Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.AVKillsvc.e and Backdoor.0Access Cannot Be Removed


  • This topic is locked This topic is locked
16 replies to this topic

#1 Lotus81

Lotus81

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 17 September 2011 - 12:50 PM

One of our Point of Sale computers have been infected with Win32.AVKillsvc.e. This was identified by Spybot S&D. When using SuperAntiSpyware Removal we also found Backdoor.0Access. Both reappear even after being removed when running the spyware removal programs again. Please help. Thank you so much.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by POS at 11:37:11 on 2011-09-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2320 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\2736370052:2068768348.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
R:\Retail\Rpro8.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\pos\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} - c:\program files\allmusicconverter\YouTubeRipper.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {3A52566B-6018-485B-B713-8B9FF660D8E8} - hxxp://192.168.0.200/webdvr2.18.2.16_71.0.0.0.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1306183615671
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1306183801937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9282A3AA-4954-46B4-B4AE-F086CE3F1110} - hxxp://192.168.0.200/regtrustsite.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8B6A61E3-D677-4521-A14B-45739E31F80F} : DhcpNameServer = 192.168.0.1
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\pos\application data\mozilla\firefox\profiles\kkj9aopi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.phonglekaraoke.com/store/comersus_index.asp
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HBLiteSA.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-5-23 13496]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-30 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-10-20 47640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 Ch2kPS2;Cherry PS/2 Keyboard Driver (CDI);c:\windows\system32\drivers\Ch2kPS2.sys [2005-10-26 134446]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-10-13 110080]
R3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2011-6-12 23608]
S2 ASFIPmon;Broadcom ASF IP Monitor;"c:\program files\broadcom\asfipmon\asfipmon.exe" -service --> c:\program files\broadcom\asfipmon\AsfIpMon.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\avg\avg10\avgwdsvc.exe" --> c:\program files\avg\avg10\avgwdsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-25 135664]
S2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\nihardwareservice.exe --> c:\program files\common files\native instruments\hardware\NIHardwareService.exe [?]
S2 PortEmulator;Port Emulator (Star);c:\program files\starmicronics\tsp100\software\20070601\portemu.exe --> c:\program files\starmicronics\tsp100\software\20070601\portemu.exe [?]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys --> c:\windows\system32\drivers\Diag69xp.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-25 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 QuickBooksDB19;QuickBooksDB19;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb19 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB19 [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-09-14 18:06:05 -------- d-----w- c:\windows\setup.pss
2011-09-13 22:03:28 -------- d-----w- c:\documents and settings\pos\application data\SUPERAntiSpyware.com
2011-09-13 22:03:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-13 22:03:16 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-09-13 22:01:17 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-09-13 20:09:11 -------- d-----w- c:\documents and settings\pos\application data\Malwarebytes
2011-09-13 20:09:04 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-13 20:09:01 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-13 20:09:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-29 23:21:27 4194304 ----a-w- c:\windows\system32\jlqnxorr.dll
.
==================== Find3M ====================
.
2011-09-13 21:14:25 81920 ----a-w- c:\windows\DUMP413f.tmp
2011-09-13 21:13:45 81920 ----a-w- c:\windows\DUMP41cc.tmp
2011-09-13 21:10:22 81920 ----a-w- c:\windows\DUMP41db.tmp
2011-09-13 21:09:47 81920 ----a-w- c:\windows\DUMP41ad.tmp
2011-09-13 21:09:12 81920 ----a-w- c:\windows\DUMP41c0.tmp
2011-09-13 21:08:37 81920 ----a-w- c:\windows\DUMP4190.tmp
2011-09-13 21:08:02 81920 ----a-w- c:\windows\DUMP418f.tmp
2011-09-13 21:07:27 81920 ----a-w- c:\windows\DUMP4239.tmp
2011-09-13 21:06:52 81920 ----a-w- c:\windows\DUMP412f.tmp
2011-09-13 21:06:17 81920 ----a-w- c:\windows\DUMP414e.tmp
2011-09-13 21:05:42 81920 ----a-w- c:\windows\DUMP41bf.tmp
2011-09-13 21:05:07 81920 ----a-w- c:\windows\DUMP41ac.tmp
2011-09-13 21:04:31 81920 ----a-w- c:\windows\DUMP4100.tmp
2011-09-13 21:03:57 81920 ----a-w- c:\windows\DUMP41be.tmp
2011-09-13 21:03:22 81920 ----a-w- c:\windows\DUMP41bd.tmp
2011-09-13 21:02:47 81920 ----a-w- c:\windows\DUMP493e.tmp
2011-09-13 20:04:42 81920 ----a-w- c:\windows\DUMP41bc.tmp
2011-09-13 20:04:00 81920 ----a-w- c:\windows\DUMP41cb.tmp
2011-09-13 20:03:25 81920 ----a-w- c:\windows\DUMP415e.tmp
2011-09-13 20:02:33 81920 ----a-w- c:\windows\DUMP411f.tmp
2011-09-13 20:01:58 81920 ----a-w- c:\windows\DUMP416e.tmp
2011-09-13 20:01:22 81920 ----a-w- c:\windows\DUMP4110.tmp
2011-09-13 20:00:48 81920 ----a-w- c:\windows\DUMP418e.tmp
2011-09-13 20:00:13 81920 ----a-w- c:\windows\DUMP418d.tmp
2011-09-13 19:59:37 81920 ----a-w- c:\windows\DUMP4778.tmp
2011-09-13 19:59:00 81920 ----a-w- c:\windows\DUMP444c.tmp
2011-09-13 00:03:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-05 16:09:07 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-08-05 16:09:07 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-08-05 16:09:07 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-08-05 16:09:06 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2011-08-05 16:09:06 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-08-05 16:09:06 29568 ----a-w- c:\windows\system32\LMIport.dll
.
============= FINISH: 11:37:35.96 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Lotus81

Lotus81
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 17 September 2011 - 06:50 PM

Just an update. Upon rebooting the computer out of Safe Mode, the computer lost connection to our network and the internet.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:08 AM

Posted 22 September 2011 - 08:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Please post the logs and let me know what problem persists.

#4 Lotus81

Lotus81
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 24 September 2011 - 11:59 AM

Hello. Wow this is one serious bug. I lost internet and network connections. After running TDSSKiller, network came back on. Ran TDSSKiller and there was an error, so I ran it a second time. Here are the 2 logs:

