24 22:17:11.0350 ================================================================================
2010/12/24 22:17:11.0506 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/24 22:17:11.0584 ================================================================================
2010/12/24 22:17:11.0584 Scan finished
2010/12/24 22:17:11.0584 ================================================================================
2010/12/24 22:17:11.0584 Detected object count: 1

I should also note that I have 3 hard drives in this machine. If it begins counting from zero, harddisk1 should actually be an 80gb drive that I'm not really using. Would you recommend disconnecting that drive to see if that corrects the problem?

#10 tdl4_sadface

tdl4_sadface
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 24 December 2010 - 10:28 PM

Scratch that last idea.

Posted Image

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:50 AM

Posted 24 December 2010 - 10:46 PM

MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 tdl4_sadface

tdl4_sadface
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 24 December 2010 - 10:49 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-MA770T-UD3
Logical Drives Mask: 0x0080001d

Kernel Drivers (total 193):
0x02A16000 \SystemRoot\system32\ntoskrnl.exe
0x02FF2000 \SystemRoot\system32\hal.dll
0x00BAD000 \SystemRoot\system32\kdcom.dll
0x00CFF000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00D0C000 \SystemRoot\system32\PSHED.dll
0x00D20000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E3F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EE3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EF2000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F49000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F52000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F5C000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F8F000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F9C000 \SystemRoot\System32\drivers\partmgr.sys
0x00FB1000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D7E000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FC6000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FCD000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FDD000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FF7000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E00000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00E2A000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01050000 \SystemRoot\system32\drivers\fltmgr.sys
0x0109C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01214000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010B0000 \SystemRoot\System32\Drivers\msrpc.sys
0x013B7000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0110E000 \SystemRoot\System32\Drivers\cng.sys
0x013D1000 \SystemRoot\System32\drivers\pcw.sys
0x013E2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01462000 \SystemRoot\system32\drivers\ndis.sys
0x01554000 \SystemRoot\system32\drivers\NETIO.SYS
0x015B4000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01601000 \SystemRoot\System32\drivers\tcpip.sys
0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0144A000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01181000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0145A000 \SystemRoot\System32\Drivers\spldr.sys
0x01000000 \SystemRoot\System32\drivers\rdyboost.sys
0x015DF000 \SystemRoot\System32\Drivers\mup.sys
0x015F1000 \SystemRoot\System32\drivers\hwpolicy.sys
0x00CC0000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0103A000 \SystemRoot\system32\DRIVERS\disk.sys
0x011CD000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02A10000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02A3A000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x02A67000 \SystemRoot\System32\Drivers\Null.SYS
0x02A70000 \SystemRoot\System32\Drivers\Beep.SYS
0x02A77000 \SystemRoot\System32\drivers\vga.sys
0x02A85000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02AAA000 \SystemRoot\System32\drivers\watchdog.sys
0x02ABA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02AC3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02ACC000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02AD5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02AE0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02AF1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02B0F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02B1C000 \SystemRoot\system32\drivers\afd.sys
0x02BA6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02BEB000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03C5C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03C82000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03C91000 \SystemRoot\system32\DRIVERS\serial.sys
0x03CAE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03CC9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03CDD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03D2E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03D3A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03D45000 \SystemRoot\System32\drivers\discache.sys
0x03D54000 \SystemRoot\system32\drivers\csc.sys
0x03DD7000 \SystemRoot\System32\Drivers\dfsc.sys
0x03C00000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03C11000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03C37000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03C4C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03E77000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04601000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04E12000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04F06000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04F4C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04F70000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04FA2000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03EC3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04FAD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0401D000 \SystemRoot\system32\drivers\P17.sys