2011/09/24 10:50:26.0453 2848 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/24 10:50:26.0468 2848 ================================================================================
2011/09/24 10:50:26.0468 2848 SystemInfo:
2011/09/24 10:50:26.0468 2848
2011/09/24 10:50:26.0468 2848 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/24 10:50:26.0468 2848 Product type: Workstation
2011/09/24 10:50:26.0468 2848 ComputerName: REG1
2011/09/24 10:50:26.0468 2848 UserName: POS
2011/09/24 10:50:26.0468 2848 Windows directory: C:\WINDOWS
2011/09/24 10:50:26.0468 2848 System windows directory: C:\WINDOWS
2011/09/24 10:50:26.0468 2848 Processor architecture: Intel x86
2011/09/24 10:50:26.0468 2848 Number of processors: 2
2011/09/24 10:50:26.0468 2848 Page size: 0x1000
2011/09/24 10:50:26.0468 2848 Boot type: Normal boot
2011/09/24 10:50:26.0468 2848 ================================================================================
2011/09/24 10:50:28.0734 2848 Initialize success
2011/09/24 10:50:33.0671 2328 ================================================================================
2011/09/24 10:50:33.0671 2328 Scan started
2011/09/24 10:50:33.0671 2328 Mode: Manual;
2011/09/24 10:50:33.0671 2328 ================================================================================
2011/09/24 10:50:34.0562 2328 84b119a3 (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\2736370052:2068768348.exe
2011/09/24 10:50:34.0578 2328 Suspicious file (Hidden): C:\WINDOWS\2736370052:2068768348.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
2011/09/24 10:50:34.0578 2328 84b119a3 - detected HiddenFile.Multi.Generic (1)
2011/09/24 10:50:34.0640 2328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/24 10:50:34.0687 2328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/24 10:50:34.0734 2328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/24 10:50:34.0796 2328 AFD (baf616ee7ab76e3a952fb49a141e60aa) C:\WINDOWS\System32\drivers\afd.sys
2011/09/24 10:50:34.0796 2328 AFD - detected Rootkit.Win32.ZAccess.e (0)
2011/09/24 10:50:34.0906 2328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/24 10:50:34.0937 2328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/24 10:50:34.0953 2328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/24 10:50:35.0000 2328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/24 10:50:35.0046 2328 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/24 10:50:35.0078 2328 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/09/24 10:50:35.0109 2328 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/24 10:50:35.0125 2328 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/09/24 10:50:35.0140 2328 Avgldx86 (03616eaaece67bd567d2f72037944979) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/09/24 10:50:35.0140 2328 Avgldx86 - detected Rootkit.Win32.ZAccess.e (0)
2011/09/24 10:50:35.0156 2328 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/09/24 10:50:35.0156 2328 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/09/24 10:50:35.0187 2328 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/09/24 10:50:35.0296 2328 BASFND (3d87b0484be1093c6614062701f375c5) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
2011/09/24 10:50:35.0343 2328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/24 10:50:35.0390 2328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/24 10:50:35.0406 2328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/24 10:50:35.0437 2328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/24 10:50:35.0625 2328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/24 10:50:35.0796 2328 Ch2kPS2 (87ec185b1ac9862afe34891d98584815) C:\WINDOWS\system32\DRIVERS\Ch2kPS2.sys
2011/09/24 10:50:35.0859 2328 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/24 10:50:35.0906 2328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/24 10:50:35.0953 2328 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/24 10:50:36.0000 2328 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/24 10:50:36.0000 2328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/24 10:50:36.0062 2328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/24 10:50:36.0078 2328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/24 10:50:36.0140 2328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/24 10:50:36.0156 2328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/24 10:50:36.0171 2328 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/24 10:50:36.0187 2328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/24 10:50:36.0234 2328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/09/24 10:50:36.0250 2328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/24 10:50:36.0250 2328 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/24 10:50:36.0296 2328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/24 10:50:36.0312 2328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/24 10:50:36.0375 2328 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/24 10:50:36.0421 2328 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/09/24 10:50:36.0484 2328 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/24 10:50:36.0531 2328 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/24 10:50:36.0578 2328 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/24 10:50:36.0734 2328 ialm (2da364ee62d4949620b6fae4ffea16a7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/09/24 10:50:36.0937 2328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/24 10:50:37.0078 2328 IntcAzAudAddService (5c8f36cdcb489111b24003af4dfe1fdc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/24 10:50:37.0187 2328 IntcHdmiAddService (c9ef68bee3b1a62f34125a9fbbaac10c) C:\WINDOWS\system32\drivers\IntcHdmi.sys
2011/09/24 10:50:37.0250 2328 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/24 10:50:37.0265 2328 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/09/24 10:50:37.0312 2328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/24 10:50:37.0343 2328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/24 10:50:37.0375 2328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/24 10:50:37.0437 2328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/24 10:50:37.0468 2328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/24 10:50:37.0531 2328 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/24 10:50:37.0578 2328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/24 10:50:37.0593 2328 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/24 10:50:37.0656 2328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/24 10:50:37.0671 2328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/24 10:50:37.0828 2328 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/09/24 10:50:37.0843 2328 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/09/24 10:50:37.0859 2328 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/09/24 10:50:37.0906 2328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/24 10:50:37.0937 2328 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/24 10:50:37.0984 2328 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/24 10:50:38.0046 2328 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/24 10:50:38.0046 2328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/24 10:50:38.0078 2328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/24 10:50:38.0140 2328 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/24 10:50:38.0156 2328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/24 10:50:38.0203 2328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/24 10:50:38.0218 2328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/24 10:50:38.0218 2328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/24 10:50:38.0281 2328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/24 10:50:38.0281 2328 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/24 10:50:38.0343 2328 MusCAudio (7c2d2b593b837fd59c17ef649cda1ea6) C:\WINDOWS\system32\drivers\MusCAudio.sys
2011/09/24 10:50:38.0343 2328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/24 10:50:38.0406 2328 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/24 10:50:38.0453 2328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/24 10:50:38.0453 2328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/24 10:50:38.0484 2328 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/24 10:50:38.0484 2328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/24 10:50:38.0500 2328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/24 10:50:38.0531 2328 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/24 10:50:38.0593 2328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/24 10:50:38.0625 2328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/24 10:50:38.0671 2328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/24 10:50:38.0687 2328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/24 10:50:38.0703 2328 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/09/24 10:50:38.0703 2328 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/09/24 10:50:38.0718 2328 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/09/24 10:50:38.0734 2328 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
2011/09/24 10:50:38.0750 2328 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/09/24 10:50:38.0765 2328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/24 10:50:38.0781 2328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/24 10:50:38.0812 2328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/24 10:50:38.0828 2328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/24 10:50:38.0843 2328 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/24 10:50:38.0937 2328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/24 10:50:38.0953 2328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/24 10:50:39.0000 2328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/24 10:50:39.0031 2328 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/24 10:50:39.0093 2328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/24 10:50:39.0109 2328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/24 10:50:39.0109 2328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/24 10:50:39.0125 2328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/24 10:50:39.0171 2328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/24 10:50:39.0187 2328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/24 10:50:39.0234 2328 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/24 10:50:39.0281 2328 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/24 10:50:39.0296 2328 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/24 10:50:39.0375 2328 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/09/24 10:50:39.0500 2328 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/09/24 10:50:39.0546 2328 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/09/24 10:50:39.0593 2328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/24 10:50:39.0593 2328 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/24 10:50:39.0609 2328 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/24 10:50:39.0687 2328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/24 10:50:39.0734 2328 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2011/09/24 10:50:39.0781 2328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/24 10:50:39.0812 2328 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/24 10:50:39.0890 2328 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/24 10:50:39.0937 2328 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/09/24 10:50:40.0000 2328 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/24 10:50:40.0015 2328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/24 10:50:40.0062 2328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/24 10:50:40.0109 2328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/24 10:50:40.0171 2328 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/09/24 10:50:40.0218 2328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/24 10:50:40.0250 2328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/24 10:50:40.0265 2328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/24 10:50:40.0296 2328 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/09/24 10:50:40.0328 2328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/24 10:50:40.0406 2328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/24 10:50:40.0453 2328 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/24 10:50:40.0500 2328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/24 10:50:40.0531 2328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/24 10:50:40.0546 2328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/24 10:50:40.0609 2328 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/24 10:50:40.0687 2328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/24 10:50:40.0750 2328 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/24 10:50:40.0781 2328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/24 10:50:40.0796 2328 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/24 10:50:40.0843 2328 vsbus (9a6d82a92023d761b65d6f4bb21ffecb) C:\WINDOWS\system32\DRIVERS\vsb.sys
2011/09/24 10:50:40.0875 2328 vserial (1347a382745d9f57fca86bc3d78881c7) C:\WINDOWS\system32\DRIVERS\vserial.sys
2011/09/24 10:50:40.0890 2328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/24 10:50:40.0953 2328 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/24 10:50:41.0015 2328 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/09/24 10:50:41.0046 2328 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/24 10:50:41.0062 2328 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/24 10:50:41.0093 2328 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/09/24 10:50:42.0546 2328 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
2011/09/24 10:50:42.0562 2328 Boot (0x1200) (9ac84626efdc3064d6e988fb6b934482) \Device\Harddisk0\DR0\Partition0
2011/09/24 10:50:42.0578 2328 Boot (0x1200) (3da392e1bf89b65310ca7177ff76d58e) \Device\Harddisk1\DR2\Partition0
2011/09/24 10:50:42.0578 2328 ================================================================================
2011/09/24 10:50:42.0578 2328 Scan finished
2011/09/24 10:50:42.0578 2328 ================================================================================
2011/09/24 10:50:42.0578 2888 Detected object count: 3
2011/09/24 10:50:42.0578 2888 Actual detected object count: 3
2011/09/24 10:51:14.0640 2888 HiddenFile.Multi.Generic(84b119a3) - User select action: Skip
2011/09/24 10:51:14.0703 2888 AFD (baf616ee7ab76e3a952fb49a141e60aa) C:\WINDOWS\System32\drivers\afd.sys
2011/09/24 10:51:14.0703 2888 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813
2011/09/24 10:51:15.0484 2888 Backup copy found, using it..
2011/09/24 10:51:15.0484 2888 C:\WINDOWS\System32\drivers\afd.sys - will be cured after reboot
2011/09/24 10:51:15.0484 2888 Rootkit.Win32.ZAccess.e(AFD) - User select action: Cure
2011/09/24 10:51:15.0578 2888 Avgldx86 (03616eaaece67bd567d2f72037944979) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/09/24 10:51:15.0578 2888 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\avgldx86.sys) error 1813
2011/09/24 10:51:15.0625 2888 Backup copy not found, trying to cure infected file..
2011/09/24 10:51:15.0640 2888 C:\WINDOWS\system32\DRIVERS\avgldx86.sys - Cure failed (FFFFFFFF)
2011/09/24 10:51:15.0640 2888 C:\WINDOWS\system32\DRIVERS\avgldx86.sys - processing error
2011/09/24 10:51:15.0640 2888 Rootkit.Win32.ZAccess.e(Avgldx86) - User select action: Cure
2011/09/24 10:51:26.0390 3540 Deinitialize success

I ran TDSSKILLER a second time because there was some error that popped up.

2011/09/24 10:54:05.0343 2844 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/24 10:54:17.0875 2844 ================================================================================
2011/09/24 10:54:17.0875 2844 SystemInfo:
2011/09/24 10:54:17.0875 2844
2011/09/24 10:54:17.0875 2844 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/24 10:54:17.0875 2844 Product type: Workstation
2011/09/24 10:54:17.0875 2844 ComputerName: REG1
2011/09/24 10:54:17.0875 2844 UserName: POS
2011/09/24 10:54:17.0875 2844 Windows directory: C:\WINDOWS
2011/09/24 10:54:17.0875 2844 System windows directory: C:\WINDOWS
2011/09/24 10:54:17.0875 2844 Processor architecture: Intel x86
2011/09/24 10:54:17.0875 2844 Number of processors: 2
2011/09/24 10:54:17.0875 2844 Page size: 0x1000
2011/09/24 10:54:17.0875 2844 Boot type: Normal boot
2011/09/24 10:54:17.0875 2844 ================================================================================
2011/09/24 10:54:21.0250 2844 Initialize success
2011/09/24 10:54:25.0296 3136 ================================================================================
2011/09/24 10:54:25.0296 3136 Scan started
2011/09/24 10:54:25.0296 3136 Mode: Manual;
2011/09/24 10:54:25.0296 3136 ================================================================================
2011/09/24 10:54:25.0593 3136 84b119a3 (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\2736370052:2068768348.exe
2011/09/24 10:54:26.0171 3136 Suspicious file (Hidden): C:\WINDOWS\2736370052:2068768348.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
2011/09/24 10:54:26.0171 3136 84b119a3 - detected HiddenFile.Multi.Generic (1)
2011/09/24 10:54:26.0250 3136 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/24 10:54:26.0296 3136 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/24 10:54:26.0343 3136 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/24 10:54:26.0406 3136 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/09/24 10:54:26.0515 3136 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/24 10:54:26.0546 3136 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/24 10:54:26.0578 3136 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/24 10:54:26.0640 3136 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/24 10:54:26.0703 3136 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/24 10:54:26.0734 3136 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/09/24 10:54:26.0765 3136 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/24 10:54:26.0781 3136 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/09/24 10:54:26.0781 3136 Avgldx86 (03616eaaece67bd567d2f72037944979) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/09/24 10:54:26.0796 3136 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\avgldx86.sys. Real md5: 03616eaaece67bd567d2f72037944979, Fake md5: 4e796d3d2c3182b13b3e3b5a2ad4ef0a
2011/09/24 10:54:26.0796 3136 Avgldx86 - detected Rootkit.Win32.ZAccess.e (0)
2011/09/24 10:54:26.0796 3136 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/09/24 10:54:26.0812 3136 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/09/24 10:54:26.0828 3136 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/09/24 10:54:26.0937 3136 BASFND (3d87b0484be1093c6614062701f375c5) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
2011/09/24 10:54:26.0984 3136 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/24 10:54:27.0031 3136 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/24 10:54:27.0046 3136 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/24 10:54:27.0062 3136 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/24 10:54:27.0109 3136 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/24 10:54:27.0156 3136 Ch2kPS2 (87ec185b1ac9862afe34891d98584815) C:\WINDOWS\system32\DRIVERS\Ch2kPS2.sys
2011/09/24 10:54:27.0187 3136 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/24 10:54:27.0234 3136 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/24 10:54:27.0265 3136 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/24 10:54:27.0281 3136 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/24 10:54:27.0296 3136 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/24 10:54:27.0359 3136 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/24 10:54:27.0375 3136 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/24 10:54:27.0406 3136 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/24 10:54:27.0453 3136 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/24 10:54:27.0515 3136 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/24 10:54:27.0531 3136 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/24 10:54:27.0578 3136 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/09/24 10:54:27.0578 3136 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/24 10:54:27.0593 3136 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/24 10:54:27.0656 3136 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/24 10:54:27.0671 3136 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/24 10:54:27.0718 3136 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/24 10:54:27.0781 3136 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/09/24 10:54:27.0843 3136 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/24 10:54:27.0906 3136 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/24 10:54:27.0937 3136 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/24 10:54:28.0093 3136 ialm (2da364ee62d4949620b6fae4ffea16a7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/09/24 10:54:28.0281 3136 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/24 10:54:28.0437 3136 IntcAzAudAddService (5c8f36cdcb489111b24003af4dfe1fdc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/24 10:54:28.0546 3136 IntcHdmiAddService (c9ef68bee3b1a62f34125a9fbbaac10c) C:\WINDOWS\system32\drivers\IntcHdmi.sys
2011/09/24 10:54:28.0609 3136 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/24 10:54:28.0640 3136 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/09/24 10:54:28.0671 3136 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/24 10:54:28.0703 3136 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/24 10:54:28.0734 3136 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/24 10:54:28.0781 3136 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/24 10:54:28.0828 3136 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/24 10:54:28.0890 3136 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/24 10:54:28.0937 3136 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/24 10:54:28.0953 3136 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/24 10:54:29.0000 3136 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/24 10:54:29.0031 3136 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/24 10:54:29.0203 3136 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/09/24 10:54:29.0218 3136 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/09/24 10:54:29.0234 3136 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/09/24 10:54:29.0281 3136 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/24 10:54:29.0328 3136 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/24 10:54:29.0390 3136 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/24 10:54:29.0437 3136 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/24 10:54:29.0453 3136 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/24 10:54:29.0484 3136 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/24 10:54:29.0546 3136 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/24 10:54:29.0562 3136 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/24 10:54:29.0609 3136 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/24 10:54:29.0625 3136 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/24 10:54:29.0625 3136 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/24 10:54:29.0687 3136 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/24 10:54:29.0687 3136 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/24 10:54:29.0750 3136 MusCAudio (7c2d2b593b837fd59c17ef649cda1ea6) C:\WINDOWS\system32\drivers\MusCAudio.sys
2011/09/24 10:54:29.0750 3136 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/24 10:54:29.0765 3136 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/24 10:54:29.0812 3136 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/24 10:54:29.0828 3136 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/24 10:54:29.0843 3136 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/24 10:54:29.0859 3136 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/24 10:54:29.0890 3136 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/24 10:54:29.0906 3136 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/24 10:54:29.0968 3136 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/24 10:54:30.0000 3136 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/24 10:54:30.0062 3136 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/24 10:54:30.0062 3136 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/24 10:54:30.0093 3136 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/09/24 10:54:30.0093 3136 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/09/24 10:54:30.0109 3136 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/09/24 10:54:30.0125 3136 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
2011/09/24 10:54:30.0140 3136 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/09/24 10:54:30.0156 3136 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/24 10:54:30.0171 3136 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/24 10:54:30.0218 3136 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/24 10:54:30.0234 3136 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/24 10:54:30.0265 3136 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/24 10:54:30.0343 3136 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/24 10:54:30.0343 3136 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/24 10:54:30.0406 3136 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/24 10:54:30.0437 3136 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/24 10:54:30.0484 3136 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/24 10:54:30.0500 3136 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/24 10:54:30.0515 3136 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/24 10:54:30.0515 3136 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/24 10:54:30.0531 3136 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/24 10:54:30.0546 3136 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/24 10:54:30.0609 3136 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/24 10:54:30.0640 3136 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/24 10:54:30.0671 3136 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/24 10:54:30.0750 3136 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/09/24 10:54:30.0859 3136 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/09/24 10:54:30.0875 3136 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/09/24 10:54:30.0921 3136 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/24 10:54:30.0968 3136 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/24 10:54:30.0968 3136 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/24 10:54:30.0984 3136 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/24 10:54:31.0046 3136 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2011/09/24 10:54:31.0109 3136 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/24 10:54:31.0140 3136 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/24 10:54:31.0171 3136 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/24 10:54:31.0218 3136 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/09/24 10:54:31.0250 3136 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/24 10:54:31.0250 3136 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/24 10:54:31.0312 3136 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/24 10:54:31.0359 3136 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/24 10:54:31.0421 3136 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/09/24 10:54:31.0468 3136 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/24 10:54:31.0500 3136 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/24 10:54:31.0531 3136 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/24 10:54:31.0562 3136 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/09/24 10:54:31.0609 3136 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/24 10:54:31.0671 3136 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/24 10:54:31.0718 3136 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/24 10:54:31.0765 3136 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/24 10:54:31.0843 3136 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/24 10:54:31.0843 3136 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/24 10:54:31.0890 3136 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/24 10:54:31.0953 3136 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/24 10:54:32.0000 3136 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/24 10:54:32.0031 3136 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/24 10:54:32.0062 3136 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/24 10:54:32.0109 3136 vsbus (9a6d82a92023d761b65d6f4bb21ffecb) C:\WINDOWS\system32\DRIVERS\vsb.sys
2011/09/24 10:54:32.0125 3136 vserial (1347a382745d9f57fca86bc3d78881c7) C:\WINDOWS\system32\DRIVERS\vserial.sys
2011/09/24 10:54:32.0140 3136 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/24 10:54:32.0203 3136 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/24 10:54:32.0265 3136 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/09/24 10:54:32.0312 3136 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/24 10:54:32.0343 3136 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/24 10:54:32.0375 3136 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/09/24 10:54:33.0859 3136 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
2011/09/24 10:54:33.0906 3136 Boot (0x1200) (9ac84626efdc3064d6e988fb6b934482) \Device\Harddisk0\DR0\Partition0
2011/09/24 10:54:33.0906 3136 Boot (0x1200) (3da392e1bf89b65310ca7177ff76d58e) \Device\Harddisk1\DR2\Partition0
2011/09/24 10:54:33.0906 3136 ================================================================================
2011/09/24 10:54:33.0906 3136 Scan finished
2011/09/24 10:54:33.0906 3136 ================================================================================
2011/09/24 10:54:33.0921 3128 Detected object count: 2
2011/09/24 10:54:33.0921 3128 Actual detected object count: 2
2011/09/24 10:54:42.0578 3128 HiddenFile.Multi.Generic(84b119a3) - User select action: Skip
2011/09/24 10:54:42.0656 3128 Avgldx86 (03616eaaece67bd567d2f72037944979) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/09/24 10:54:42.0656 3128 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\avgldx86.sys. Real md5: 03616eaaece67bd567d2f72037944979, Fake md5: 4e796d3d2c3182b13b3e3b5a2ad4ef0a
2011/09/24 10:54:42.0875 3128 Backup copy found, using it..
2011/09/24 10:54:42.0906 3128 C:\WINDOWS\system32\DRIVERS\avgldx86.sys - will be cured after reboot
2011/09/24 10:54:42.0906 3128 Rootkit.Win32.ZAccess.e(Avgldx86) - User select action: Cure
2011/09/24 10:54:49.0312 2840 Deinitialize success

Ran AswMBR.exe but kept crashing so I ran it in Safe Mode.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-24 11:05:57
-----------------------------
11:05:57.468 OS Version: Windows 5.1.2600 Service Pack 3
11:05:57.468 Number of processors: 2 586 0x170A
11:05:57.468 ComputerName: REG1 UserName: POS
11:05:57.859 Initialize success
11:05:58.515 AVAST engine defs: 11091301
11:06:01.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:06:01.703 Disk 0 Vendor: SAMSUNG_HD161GJ 1AC01117 Size: 152587MB BusType: 3
11:06:03.718 Disk 0 MBR read successfully
11:06:03.718 Disk 0 MBR scan
11:06:04.125 Disk 0 Windows XP default MBR code
11:06:04.140 Disk 0 scanning sectors +312480315
11:06:04.625 Disk 0 scanning C:\WINDOWS\system32\drivers
11:06:06.687 File: C:\WINDOWS\system32\drivers\afd.sys **INFECTED** Win32:Alureon-AJI [Rtk]
11:06:07.906 File: C:\WINDOWS\system32\drivers\avgldx86.sys **INFECTED** Win32:Alureon-AJI [Rtk]
11:06:15.562 Service scanning
11:06:17.187 Service .afd \* **LOCKED** 123
11:06:18.328 Modules scanning
11:06:20.625 Module: C:\WINDOWS\System32\drivers\afd.sys **SUSPICIOUS**
11:06:22.062 Disk 0 trace - called modules:
11:06:22.125 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:06:22.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aefeab8]
11:06:22.187 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000078[0x8af9d9e8]
11:06:22.218 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aeffd50]
11:06:22.484 AVAST engine scan C:\WINDOWS
11:06:24.125 File: C:\WINDOWS\2736370052:2068768348.exe **INFECTED** Win32:Tiny-AMB [Rtk]
11:06:31.687 AVAST engine scan C:\WINDOWS\system32
11:07:36.125 AVAST engine scan C:\WINDOWS\system32\drivers
11:07:36.468 File: C:\WINDOWS\system32\drivers\afd.sys **INFECTED** Win32:Alureon-AJI [Rtk]
11:07:37.015 File: C:\WINDOWS\system32\drivers\avgldx86.sys **INFECTED** Win32:Alureon-AJI [Rtk]
11:07:43.515 AVAST engine scan C:\Documents and Settings\POS
11:10:17.421 AVAST engine scan C:\Documents and Settings\All Users
11:11:15.093 Scan finished successfully
11:18:39.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\POS\Desktop\MBR.dat"
11:18:39.734 The log file has been saved successfully to "C:\Documents and Settings\POS\Desktop\aswMBR.txt"


Attached is MBR.zip

Ran ComboFix but I lost internet connection by the time I got to this step so I was not able to install Windows Recovery. Here is the log for that. Please let me know if I need to run it again. Also I disable the Avast Free Antivirus that is installed on the computer but ComboFix kept saying that it still detected it.