0x041A1000 \SystemRoot\system32\drivers\portcls.sys
0x041DE000 \SystemRoot\system32\drivers\drmk.sys
0x03F19000 \SystemRoot\system32\drivers\ks.sys
0x04000000 \SystemRoot\system32\drivers\ksthunk.sys
0x04FBE000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04006000 \SystemRoot\system32\DRIVERS\fdc.sys
0x03F5C000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03F68000 \SystemRoot\system32\DRIVERS\parport.sys
0x03F85000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03F95000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03FAB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03FCF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03E00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03E2F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03E4A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03FDB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03FF5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x02A00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x00DED000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04013000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04015000 \SystemRoot\system32\drivers\LGBusEnum.sys
0x0504F000 \SystemRoot\system32\DRIVERS\amdiox64.sys
0x05063000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05075000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x050CF000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x050DA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x050EF000 \SystemRoot\system32\drivers\AtihdW76.sys
0x0510F000 \SystemRoot\system32\drivers\HdAudio.sys
0x0516B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05179000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05185000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x0518E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x051A1000 \SystemRoot\System32\drivers\Dxapi.sys
0x051AD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x051CA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x051CC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x051DA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x051F3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05000000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0500D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0501B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x05029000 \SystemRoot\system32\drivers\usbaudio.sys
0x004D0000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x038FE000 \SystemRoot\system32\drivers\luafv.sys
0x03921000 \SystemRoot\system32\drivers\WudfPf.sys
0x03942000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x03973000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03988000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03800000 \SystemRoot\system32\drivers\HTTP.sys
0x038C8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x038E6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x039A0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07036000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x07084000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x070A7000 \SystemRoot\system32\drivers\peauth.sys
0x0714D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07158000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07185000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07197000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07295000 \SystemRoot\System32\DRIVERS\srv.sys
0x0732B000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x0733B000 \SystemRoot\system32\drivers\LGVirHid.sys
0x0733E000 \SystemRoot\system32\drivers\klmd.sys
0x07359000 \SystemRoot\System32\Drivers\fastfat.SYS
0x76FF0000 \Windows\System32\ntdll.dll
0x47A00000 \Windows\System32\smss.exe
0xFF310000 \Windows\System32\apisetschema.dll
0xFFAD0000 \Windows\System32\autochk.exe
0xFF2D0000 \Windows\System32\imm32.dll
0x76ED0000 \Windows\System32\kernel32.dll
0xFF0C0000 \Windows\System32\ole32.dll
0x771C0000 \Windows\System32\psapi.dll
0xFEF90000 \Windows\System32\wininet.dll
0xFEDB0000 \Windows\System32\setupapi.dll
0xFED60000 \Windows\System32\Wldap32.dll
0xFDFD0000 \Windows\System32\shell32.dll
0xFDFB0000 \Windows\System32\sechost.dll
0xFDD50000 \Windows\System32\iertutil.dll
0xFDD40000 \Windows\System32\nsi.dll
0xFDD30000 \Windows\System32\lpk.dll
0xFDC50000 \Windows\System32\oleaut32.dll
0xFDBD0000 \Windows\System32\difxapi.dll
0xFDB60000 \Windows\System32\gdi32.dll
0xFD9E0000 \Windows\System32\urlmon.dll
0xFD9C0000 \Windows\System32\imagehlp.dll
0xFD940000 \Windows\System32\shlwapi.dll
0xFD8A0000 \Windows\System32\clbcatq.dll
0xFD850000 \Windows\System32\ws2_32.dll
0x76DD0000 \Windows\System32\user32.dll
0xFD770000 \Windows\System32\advapi32.dll
0xFD640000 \Windows\System32\rpcrt4.dll
0xFD5A0000 \Windows\System32\comdlg32.dll
0x771B0000 \Windows\System32\normaliz.dll
0xFD500000 \Windows\System32\msvcrt.dll
0xFD3F0000 \Windows\System32\msctf.dll
0xFD320000 \Windows\System32\usp10.dll
0xFD300000 \Windows\System32\devobj.dll
0xFD2C0000 \Windows\System32\cfgmgr32.dll
0xFD150000 \Windows\System32\crypt32.dll
0xFD0E0000 \Windows\System32\KernelBase.dll
0xFD0A0000 \Windows\System32\wintrust.dll
0xFD000000 \Windows\System32\comctl32.dll
0xFCFF0000 \Windows\System32\msasn1.dll
0x76750000 \Windows\SysWOW64\normaliz.dll