ComboFix 11-09-24.01 - POS 09/24/2011 11:39:13.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2708 [GMT -5:00]
Running from: c:\documents and settings\POS\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\POS\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\POS\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\program files\Search Settings
c:\windows\$NtUninstallKB25325$\555529831
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\2736370052
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\system32\d3d9caps.dat
c:\windows\Temp\scsF.tmp
c:\windows\$NtUninstallKB25325$ . . . . Failed to delete
.
Infected copy of c:\program files\SUPERAntiSpyware\SASCORE.EXE was found and disinfected
Restored copy from - c:\system volume information\_restore{456C151C-BEAB-4D5A-8FB2-222A9544BDCE}\RP126\A0052137.exe
.
Infected copy of c:\program files\LogMeIn\x86\LMIGuardianSvc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{456C151C-BEAB-4D5A-8FB2-222A9544BDCE}\RP107\A0005142.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.afd
-------\Service_84b119a3
.
.
((((((((((((((((((((((((( Files Created from 2011-08-24 to 2011-09-24 )))))))))))))))))))))))))))))))
.
.
2011-09-17 16:45 . 2011-09-24 16:01 50112 --sha-w- c:\windows\system32\c_24862.nl_
2011-09-13 22:03 . 2011-09-13 22:03 -------- d-----w- c:\documents and settings\POS\Application Data\SUPERAntiSpyware.com
2011-09-13 22:03 . 2011-09-24 16:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-13 22:03 . 2011-09-13 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-09-13 22:01 . 2011-09-13 22:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-09-13 20:09 . 2011-09-13 20:09 -------- d-----w- c:\documents and settings\POS\Application Data\Malwarebytes
2011-09-13 20:09 . 2011-09-13 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-13 20:09 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-13 20:09 . 2011-09-16 21:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-29 23:21 . 2011-08-29 23:21 4194304 ----a-w- c:\windows\system32\jlqnxorr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-24 15:55 . 2010-09-07 09:48 248656 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-09-24 15:51 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-13 21:14 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP413f.tmp
2011-09-13 21:13 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP41cc.tmp
2011-09-13 21:10 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP41db.tmp
2011-09-13 21:09 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP41ad.tmp
2011-09-13 21:09 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP41c0.tmp
2011-09-13 21:08 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP4190.tmp
2011-09-13 21:08 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP418f.tmp
2011-09-13 21:07 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP4239.tmp
2011-09-13 21:06 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP412f.tmp
2011-09-13 21:06 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP414e.tmp
2011-09-13 21:05 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP41bf.tmp
2011-09-13 21:05 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP41ac.tmp
2011-09-13 21:04 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP4100.tmp
2011-09-13 21:03 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP41be.tmp
2011-09-13 21:03 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP41bd.tmp
2011-09-13 21:02 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP493e.tmp
2011-09-13 20:04 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP41bc.tmp
2011-09-13 20:04 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP41cb.tmp
2011-09-13 20:03 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP415e.tmp
2011-09-13 20:02 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP411f.tmp
2011-09-13 20:01 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP416e.tmp
2011-09-13 20:01 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP4110.tmp
2011-09-13 20:00 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP418e.tmp
2011-09-13 20:00 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP418d.tmp
2011-09-13 19:59 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP4778.tmp
2011-09-13 19:59 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP444c.tmp
2011-09-13 00:03 . 2011-05-16 15:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-05 16:09 . 2009-10-20 16:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-08-05 16:09 . 2009-10-20 16:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-08-05 16:09 . 2009-10-20 16:02 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-08-05 16:09 . 2009-10-20 16:02 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-08-05 16:09 . 2009-10-20 16:02 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2011-08-05 16:09 . 2009-10-20 16:02 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-15 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-15 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-15 150040]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\documents and settings\POS\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-9-11 984352]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-08-05 16:09 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 21:20 57344 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2011-04-18 22:40 2334560 ----a-w- c:\program files\AVG\AVG10\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 21:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-07-31 20:05 16806912 ----a-w- c:\windows\RTHDCPL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\IObit\\Smart Defrag 2\\SmartDefrag.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SSUpdate.exe"=
"c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\dfsvc.exe"=
"c:\\Documents and Settings\\POS\\Local Settings\\Apps\\2.0\\R1JJYHB2.HE7\\JDY0RJ1X.EKJ\\gvac..tion_99b8d9e5a3302077_0001.0000_599f04c31ec09faf\\GvaClient.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Numark Cue\\cue.exe"=
"c:\\Program Files\\Common Files\\Intuit\\Sync\\IntuitSyncManager.exe"=
"c:\\Documents and Settings\\POS\\Desktop\\TDSSKiller.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 5:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [5/23/2011 3:11 PM 13496]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 4:49 AM 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 6:38 PM 116608]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 4:34 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 10:42 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 10:42 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 10:42 PM 27216]
R3 Ch2kPS2;Cherry PS/2 Keyboard Driver (CDI);c:\windows\system32\drivers\Ch2kPS2.sys [10/26/2005 1:48 PM 134446]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10/13/2009 9:02 AM 110080]
R3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [6/12/2011 3:34 PM 23608]
S2 ASFIPmon;Broadcom ASF IP Monitor;"c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe" -service --> c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/25/2010 3:45 PM 135664]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe --> c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [?]
S2 PortEmulator;Port Emulator (Star);c:\program files\StarMicronics\TSP100\Software\20070601\portemu.exe --> c:\program files\StarMicronics\TSP100\Software\20070601\portemu.exe [?]
S3 Diag69xp;Diag69xp;c:\windows\system32\Drivers\Diag69xp.sys --> c:\windows\system32\Drivers\Diag69xp.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/25/2010 3:45 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 QuickBooksDB19;QuickBooksDB19;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 20:45]
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 20:45]
.
2011-09-24 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-05-23 22:29]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
DPF: {3A52566B-6018-485B-B713-8B9FF660D8E8} - hxxp://192.168.0.200/webdvr2.18.2.16_71.0.0.0.cab
DPF: {9282A3AA-4954-46B4-B4AE-F086CE3F1110} - hxxp://192.168.0.200/regtrustsite.cab
FF - ProfilePath - c:\documents and settings\POS\Application Data\Mozilla\Firefox\Profiles\kkj9aopi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.phonglekaraoke.com/store/comersus_index.asp
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-31756545.sys
SafeBoot-67931729.sys
AddRemove-EZSwipe - r:\retail\Uninstall drop shipment plugin.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-24 11:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(248)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ImgUtil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-09-24 11:47:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-24 16:47
.
Pre-Run: 137,108,164,608 bytes free
Post-Run: 137,423,679,488 bytes free
.
- - End Of File - - B0A03C5C0EAACD3C09FEB56681783A76

I ran TDSSKiller a 3rd time to get internet and my network connections back. Here's the log for that.
2011/09/24 11:50:39.0156 3608 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/24 11:50:39.0171 3608 ================================================================================
2011/09/24 11:50:39.0171 3608 SystemInfo:
2011/09/24 11:50:39.0171 3608
2011/09/24 11:50:39.0171 3608 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/24 11:50:39.0171 3608 Product type: Workstation
2011/09/24 11:50:39.0171 3608 ComputerName: REG1
2011/09/24 11:50:39.0171 3608 UserName: POS
2011/09/24 11:50:39.0171 3608 Windows directory: C:\WINDOWS
2011/09/24 11:50:39.0171 3608 System windows directory: C:\WINDOWS
2011/09/24 11:50:39.0171 3608 Processor architecture: Intel x86
2011/09/24 11:50:39.0171 3608 Number of processors: 2
2011/09/24 11:50:39.0171 3608 Page size: 0x1000
2011/09/24 11:50:39.0171 3608 Boot type: Normal boot
2011/09/24 11:50:39.0171 3608 ================================================================================
2011/09/24 11:50:41.0312 3608 Initialize success
2011/09/24 11:50:43.0046 3628 ================================================================================
2011/09/24 11:50:43.0046 3628 Scan started
2011/09/24 11:50:43.0046 3628 Mode: Manual;
2011/09/24 11:50:43.0046 3628 ================================================================================
2011/09/24 11:50:43.0937 3628 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/24 11:50:43.0984 3628 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/24 11:50:44.0046 3628 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/24 11:50:44.0093 3628 AFD (baf616ee7ab76e3a952fb49a141e60aa) C:\WINDOWS\System32\drivers\afd.sys
2011/09/24 11:50:44.0093 3628 AFD - detected Rootkit.Win32.ZAccess.e (0)
2011/09/24 11:50:44.0218 3628 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/24 11:50:44.0250 3628 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/24 11:50:44.0265 3628 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/24 11:50:44.0328 3628 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/24 11:50:44.0390 3628 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/24 11:50:44.0421 3628 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/09/24 11:50:44.0437 3628 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/24 11:50:44.0453 3628 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/09/24 11:50:44.0468 3628 Avgldx86 (9501669a6198d5122843efdc8ec52146) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/09/24 11:50:44.0468 3628 Avgldx86 - detected Rootkit.Win32.ZAccess.e (0)
2011/09/24 11:50:44.0484 3628 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/09/24 11:50:44.0500 3628 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/09/24 11:50:44.0515 3628 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/09/24 11:50:44.0578 3628 BASFND (3d87b0484be1093c6614062701f375c5) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
2011/09/24 11:50:44.0640 3628 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/24 11:50:44.0687 3628 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/24 11:50:44.0703 3628 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/24 11:50:44.0750 3628 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/24 11:50:44.0796 3628 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/24 11:50:44.0843 3628 Ch2kPS2 (87ec185b1ac9862afe34891d98584815) C:\WINDOWS\system32\DRIVERS\Ch2kPS2.sys
2011/09/24 11:50:44.0875 3628 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/24 11:50:44.0921 3628 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/24 11:50:44.0984 3628 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/24 11:50:45.0015 3628 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/24 11:50:45.0015 3628 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/24 11:50:45.0062 3628 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/24 11:50:45.0093 3628 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/24 11:50:45.0109 3628 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/24 11:50:45.0125 3628 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/24 11:50:45.0187 3628 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/24 11:50:45.0203 3628 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/24 11:50:45.0234 3628 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/09/24 11:50:45.0250 3628 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/24 11:50:45.0265 3628 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/24 11:50:45.0312 3628 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/24 11:50:45.0328 3628 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/24 11:50:45.0390 3628 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/24 11:50:45.0437 3628 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/09/24 11:50:45.0500 3628 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/24 11:50:45.0562 3628 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/24 11:50:45.0609 3628 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/24 11:50:45.0765 3628 ialm (2da364ee62d4949620b6fae4ffea16a7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/09/24 11:50:46.0015 3628 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/24 11:50:46.0156 3628 IntcAzAudAddService (5c8f36cdcb489111b24003af4dfe1fdc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/24 11:50:46.0296 3628 IntcHdmiAddService (c9ef68bee3b1a62f34125a9fbbaac10c) C:\WINDOWS\system32\drivers\IntcHdmi.sys
2011/09/24 11:50:46.0359 3628 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/24 11:50:46.0375 3628 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/09/24 11:50:46.0406 3628 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/24 11:50:46.0453 3628 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/24 11:50:46.0468 3628 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/24 11:50:46.0531 3628 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/24 11:50:46.0578 3628 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/24 11:50:46.0640 3628 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/24 11:50:46.0703 3628 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/24 11:50:46.0718 3628 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/24 11:50:46.0765 3628 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/24 11:50:46.0796 3628 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/24 11:50:46.0921 3628 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/09/24 11:50:46.0921 3628 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/09/24 11:50:46.0937 3628 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/09/24 11:50:46.0984 3628 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/24 11:50:47.0015 3628 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/24 11:50:47.0078 3628 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/24 11:50:47.0125 3628 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/24 11:50:47.0125 3628 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/24 11:50:47.0171 3628 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/24 11:50:47.0234 3628 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/24 11:50:47.0250 3628 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/24 11:50:47.0312 3628 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/24 11:50:47.0343 3628 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/24 11:50:47.0343 3628 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/24 11:50:47.0406 3628 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/24 11:50:47.0421 3628 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/24 11:50:47.0468 3628 MusCAudio (7c2d2b593b837fd59c17ef649cda1ea6) C:\WINDOWS\system32\drivers\MusCAudio.sys
2011/09/24 11:50:47.0484 3628 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/24 11:50:47.0484 3628 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/24 11:50:47.0546 3628 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/24 11:50:47.0546 3628 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/24 11:50:47.0593 3628 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/24 11:50:47.0609 3628 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/24 11:50:47.0640 3628 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/24 11:50:47.0656 3628 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/24 11:50:47.0687 3628 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/24 11:50:47.0718 3628 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/24 11:50:47.0765 3628 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/24 11:50:47.0937 3628 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/24 11:50:48.0062 3628 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/09/24 11:50:48.0062 3628 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/09/24 11:50:48.0093 3628 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/09/24 11:50:48.0109 3628 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
2011/09/24 11:50:48.0140 3628 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/09/24 11:50:48.0140 3628 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/24 11:50:48.0171 3628 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/24 11:50:48.0218 3628 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/24 11:50:48.0234 3628 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/24 11:50:48.0265 3628 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/24 11:50:48.0359 3628 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/24 11:50:48.0359 3628 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/24 11:50:48.0406 3628 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/24 11:50:48.0437 3628 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/24 11:50:48.0500 3628 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/24 11:50:48.0515 3628 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/24 11:50:48.0531 3628 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/24 11:50:48.0562 3628 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/24 11:50:48.0593 3628 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/24 11:50:48.0609 3628 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/24 11:50:48.0656 3628 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/24 11:50:48.0703 3628 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/24 11:50:48.0718 3628 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/24 11:50:48.0781 3628 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/09/24 11:50:48.0906 3628 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/09/24 11:50:48.0953 3628 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/09/24 11:50:48.0984 3628 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/24 11:50:49.0031 3628 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/24 11:50:49.0046 3628 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/24 11:50:49.0062 3628 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/24 11:50:49.0125 3628 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2011/09/24 11:50:49.0187 3628 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/24 11:50:49.0203 3628 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/24 11:50:49.0281 3628 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/24 11:50:49.0328 3628 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/09/24 11:50:49.0390 3628 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/24 11:50:49.0406 3628 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/24 11:50:49.0453 3628 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/24 11:50:49.0515 3628 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/24 11:50:49.0562 3628 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/09/24 11:50:49.0593 3628 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/24 11:50:49.0640 3628 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/24 11:50:49.0656 3628 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/24 11:50:49.0687 3628 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/09/24 11:50:49.0718 3628 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/24 11:50:49.0765 3628 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/24 11:50:49.0828 3628 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/24 11:50:49.0875 3628 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/24 11:50:49.0937 3628 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/24 11:50:49.0953 3628 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/24 11:50:50.0000 3628 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/24 11:50:50.0046 3628 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/24 11:50:50.0109 3628 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/24 11:50:50.0171 3628 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/24 11:50:50.0218 3628 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/24 11:50:50.0281 3628 vsbus (9a6d82a92023d761b65d6f4bb21ffecb) C:\WINDOWS\system32\DRIVERS\vsb.sys
2011/09/24 11:50:50.0312 3628 vserial (1347a382745d9f57fca86bc3d78881c7) C:\WINDOWS\system32\DRIVERS\vserial.sys
2011/09/24 11:50:50.0328 3628 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/24 11:50:50.0390 3628 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/24 11:50:50.0453 3628 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/09/24 11:50:50.0468 3628 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/24 11:50:50.0515 3628 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/24 11:50:50.0546 3628 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/09/24 11:50:52.0015 3628 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
2011/09/24 11:50:52.0046 3628 Boot (0x1200) (9ac84626efdc3064d6e988fb6b934482) \Device\Harddisk0\DR0\Partition0
2011/09/24 11:50:52.0062 3628 Boot (0x1200) (3da392e1bf89b65310ca7177ff76d58e) \Device\Harddisk1\DR2\Partition0
2011/09/24 11:50:52.0062 3628 ================================================================================
2011/09/24 11:50:52.0062 3628 Scan finished
2011/09/24 11:50:52.0062 3628 ================================================================================
2011/09/24 11:50:52.0062 3660 Detected object count: 2
2011/09/24 11:50:52.0062 3660 Actual detected object count: 2
2011/09/24 11:50:57.0703 3660 AFD (baf616ee7ab76e3a952fb49a141e60aa) C:\WINDOWS\System32\drivers\afd.sys
2011/09/24 11:50:57.0703 3660 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813
2011/09/24 11:50:57.0875 3660 Backup copy found, using it..
2011/09/24 11:50:57.0875 3660 C:\WINDOWS\System32\drivers\afd.sys - will be cured after reboot
2011/09/24 11:50:57.0875 3660 Rootkit.Win32.ZAccess.e(AFD) - User select action: Cure
2011/09/24 11:50:57.0984 3660 Avgldx86 (9501669a6198d5122843efdc8ec52146) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/09/24 11:50:58.0000 3660 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\avgldx86.sys) error 1813
2011/09/24 11:50:58.0015 3660 Backup copy not found, trying to cure infected file..
2011/09/24 11:50:58.0015 3660 C:\WINDOWS\system32\DRIVERS\avgldx86.sys - Cure failed (FFFFFFFF)
2011/09/24 11:50:58.0015 3660 C:\WINDOWS\system32\DRIVERS\avgldx86.sys - processing error
2011/09/24 11:50:58.0015 3660 Rootkit.Win32.ZAccess.e(Avgldx86) - User select action: Cure
2011/09/24 11:51:03.0078 1348 Deinitialize success

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:08 AM

Posted 24 September 2011 - 06:08 PM

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!


You did see this warning?
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

Execute this immediately.
How to install and use the Windows XP Recovery Console
http://www.bleepingcomputer.com/tutorials/tutorial117.html

You will be sorry if you do not and have to restore your operating system.
Your computer may be used as a door stop if something goes wrong.
===

Now run the aswMBR.exe tool. Select the FixMBR button.

Important > you need to wait for the tool to report ... Infection fixed successfully
Do not reboot the machine until it has said so.

When you see the message restart the computer normally.

Run aswBMR,exe and post the log.


Run the ComboFix tool again and post the log also.

Please let me know what problem persists.

#6 Lotus81

Lotus81
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 24 September 2011 - 06:41 PM

Hello.

I installed Windows Recovery Console. Ran aswMBR.exe and then clicked FixMBR button.

It shows Disk 0 Windows 501 MBR fixed successfully.

Can I continue the steps? Or should I keep waiting?

Thank you.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:08 AM

Posted 25 September 2011 - 07:08 AM

Run the ComboFix tool again and post the log.

A number of file similar to this one c:\windows\DUMP413f.tmp are listed in your ComboFix log.
Let me know if they are still present in your C:\windows folder. I will prepare a fix to remove them.

===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Post the logs and let me know what problem persists.

#8 Lotus81

Lotus81
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 25 September 2011 - 12:23 PM

Hello.

Here is the ComboFix log

ComboFix 11-09-24.01 - POS 09/25/2011 12:09:57.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2604 [GMT -5:00]
Running from: c:\documents and settings\POS\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-25 to 2011-09-25 )))))))))))))))))))))))))))))))
.
.
2011-09-24 16:54 . 2011-09-24 16:54 -------- d-----w- c:\windows\LastGood
2011-09-17 16:45 . 2011-09-24 16:01 50112 --sha-w- c:\windows\system32\c_24862.nl_
2011-09-13 22:03 . 2011-09-13 22:03 -------- d-----w- c:\documents and settings\POS\Application Data\SUPERAntiSpyware.com
2011-09-13 22:03 . 2011-09-24 16:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-13 22:03 . 2011-09-13 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-09-13 22:01 . 2011-09-13 22:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-09-13 20:09 . 2011-09-13 20:09 -------- d-----w- c:\documents and settings\POS\Application Data\Malwarebytes
2011-09-13 20:09 . 2011-09-13 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-13 20:09 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-13 20:09 . 2011-09-16 21:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-29 23:21 . 2011-08-29 23:21 4194304 ----a-w- c:\windows\system32\jlqnxorr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-24 16:51 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-24 15:55 . 2010-09-07 09:48 248656 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-09-13 21:14 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP413f.tmp
2011-09-13 21:13 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP41cc.tmp
2011-09-13 21:10 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP41db.tmp
2011-09-13 21:09 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP41ad.tmp
2011-09-13 21:09 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP41c0.tmp
2011-09-13 21:08 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP4190.tmp
2011-09-13 21:08 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP418f.tmp
2011-09-13 21:07 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP4239.tmp
2011-09-13 21:06 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP412f.tmp
2011-09-13 21:06 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP414e.tmp
2011-09-13 21:05 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP41bf.tmp
2011-09-13 21:05 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP41ac.tmp
2011-09-13 21:04 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP4100.tmp
2011-09-13 21:03 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP41be.tmp
2011-09-13 21:03 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP41bd.tmp
2011-09-13 21:02 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP493e.tmp
2011-09-13 20:04 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP41bc.tmp
2011-09-13 20:04 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP41cb.tmp
2011-09-13 20:03 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP415e.tmp
2011-09-13 20:02 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP411f.tmp
2011-09-13 20:01 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP416e.tmp
2011-09-13 20:01 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP4110.tmp
2011-09-13 20:00 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP418e.tmp
2011-09-13 20:00 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP418d.tmp
2011-09-13 19:59 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP4778.tmp
2011-09-13 19:59 . 2009-10-12 15:36 81920 ----a-w- c:\windows\DUMP444c.tmp
2011-09-13 00:03 . 2011-05-16 15:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-05 16:09 . 2009-10-20 16:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-08-05 16:09 . 2009-10-20 16:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-08-05 16:09 . 2009-10-20 16:02 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-08-05 16:09 . 2009-10-20 16:02 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-08-05 16:09 . 2009-10-20 16:02 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2011-08-05 16:09 . 2009-10-20 16:02 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-24_16.45.06 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-15 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-15 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-15 150040]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\documents and settings\POS\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-9-11 984352]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-08-05 16:09 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 21:20 57344 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2011-04-18 22:40 2334560 ----a-w- c:\program files\AVG\AVG10\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 21:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-07-31 20:05 16806912 ----a-w- c:\windows\RTHDCPL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\IObit\\Smart Defrag 2\\SmartDefrag.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SSUpdate.exe"=
"c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\dfsvc.exe"=
"c:\\Documents and Settings\\POS\\Local Settings\\Apps\\2.0\\R1JJYHB2.HE7\\JDY0RJ1X.EKJ\\gvac..tion_99b8d9e5a3302077_0001.0000_599f04c31ec09faf\\GvaClient.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Numark Cue\\cue.exe"=
"c:\\Program Files\\Common Files\\Intuit\\Sync\\IntuitSyncManager.exe"=
"c:\\Documents and Settings\\POS\\Desktop\\TDSSKiller.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 5:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [5/23/2011 3:11 PM 13496]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 4:49 AM 297168]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 6:38 PM 116608]
R3 Ch2kPS2;Cherry PS/2 Keyboard Driver (CDI);c:\windows\system32\drivers\Ch2kPS2.sys [10/26/2005 1:48 PM 134446]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 248656]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
S2 ASFIPmon;Broadcom ASF IP Monitor;"c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe" -service --> c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/25/2010 3:45 PM 135664]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 4:34 PM 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe --> c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [?]
S2 PortEmulator;Port Emulator (Star);c:\program files\StarMicronics\TSP100\Software\20070601\portemu.exe --> c:\program files\StarMicronics\TSP100\Software\20070601\portemu.exe [?]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 10:42 PM 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 10:42 PM 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 10:42 PM 27216]
S3 Diag69xp;Diag69xp;c:\windows\system32\Drivers\Diag69xp.sys --> c:\windows\system32\Drivers\Diag69xp.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/25/2010 3:45 PM 135664]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10/13/2009 9:02 AM 110080]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [6/12/2011 3:34 PM 23608]
S3 QuickBooksDB19;QuickBooksDB19;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 20:45]
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 20:45]
.
2011-09-24 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-05-23 22:29]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
DPF: {3A52566B-6018-485B-B713-8B9FF660D8E8} - hxxp://192.168.0.200/webdvr2.18.2.16_71.0.0.0.cab
DPF: {9282A3AA-4954-46B4-B4AE-F086CE3F1110} - hxxp://192.168.0.200/regtrustsite.cab
FF - ProfilePath - c:\documents and settings\POS\Application Data\Mozilla\Firefox\Profiles\kkj9aopi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.phonglekaraoke.com/store/comersus_index.asp
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-09782336.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-25 12:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(1936)
c:\windows\system32\WININET.dll
.
Completion time: 2011-09-25 12:13:15
ComboFix-quarantined-files.txt 2011-09-25 17:13
ComboFix2.txt 2011-09-24 16:47
.
Pre-Run: 137,285,402,624 bytes free
Post-Run: 137,296,363,520 bytes free
.
- - End Of File - - ED2A2261A68A014E1D9E8045AA69FD63