Processes (total 57):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
372 csrss.exe
440 C:\Windows\System32\wininit.exe
460 csrss.exe
496 C:\Windows\System32\services.exe
516 C:\Windows\System32\lsass.exe
524 C:\Windows\System32\lsm.exe
608 C:\Windows\System32\winlogon.exe
688 C:\Windows\System32\svchost.exe
760 C:\Windows\System32\svchost.exe
824 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
872 C:\Windows\System32\atiesrxx.exe
932 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
112 C:\Windows\System32\svchost.exe
324 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
392 C:\Windows\System32\svchost.exe
1112 WUDFHost.exe
1164 WUDFHost.exe
1224 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\spoolsv.exe
1368 C:\Windows\System32\svchost.exe
1452 C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
1496 C:\Windows\System32\svchost.exe
1532 C:\Windows\System32\atieclxx.exe
2308 C:\Windows\System32\taskhost.exe
2376 C:\Windows\System32\dwm.exe
2400 C:\Windows\explorer.exe
2644 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
2656 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
2668 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
2684 C:\Program Files\Microsoft Security Essentials\msseces.exe
3024 X:\Steam\steam.exe
2148 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2236 C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
2516 C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
2472 C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
1892 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2564 C:\Windows\System32\svchost.exe
2508 C:\Windows\System32\SearchIndexer.exe
3096 C:\Program Files\Windows Media Player\wmpnetwk.exe
4052 C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
3320 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
3660 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2960 taskhost.exe
4144 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
4288 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4408 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3140 C:\Windows\System32\wuauclt.exe
4536 C:\Windows\System32\audiodg.exe
3348 C:\Windows\System32\SearchProtocolHost.exe
3872 C:\Windows\System32\SearchFilterHost.exe
2164 C:\Users\Mashkhith\Downloads\MBRCheck(2).exe
4664 C:\Windows\System32\conhost.exe
2872 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000 (NTFS)
\\.\X: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive1 Model Number: WDCWD3200AAJS-00B4A0, Rev: 01.03A01
PhysicalDrive2 Model Number: WDCWD800BD-22LRA0, Rev: 06.01D06
PhysicalDrive0 Model Number: ST31500341AS, Rev: CC1H

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 3DD27C7EE9B2D8B2CB511843C79460E5DB3CA995
74 GB \\.\PhysicalDrive2 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1397 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:50 AM

Posted 24 December 2010 - 10:59 PM

Run MBRCheck.exe

  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 1 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter 5 for Windows 7, and then press Enter.
  • The program will prompt for confirmation. Type 'YES' and hit Enter.
  • Left click on the title bar (where program name and path is written).
  • From menu chose Edit -> Select All
  • Hit the Enter key on your keyboard to copy selected text.
  • Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"
  • Restart your PC.
  • Post the text in "MBRCheck results.txt" here, please.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:50 AM

Posted 28 December 2010 - 08:07 AM

Hello

three day bump

It has been Three days since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 tdl4_sadface

tdl4_sadface
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 28 December 2010 - 04:11 PM

Gringo,

Sorry, I apologize, I got a little sidetracked with holiday stuff. Here is the logfile from the mbrcheck you requested:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-MA770T-UD3
Logical Drives Mask: 0x0080001d