Here is the aswMBR.txt

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-24 11:05:57
-----------------------------
11:05:57.468 OS Version: Windows 5.1.2600 Service Pack 3
11:05:57.468 Number of processors: 2 586 0x170A
11:05:57.468 ComputerName: REG1 UserName: POS
11:05:57.859 Initialize success
11:05:58.515 AVAST engine defs: 11091301
11:06:01.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:06:01.703 Disk 0 Vendor: SAMSUNG_HD161GJ 1AC01117 Size: 152587MB BusType: 3
11:06:03.718 Disk 0 MBR read successfully
11:06:03.718 Disk 0 MBR scan
11:06:04.125 Disk 0 Windows XP default MBR code
11:06:04.140 Disk 0 scanning sectors +312480315
11:06:04.625 Disk 0 scanning C:\WINDOWS\system32\drivers
11:06:06.687 File: C:\WINDOWS\system32\drivers\afd.sys **INFECTED** Win32:Alureon-AJI [Rtk]
11:06:07.906 File: C:\WINDOWS\system32\drivers\avgldx86.sys **INFECTED** Win32:Alureon-AJI [Rtk]
11:06:15.562 Service scanning
11:06:17.187 Service .afd \* **LOCKED** 123
11:06:18.328 Modules scanning
11:06:20.625 Module: C:\WINDOWS\System32\drivers\afd.sys **SUSPICIOUS**
11:06:22.062 Disk 0 trace - called modules:
11:06:22.125 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:06:22.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aefeab8]
11:06:22.187 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000078[0x8af9d9e8]
11:06:22.218 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aeffd50]
11:06:22.484 AVAST engine scan C:\WINDOWS
11:06:24.125 File: C:\WINDOWS\2736370052:2068768348.exe **INFECTED** Win32:Tiny-AMB [Rtk]
11:06:31.687 AVAST engine scan C:\WINDOWS\system32
11:07:36.125 AVAST engine scan C:\WINDOWS\system32\drivers
11:07:36.468 File: C:\WINDOWS\system32\drivers\afd.sys **INFECTED** Win32:Alureon-AJI [Rtk]
11:07:37.015 File: C:\WINDOWS\system32\drivers\avgldx86.sys **INFECTED** Win32:Alureon-AJI [Rtk]
11:07:43.515 AVAST engine scan C:\Documents and Settings\POS
11:10:17.421 AVAST engine scan C:\Documents and Settings\All Users
11:11:15.093 Scan finished successfully
11:18:39.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\POS\Desktop\MBR.dat"
11:18:39.734 The log file has been saved successfully to "C:\Documents and Settings\POS\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-24 18:47:41
-----------------------------
18:47:41.203 OS Version: Windows 5.1.2600 Service Pack 3
18:47:41.203 Number of processors: 2 586 0x170A
18:47:41.203 ComputerName: REG1 UserName: POS
18:47:41.531 Initialize success
18:47:42.187 AVAST engine defs: 11091301
18:47:47.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:47:47.109 Disk 0 Vendor: SAMSUNG_HD161GJ 1AC01117 Size: 152587MB BusType: 3
18:47:49.140 Disk 0 MBR read successfully
18:47:49.140 Disk 0 MBR scan
18:47:49.562 Disk 0 Windows XP default MBR code
18:47:49.578 Disk 0 scanning sectors +312480315
18:47:50.093 Disk 0 scanning C:\WINDOWS\system32\drivers
18:47:53.343 File: C:\WINDOWS\system32\drivers\avgldx86.sys **INFECTED** Win32:Alureon-AJI [Rtk]
18:48:01.015 Service scanning
18:48:03.593 Modules scanning
18:48:06.750 Disk 0 trace - called modules:
18:48:06.796 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:48:06.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af87ab8]
18:48:06.812 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000079[0x8afb39e8]
18:48:06.843 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8af92d98]
18:48:07.109 AVAST engine scan C:\WINDOWS
18:48:17.062 AVAST engine scan C:\WINDOWS\system32
18:49:18.250 AVAST engine scan C:\WINDOWS\system32\drivers
18:49:19.093 File: C:\WINDOWS\system32\drivers\avgldx86.sys **INFECTED** Win32:Alureon-AJI [Rtk]
18:49:25.625 AVAST engine scan C:\Documents and Settings\POS
18:51:55.796 AVAST engine scan C:\Documents and Settings\All Users
18:52:50.015 Scan finished successfully
18:54:50.546 Verifying
18:55:00.546 Disk 0 Windows 501 MBR fixed successfully
12:06:31.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\POS\Desktop\MBR.dat"
12:06:31.171 The log file has been saved successfully to "C:\Documents and Settings\POS\Desktop\aswMBR.txt"


c:\windows\DUMP413f.tmp - There are about 25 of these files still in c:\windows\

#9 Lotus81

Lotus81
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 25 September 2011 - 12:24 PM

Here are the results from the Security Check

Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Free Antivirus
AVG 2011
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 16
Java™ 6 Update 21
Out of date Java installed!
Adobe Flash Player 10.3.183.7
Mozilla Firefox (3.6.10) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:08 AM

Posted 26 September 2011 - 07:20 AM

C:\WINDOWS\system32\drivers\avgldx86.sys **INFECTED** Win32:Alureon-AJI [Rtk]
Your AVG 2011 is infected. Please reinstall the application.
===
Open notepad and copy/paste the text in the quote box below into it:

File::
c:\windows\system32\jlqnxorr.dll
C:\WINDOWS\2736370052:2068768348.exe
c:\windows\DUMP413f.tmp
c:\windows\DUMP41cc.tmp
c:\windows\DUMP41db.tmp
c:\windows\DUMP41ad.tmp
c:\windows\DUMP41c0.tmp
c:\windows\DUMP4190.tmp
c:\windows\DUMP418f.tmp
c:\windows\DUMP4239.tmp
c:\windows\DUMP412f.tmp
c:\windows\DUMP414e.tmp
c:\windows\DUMP41bf.tmp
c:\windows\DUMP41ac.tmp
c:\windows\DUMP4100.tmp
c:\windows\DUMP41be.tmp
c:\windows\DUMP41bd.tmp
c:\windows\DUMP493e.tmp
c:\windows\DUMP41bc.tmp
c:\windows\DUMP41cb.tmp
c:\windows\DUMP415e.tmp
c:\windows\DUMP411f.tmp
c:\windows\DUMP416e.tmp
c:\windows\DUMP4110.tmp
c:\windows\DUMP418e.tmp
c:\windows\DUMP418d.tmp
c:\windows\DUMP4778.tmp
c:\windows\DUMP444c.tmp


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the corrent version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 16
Java™ 6 Update 21

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.7 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Flash Player 10.3.183.10 ... Flash Player for Android update to Adobe Flash Player for Android 10.3.186.7

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.

Download for Internet Explorer

Download for Firefox and other browsers
<<<>>>

Run the aswMBR tool and save the log.

Post the ComboFix and the aswMBR logs for my review.

Let me know what problem persists.

#11 Lotus81

Lotus81
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 26 September 2011 - 10:42 AM

Last night the computer was working very smoothly. This morning everything needs to be clicked twice even the OK buttons.

ComboFix 11-09-24.01 - POS 09/26/2011 10:37:41.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2466 [GMT -5:00]
Running from: c:\documents and settings\POS\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\POS\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\2736370052:2068768348.exe"
"c:\windows\DUMP4100.tmp"
"c:\windows\DUMP4110.tmp"
"c:\windows\DUMP411f.tmp"
"c:\windows\DUMP412f.tmp"
"c:\windows\DUMP413f.tmp"
"c:\windows\DUMP414e.tmp"
"c:\windows\DUMP415e.tmp"
"c:\windows\DUMP416e.tmp"
"c:\windows\DUMP418d.tmp"
"c:\windows\DUMP418e.tmp"
"c:\windows\DUMP418f.tmp"
"c:\windows\DUMP4190.tmp"
"c:\windows\DUMP41ac.tmp"
"c:\windows\DUMP41ad.tmp"
"c:\windows\DUMP41bc.tmp"
"c:\windows\DUMP41bd.tmp"
"c:\windows\DUMP41be.tmp"
"c:\windows\DUMP41bf.tmp"
"c:\windows\DUMP41c0.tmp"
"c:\windows\DUMP41cb.tmp"
"c:\windows\DUMP41cc.tmp"
"c:\windows\DUMP41db.tmp"
"c:\windows\DUMP4239.tmp"
"c:\windows\DUMP444c.tmp"
"c:\windows\DUMP4778.tmp"
"c:\windows\DUMP493e.tmp"
"c:\windows\system32\jlqnxorr.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\DUMP4100.tmp
c:\windows\DUMP4110.tmp
c:\windows\DUMP411f.tmp
c:\windows\DUMP412f.tmp
c:\windows\DUMP413f.tmp
c:\windows\DUMP414e.tmp
c:\windows\DUMP415e.tmp
c:\windows\DUMP416e.tmp
c:\windows\DUMP418d.tmp
c:\windows\DUMP418e.tmp
c:\windows\DUMP418f.tmp
c:\windows\DUMP4190.tmp
c:\windows\DUMP41ac.tmp
c:\windows\DUMP41ad.tmp
c:\windows\DUMP41bc.tmp
c:\windows\DUMP41bd.tmp
c:\windows\DUMP41be.tmp
c:\windows\DUMP41bf.tmp
c:\windows\DUMP41c0.tmp
c:\windows\DUMP41cb.tmp
c:\windows\DUMP41cc.tmp
c:\windows\DUMP41db.tmp
c:\windows\DUMP4239.tmp
c:\windows\DUMP444c.tmp
c:\windows\DUMP4778.tmp
c:\windows\DUMP493e.tmp
c:\windows\system32\jlqnxorr.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-08-26 to 2011-09-26 )))))))))))))))))))))))))))))))
.
.
2011-09-17 16:45 . 2011-09-24 16:01 50112 --sha-w- c:\windows\system32\c_24862.nl_
2011-09-13 22:03 . 2011-09-13 22:03 -------- d-----w- c:\documents and settings\POS\Application Data\SUPERAntiSpyware.com
2011-09-13 22:03 . 2011-09-24 16:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-13 22:03 . 2011-09-13 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-09-13 22:01 . 2011-09-13 22:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-09-13 20:09 . 2011-09-13 20:09 -------- d-----w- c:\documents and settings\POS\Application Data\Malwarebytes
2011-09-13 20:09 . 2011-09-13 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-13 20:09 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-13 20:09 . 2011-09-16 21:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-13 19:36 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-13 19:36 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-13 19:36 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-13 19:36 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-13 19:36 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-13 19:36 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-13 19:36 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-13 19:36 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-13 19:36 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-09-13 19:36 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-13 19:36 . 2011-09-13 19:36 -------- d-----w- c:\program files\AVAST Software
2011-09-13 19:36 . 2011-09-13 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-24 15:55 . 2010-09-07 09:48 248656 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-09-13 00:03 . 2011-05-16 15:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-05 16:09 . 2009-10-20 16:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-08-05 16:09 . 2009-10-20 16:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-08-05 16:09 . 2009-10-20 16:02 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-08-05 16:09 . 2009-10-20 16:02 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-08-05 16:09 . 2009-10-20 16:02 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2011-08-05 16:09 . 2009-10-20 16:02 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-24_16.45.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 12:00 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 12:00 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 12:00 . 2011-09-25 17:36 71628 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 09:31 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 09:31 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 43520 c:\windows\system32\licmgr10.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 43520 c:\windows\system32\licmgr10.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll
- 2009-10-15 00:28 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-10-15 00:28 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-04-14 12:00 . 2011-07-08 14:02 10496 c:\windows\system32\dllcache\ndistapi.sys
+ 2008-04-14 12:00 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2009-10-15 00:28 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-10-15 00:28 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 12:00 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2008-04-14 12:00 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2008-04-14 12:00 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll
- 2008-04-14 12:00 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2011-09-25 17:30 . 2011-02-22 23:06 12800 c:\windows\ie8updates\KB2559049-IE8\xpshims.dll
+ 2011-09-25 17:30 . 2011-02-22 23:06 66560 c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll
+ 2011-09-25 17:30 . 2011-02-22 23:06 55296 c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll
+ 2011-09-25 17:30 . 2011-02-22 23:06 43520 c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll
+ 2011-09-25 17:30 . 2011-02-22 23:06 25600 c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll
+ 2011-09-25 17:37 . 2011-09-25 17:37 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\343c52b741531ce9ae874ea7508831a7\System.Windows.Presentation.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\246110974e3c48733458819b07464b23\System.Web.DynamicData.Design.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ace861fe8dbf146c3e449abaa7691e9f\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\177a17af98d803ab79006d6785706462\System.AddIn.Contract.ni.dll
+ 2011-09-25 17:37 . 2011-09-25 17:37 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\40ee65aacd9d7472cd6f8dddbfca604b\PresentationFontCache.ni.exe
+ 2011-09-25 17:36 . 2011-09-25 17:36 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\12c424eed7ee0e9c017bf72ff09eb78c\PresentationCFFRasterizer.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f9c514544c8e23220493cd42a0e20678\Microsoft.Vsa.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f5057c30d89ad8d99e38c946a68def9e\Microsoft.Build.Framework.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c40d3caad8bff3c52db7e7562286406a\dfsvc.ni.exe
+ 2011-09-25 17:39 . 2011-09-25 17:39 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
+ 2011-09-25 17:35 . 2011-09-25 17:35 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-09-25 17:35 . 2011-09-25 17:35 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-05-16 15:47 . 2011-05-16 15:47 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-05-16 15:47 . 2011-05-16 15:47 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-05-16 15:47 . 2011-05-16 15:47 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-09-25 17:35 . 2011-09-25 17:35 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-09-25 17:35 . 2011-09-25 17:35 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-09-25 17:35 . 2011-09-25 17:35 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-09-25 17:35 . 2011-09-25 17:35 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-09-25 17:35 . 2011-09-25 17:35 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-09-25 17:35 . 2011-09-25 17:35 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-05-16 15:47 . 2011-05-16 15:47 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-09-25 17:35 . 2011-09-25 17:35 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2008-04-14 12:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
+ 2008-04-14 12:00 . 2011-06-20 17:44 293376 c:\windows\system32\winsrv.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 916480 c:\windows\system32\wininet.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 916480 c:\windows\system32\wininet.dll
- 2008-04-14 12:00 . 2009-03-08 09:34 105984 c:\windows\system32\url.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 105984 c:\windows\system32\url.dll
+ 2008-04-14 12:00 . 2011-04-29 17:25 151552 c:\windows\system32\schannel.dll
+ 2008-04-14 12:00 . 2011-09-25 17:36 441436 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 551936 c:\windows\system32\oleaut32.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 206848 c:\windows\system32\occache.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 611840 c:\windows\system32\mstime.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 09:32 . 2011-06-23 18:36 602112 c:\windows\system32\msfeeds.dll
- 2009-03-08 09:32 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll
+ 2009-10-12 20:53 . 2011-05-02 15:31 692736 c:\windows\system32\inetcomm.dll
- 2009-10-12 20:53 . 2011-03-07 05:33 692736 c:\windows\system32\inetcomm.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 184320 c:\windows\system32\iepeers.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-14 12:00 . 2011-06-23 12:05 173568 c:\windows\system32\ie4uinit.exe
- 2008-04-14 12:00 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe
- 2009-10-12 15:40 . 2011-05-16 15:50 126912 c:\windows\system32\FNTCACHE.DAT
+ 2009-10-12 15:40 . 2011-09-25 17:52 126912 c:\windows\system32\FNTCACHE.DAT
+ 2009-10-12 20:52 . 2011-06-24 14:10 139656 c:\windows\system32\drivers\rdpwd.sys
- 2009-10-12 20:52 . 2008-04-14 12:00 139656 c:\windows\system32\drivers\rdpwd.sys
+ 2008-04-14 12:00 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys
- 2008-04-14 12:00 . 2011-09-24 15:51 138496 c:\windows\system32\drivers\afd.sys
+ 2008-04-14 12:00 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys
- 2008-04-14 12:00 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2008-04-14 12:00 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 916480 c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-10-12 20:53 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 105984 c:\windows\system32\dllcache\url.dll
- 2008-04-14 12:00 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll
+ 2008-04-14 12:00 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
- 2009-10-12 20:52 . 2008-04-14 12:00 139656 c:\windows\system32\dllcache\rdpwd.sys
+ 2009-10-12 20:52 . 2011-06-24 14:10 139656 c:\windows\system32\dllcache\rdpwd.sys
- 2008-04-14 12:00 . 2008-04-14 12:00 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2008-04-14 12:00 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 206848 c:\windows\system32\dllcache\occache.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 12:00 . 2011-04-21 13:37 105472 c:\windows\system32\dllcache\mup.sys
- 2008-04-14 12:00 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-10-15 00:28 . 2011-06-23 18:36 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2009-10-15 00:28 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-10-15 18:38 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
- 2009-10-12 20:53 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-10-12 20:53 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-10-15 00:28 . 2011-06-23 18:36 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-10-15 00:28 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 184320 c:\windows\system32\dllcache\iepeers.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-10 21:05 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-10 21:05 . 2011-06-23 18:36 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-14 12:00 . 2011-06-23 12:05 173568 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-04-14 12:00 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 12:00 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 599040 c:\windows\system32\dllcache\crypt32.dll
- 2008-04-14 12:00 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
+ 2008-04-14 12:00 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys
+ 2011-03-25 11:15 . 2011-03-25 11:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 09:39 . 2011-01-18 09:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 09:39 . 2011-01-18 09:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2011-01-18 09:39 . 2011-01-18 09:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-09-25 17:30 . 2011-02-22 23:06 916480 c:\windows\ie8updates\KB2559049-IE8\wininet.dll
+ 2011-09-25 17:30 . 2009-03-08 09:34 105984 c:\windows\ie8updates\KB2559049-IE8\url.dll
+ 2011-09-25 17:30 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
+ 2011-09-25 17:30 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
+ 2011-09-25 17:30 . 2011-02-22 23:06 206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll
+ 2011-09-25 17:30 . 2011-02-22 23:06 611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll
+ 2011-09-25 17:30 . 2011-02-22 23:06 602112 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
+ 2011-09-25 17:30 . 2011-02-22 23:06 247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
+ 2011-09-25 17:30 . 2011-02-22 23:06 184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
+ 2011-09-25 17:30 . 2011-02-22 23:06 743424 c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
+ 2011-09-25 17:30 . 2011-02-22 23:06 387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
+ 2011-09-25 17:30 . 2011-02-18 11:49 173568 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