Kernel Drivers (total 194):
0x02A16000 \SystemRoot\system32\ntoskrnl.exe
0x02FF2000 \SystemRoot\system32\hal.dll
0x00BAD000 \SystemRoot\system32\kdcom.dll
0x00CFF000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00D0C000 \SystemRoot\system32\PSHED.dll
0x00D20000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E3F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EE3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EF2000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F49000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F52000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F5C000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F8F000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F9C000 \SystemRoot\System32\drivers\partmgr.sys
0x00FB1000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D7E000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FC6000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FCD000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FDD000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FF7000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E00000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00E2A000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01050000 \SystemRoot\system32\drivers\fltmgr.sys
0x0109C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01214000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010B0000 \SystemRoot\System32\Drivers\msrpc.sys
0x013B7000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0110E000 \SystemRoot\System32\Drivers\cng.sys
0x013D1000 \SystemRoot\System32\drivers\pcw.sys
0x013E2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01462000 \SystemRoot\system32\drivers\ndis.sys
0x01554000 \SystemRoot\system32\drivers\NETIO.SYS
0x015B4000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01601000 \SystemRoot\System32\drivers\tcpip.sys
0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0144A000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01181000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0145A000 \SystemRoot\System32\Drivers\spldr.sys
0x01000000 \SystemRoot\System32\drivers\rdyboost.sys
0x015DF000 \SystemRoot\System32\Drivers\mup.sys
0x015F1000 \SystemRoot\System32\drivers\hwpolicy.sys
0x00CC0000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0103A000 \SystemRoot\system32\DRIVERS\disk.sys
0x011CD000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02A10000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02A3A000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x02A67000 \SystemRoot\System32\Drivers\Null.SYS
0x02A70000 \SystemRoot\System32\Drivers\Beep.SYS
0x02A77000 \SystemRoot\System32\drivers\vga.sys
0x02A85000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02AAA000 \SystemRoot\System32\drivers\watchdog.sys
0x02ABA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02AC3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02ACC000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02AD5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02AE0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02AF1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02B0F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02B1C000 \SystemRoot\system32\drivers\afd.sys
0x02BA6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02BEB000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03C5C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03C82000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03C91000 \SystemRoot\system32\DRIVERS\serial.sys
0x03CAE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03CC9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03CDD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03D2E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03D3A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03D45000 \SystemRoot\System32\drivers\discache.sys
0x03D54000 \SystemRoot\system32\drivers\csc.sys
0x03DD7000 \SystemRoot\System32\Drivers\dfsc.sys
0x03C00000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03C11000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03C37000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03C4C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03E77000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04601000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04E12000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04F06000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04F4C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04F70000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04FA2000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03EC3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04FAD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0401D000 \SystemRoot\system32\drivers\P17.sys
0x041A1000 \SystemRoot\system32\drivers\portcls.sys
0x041DE000 \SystemRoot\system32\drivers\drmk.sys
0x03F19000 \SystemRoot\system32\drivers\ks.sys
0x04000000 \SystemRoot\system32\drivers\ksthunk.sys
0x04FBE000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04006000 \SystemRoot\system32\DRIVERS\fdc.sys
0x03F5C000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03F68000 \SystemRoot\system32\DRIVERS\parport.sys
0x03F85000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03F95000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03FAB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03FCF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03E00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03E2F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03E4A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03FDB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03FF5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x02A00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x00DED000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04013000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04015000 \SystemRoot\system32\drivers\LGBusEnum.sys
0x0504F000 \SystemRoot\system32\DRIVERS\amdiox64.sys
0x05063000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05075000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x050CF000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x050DA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x050EF000 \SystemRoot\system32\drivers\AtihdW76.sys
0x0510F000 \SystemRoot\system32\drivers\HdAudio.sys
0x0516B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05179000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05185000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x0518E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x051A1000 \SystemRoot\System32\drivers\Dxapi.sys
0x051AD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x051CA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x051CC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x051DA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x051F3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05000000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0500D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0501B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x05029000 \SystemRoot\system32\drivers\usbaudio.sys
0x004D0000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x038FE000 \SystemRoot\system32\drivers\luafv.sys
0x03921000 \SystemRoot\system32\drivers\WudfPf.sys
0x03942000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x03973000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03988000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03800000 \SystemRoot\system32\drivers\HTTP.sys
0x038C8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x038E6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x039A0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07036000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x07084000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x070A7000 \SystemRoot\system32\drivers\peauth.sys
0x0714D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07158000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07185000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07197000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07295000 \SystemRoot\System32\DRIVERS\srv.sys
0x0732B000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x0733B000 \SystemRoot\system32\drivers\LGVirHid.sys
0x0733E000 \SystemRoot\system32\drivers\klmd.sys
0x07359000 \SystemRoot\System32\Drivers\fastfat.SYS
0x07200000 \SystemRoot\system32\DRIVERS\WinUsb.sys
0x76FF0000 \Windows\System32\ntdll.dll
0x47A00000 \Windows\System32\smss.exe
0xFF310000 \Windows\System32\apisetschema.dll
0xFFAD0000 \Windows\System32\autochk.exe
0xFF2D0000 \Windows\System32\imm32.dll
0x76ED0000 \Windows\System32\kernel32.dll
0xFF0C0000 \Windows\System32\ole32.dll
0x771C0000 \Windows\System32\psapi.dll
0xFEF90000 \Windows\System32\wininet.dll
0xFEDB0000 \Windows\System32\setupapi.dll
0xFED60000 \Windows\System32\Wldap32.dll
0xFDFD0000 \Windows\System32\shell32.dll
0xFDFB0000 \Windows\System32\sechost.dll
0xFDD50000 \Windows\System32\iertutil.dll
0xFDD40000 \Windows\System32\nsi.dll
0xFDD30000 \Windows\System32\lpk.dll
0xFDC50000 \Windows\System32\oleaut32.dll
0xFDBD0000 \Windows\System32\difxapi.dll
0xFDB60000 \Windows\System32\gdi32.dll
0xFD9E0000 \Windows\System32\urlmon.dll
0xFD9C0000 \Windows\System32\imagehlp.dll
0xFD940000 \Windows\System32\shlwapi.dll
0xFD8A0000 \Windows\System32\clbcatq.dll
0xFD850000 \Windows\System32\ws2_32.dll
0x76DD0000 \Windows\System32\user32.dll
0xFD770000 \Windows\System32\advapi32.dll
0xFD640000 \Windows\System32\rpcrt4.dll
0xFD5A0000 \Windows\System32\comdlg32.dll
0x771B0000 \Windows\System32\normaliz.dll
0xFD500000 \Windows\System32\msvcrt.dll
0xFD3F0000 \Windows\System32\msctf.dll
0xFD320000 \Windows\System32\usp10.dll
0xFD300000 \Windows\System32\devobj.dll
0xFD2C0000 \Windows\System32\cfgmgr32.dll
0xFD150000 \Windows\System32\crypt32.dll
0xFD0E0000 \Windows\System32\KernelBase.dll
0xFD0A0000 \Windows\System32\wintrust.dll
0xFD000000 \Windows\System32\comctl32.dll
0xFCFF0000 \Windows\System32\msasn1.dll
0x76750000 \Windows\SysWOW64\normaliz.dll

Processes (total 57):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
372 csrss.exe
440 C:\Windows\System32\wininit.exe
460 csrss.exe
496 C:\Windows\System32\services.exe
516 C:\Windows\System32\lsass.exe
524 C:\Windows\System32\lsm.exe
608 C:\Windows\System32\winlogon.exe
688 C:\Windows\System32\svchost.exe
760 C:\Windows\System32\svchost.exe
824 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
872 C:\Windows\System32\atiesrxx.exe
932 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
112 C:\Windows\System32\svchost.exe
324 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
392 C:\Windows\System32\svchost.exe
1112 WUDFHost.exe
1164 WUDFHost.exe
1224 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\spoolsv.exe
1368 C:\Windows\System32\svchost.exe
1452 C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
1496 C:\Windows\System32\svchost.exe
1532 C:\Windows\System32\atieclxx.exe
2308 C:\Windows\System32\taskhost.exe
2376 C:\Windows\System32\dwm.exe
2400 C:\Windows\explorer.exe
2644 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
2656 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
2668 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
2684 C:\Program Files\Microsoft Security Essentials\msseces.exe
3024 X:\Steam\steam.exe
2148 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2236 C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
2516 C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
2472 C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
1892 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2564 C:\Windows\System32\svchost.exe
2508 C:\Windows\System32\SearchIndexer.exe
3096 C:\Program Files\Windows Media Player\wmpnetwk.exe
4052 C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
3320 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
3660 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2960 taskhost.exe
4144 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
3140 C:\Windows\System32\wuauclt.exe
1632 C:\Program Files (x86)\uTorrent\uTorrent.exe
2664 C:\Windows\System32\taskhost.exe
3020 WUDFHost.exe
4724 C:\Windows\System32\svchost.exe
2484 C:\Windows\System32\audiodg.exe
3580 C:\Windows\System32\dllhost.exe
4192 C:\Users\Mashkhith\Downloads\MBRCheck.exe
4812 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000 (NTFS)
\\.\X: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive1 Model Number: WDCWD3200AAJS-00B4A0, Rev: 01.03A01
PhysicalDrive2 Model Number: WDCWD800BD-22LRA0, Rev: 06.01D06
PhysicalDrive0 Model Number: ST31500341AS, Rev: CC1H

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 3DD27C7EE9B2D8B2CB511843C79460E5DB3CA995
74 GB \\.\PhysicalDrive2 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1397 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 1Available MBR codes:
[ 0] Default (Windows 7)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 5
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!





After rebooting the system, I ran it again to check and see if that corrected the problem, it did not. Here are the results of running it after rebooting:


\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000 (NTFS)
\\.\X: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive1 Model Number: WDCWD3200AAJS-00B4A0, Rev: 01.03A01
PhysicalDrive2 Model Number: WDCWD800BD-22LRA0, Rev: 06.01D06
PhysicalDrive0 Model Number: ST31500341AS, Rev: CC1H

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 3DD27C7EE9B2D8B2CB511843C79460E5DB3CA995
74 GB \\.\PhysicalDrive2 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1397 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79








Aparentely they have made the TDSS.tdl4 pretty resilient.. this article touches on some of that: http://malwareresearchgroup.com/2010/11/tdl4-rootkit-bypasses-windows-code-signing-protection/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users