+ 2011-09-25 17:31 . 2009-03-08 09:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2011-09-25 17:31 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2011-09-25 17:31 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2009-10-15 18:38 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-09-25 17:39 . 2011-09-25 17:39 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\cc14c69205b984edba1db26fd5e421ac\WsatConfig.ni.exe
+ 2011-09-25 17:37 . 2011-09-25 17:37 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\39ce0c9c9cc294c0ee26c4ff01522961\WindowsFormsIntegration.ni.dll
+ 2011-09-25 17:37 . 2011-09-25 17:37 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\3740d6db28af31a6523a79fcdd71fbeb\UIAutomationTypes.ni.dll
+ 2011-09-25 17:37 . 2011-09-25 17:37 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\431e918aee8da919f5b9e3a5195ccf93\UIAutomationClient.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\946eefb99bc116ee68e0e7c69a5a8a5c\System.Xml.Linq.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\a82eef3128b9527dc05b3c8667e713bc\System.Web.Routing.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\203c148c913357bfc2ae9d209101f2b3\System.Web.RegularExpressions.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f89fe39468ea6faf71c4257c89cf3c54\System.Web.Extensions.Design.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\2314ff800782dc85224e69e802a073f7\System.Web.Entity.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f690a8f5d784a5bb20f2cbaa7277eb6c\System.Web.Entity.Design.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c5c96400424b85536443623f96f64581\System.Web.DynamicData.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5f8e87b47465a038403e73012c6d102a\System.Web.Abstractions.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\de9cd25ccb24bcf8a0316756e766721f\System.Security.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\21248037960cf6dfa2ce401d355bd6c9\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\480ea914e13fe41cdd8fb542bb1f7e81\System.Net.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\dc72c7581f1b3794c0ea595ba02ff7ad\System.Management.Instrumentation.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\fcf8612a210d1f76e0b37dc8467b4696\System.IO.Log.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\ec017b5a95d02fccaefd835490ef1e14\System.IdentityModel.Selectors.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.Wrapper.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
+ 2011-09-25 17:37 . 2011-09-25 17:37 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\f7cd3d07c15366b76fe4c38d24455d6b\System.Drawing.Design.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\822c996e6ad4901219b7de399a6f78bf\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1ffe911e62f482e42be2c4428bd08c10\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e1c009b2c9becdb732a2ea45f32a46b8\System.Data.Services.Design.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1defd94e1662a4478ccf2cd0b1b4e6a6\System.Data.Services.Client.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04267c1dbdcdd8ec37e1518126767ead\System.Data.Entity.Design.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\f2a6d41b3f6e26eea6dcac9298aa637b\System.Data.DataSetExtensions.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\585e68739b2a8aff61ee6b2786513245\System.Configuration.Install.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\fbf6ef12d1456058acde29f2640092fb\System.AddIn.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\896e42071939e038008b0bbbfed1213c\SMSvcHost.ni.exe
+ 2011-09-25 17:39 . 2011-09-25 17:39 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca07e9cf488af1290d2340d682574a24\SMDiagnostics.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a5aa977dd575a6beb3a416bd480b98a7\ServiceModelReg.ni.exe
+ 2011-09-25 17:37 . 2011-09-25 17:37 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f52e48f55258d0a04fbab3a1f93752e9\PresentationFramework.Classic.ni.dll
+ 2011-09-25 17:37 . 2011-09-25 17:37 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\cf812b99f587ab514afb36fa9d4c1567\PresentationFramework.Aero.ni.dll
+ 2011-09-25 17:37 . 2011-09-25 17:37 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b7795999cc67f3a6cec40f5b24005e00\PresentationFramework.Luna.ni.dll
+ 2011-09-25 17:37 . 2011-09-25 17:37 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09f5af61ea2af04eb32c04b3091ffc86\PresentationFramework.Royale.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\2d89c7b72bc8e527b26d5b6f3b931012\MSBuild.ni.exe
+ 2011-09-25 17:39 . 2011-09-25 17:39 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\39e9d172f0cf5eec30b1b67212cc032b\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\f1b0ec3ccde9142e67ac681fb521ac66\Microsoft.Build.Utilities.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9250f038410f0d6432e3ccb0b046862b\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a4672179aba638cd78bdfe268391b47b\Microsoft.Build.Engine.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\37db660a84ee52b61a7ca55812581bbd\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\80bd17388778c90f301746ad88700758\CustomMarshalers.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\fe9a21b94803f74697bb42b9d1fdea5b\ComSvcConfig.ni.exe
+ 2011-09-25 17:39 . 2011-09-25 17:39 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\f160c8e40b60edd47ae74b0b911fece1\AspNetMMCExt.ni.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-09-25 17:35 . 2011-09-25 17:35 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-09-25 17:35 . 2011-09-25 17:35 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-05-16 15:47 . 2011-05-16 15:47 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-05-16 15:47 . 2011-05-16 15:47 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-05-16 15:47 . 2011-05-16 15:47 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-05-16 15:47 . 2011-05-16 15:47 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-09-25 17:35 . 2011-09-25 17:35 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-05-16 15:47 . 2011-05-16 15:47 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-05-16 15:47 . 2011-05-16 15:47 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-05-16 15:47 . 2011-05-16 15:47 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-05-16 15:47 . 2011-05-16 15:47 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-05-16 15:47 . 2011-05-16 15:47 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-05-16 15:47 . 2011-05-16 15:47 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-09-25 17:35 . 2011-09-25 17:35 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-05-16 15:47 . 2011-05-16 15:47 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-04-14 12:00 . 2011-06-02 14:02 1858944 c:\windows\system32\win32k.sys
+ 2008-04-14 12:00 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll
+ 2008-04-14 12:00 . 2011-07-25 15:17 5969920 c:\windows\system32\mshtml.dll
+ 2009-03-08 09:32 . 2011-06-23 18:36 1991680 c:\windows\system32\iertutil.dll
- 2009-03-08 09:32 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll
+ 2008-04-14 12:00 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-14 12:00 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 12:00 . 2011-07-25 15:17 5969920 c:\windows\system32\dllcache\mshtml.dll
- 2009-10-15 00:28 . 2011-02-22 23:06 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2009-10-15 00:28 . 2011-06-23 18:36 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-04-29 02:50 . 2011-04-29 02:50 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2010-03-23 10:32 . 2010-03-23 10:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-01-18 09:39 . 2011-01-18 09:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-05-02 05:06 . 2011-05-02 05:06 2705920 c:\windows\Installer\688a0.msp
+ 2011-09-25 17:30 . 2011-02-22 23:06 1210880 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
+ 2011-09-25 17:30 . 2011-02-22 23:06 5962240 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
+ 2011-09-25 17:30 . 2011-02-22 23:06 1991680 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
+ 2011-05-16 15:47 . 2011-05-16 15:47 2933248 c:\windows\assembly\temp\64AOGM3V14\System.Data.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd6e0cd6f124a6d041ef1b4c9a5f080b\WindowsBase.ni.dll
+ 2011-09-25 17:37 . 2011-09-25 17:37 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\162600dde59fbaa0c048a949158ecba3\UIAutomationClientsideProviders.ni.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
+ 2011-09-25 17:37 . 2011-09-25 17:37 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\22229a30650a9afbac984e1093898b13\System.WorkflowServices.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\4d6b3cc1fc7a4788612241af7966715a\System.Workflow.Runtime.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\e4c9853af945c9cfede19f3faf18af6e\System.Workflow.ComponentModel.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\ab4b50c7c789e46a485903365765fde8\System.Workflow.Activities.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a2392c995b1bb6b63079091259222357\System.Web.Services.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\3da92a0b9b8ac97e11ca8bf4df671a78\System.Web.Mobile.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\01f4d6aa3299a41b8578b7e96afdcfb1\System.Web.Extensions.ni.dll
+ 2011-09-25 17:37 . 2011-09-25 17:37 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e1208f0d981c420fc59f806bfbaa713b\System.Speech.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\27e1b8dfd5e1ccf2c5b9efc51f674c69\System.ServiceModel.Web.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dece01bd9e9c32e47630fdfc78d3bd32\System.Runtime.Serialization.ni.dll
+ 2011-09-25 17:37 . 2011-09-25 17:37 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\90b444d02047ef27921153d46967ef0e\System.Printing.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a50e2fc92db32751857fb8d297f9d7bc\System.IdentityModel.ni.dll
+ 2011-09-25 17:37 . 2011-09-25 17:37 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\259ecf480769f4e60514b7ae2abaa6f1\System.DirectoryServices.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\71cf3eb40fc38e6ac8fba09e872d2878\System.Deployment.ni.dll
+ 2011-09-25 17:37 . 2011-09-25 17:37 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0b16305773369cf740c6a2b1f1d785b2\System.Data.SqlXml.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\c1b9b8ce390548dcca661a5e6a908408\System.Data.Services.ni.dll
+ 2011-09-25 17:37 . 2011-09-25 17:37 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\571af34939797a7c1cd05b0b925a45bf\System.Data.Linq.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\2b58cc071d6bf0c741e91f86c09de5d7\System.Data.Entity.ni.dll
+ 2011-09-25 17:37 . 2011-09-25 17:37 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e54e013315849f5e34d8f2a8e7fdb450\System.Core.ni.dll
+ 2011-09-25 17:37 . 2011-09-25 17:37 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\24ab0cacc77e8696ceff3157942a2de4\ReachFramework.ni.dll
+ 2011-09-25 17:37 . 2011-09-25 17:37 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\fac1ca86f4fea17de40d7fdaba38563e\PresentationUI.ni.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b187becbc388c4ce7f33ede4da76e7b1\PresentationBuildTasks.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c6b19db2534042d435ede580f92bc75c\Microsoft.VisualBasic.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\08594c4ba9ea0253a836fe1d8d341984\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\345abd035c9378667b1cac54c1f21c97\Microsoft.JScript.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\906cd5555b79e4e0486dc8ef2a748b13\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7baff7d694394aaba490082c88d48fd2\Microsoft.Build.Tasks.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\235a22e1ae9742bb724d411629dd99d5\Microsoft.Build.Engine.ni.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-05-16 15:47 . 2011-05-16 15:47 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-09-25 17:35 . 2011-09-25 17:35 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-09-25 17:35 . 2011-09-25 17:35 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-05-16 15:46 . 2011-05-16 15:46 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-09-25 17:35 . 2011-09-25 17:35 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-05-16 15:47 . 2011-05-16 15:47 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-10-20 00:19 . 2011-05-16 15:47 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-15 00:28 . 2011-09-06 18:58 46249416 c:\windows\system32\MRT.exe
+ 2009-03-08 09:39 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll
+ 2009-10-15 00:28 . 2011-06-23 18:36 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-03-28 08:27 . 2011-03-28 08:27 15456256 c:\windows\Installer\688ac.msp
+ 2011-09-25 17:30 . 2011-02-22 23:06 11080704 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
+ 2011-09-25 17:37 . 2011-09-25 17:37 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
+ 2011-09-25 17:40 . 2011-09-25 17:40 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
+ 2011-09-25 17:39 . 2011-09-25 17:39 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3a0205acab2215fbad7927d9d483aeb\System.ServiceModel.ni.dll
+ 2011-09-25 17:37 . 2011-09-25 17:37 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\63ad0cd9b5e038c8e2e41415657db8fc\System.Design.ni.dll
+ 2011-09-25 17:37 . 2011-09-25 17:37 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\704556e34128441ea9f1a81cc89f8a79\PresentationFramework.ni.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5f332c48d03eca57419c4f0e884092ee\PresentationCore.ni.dll
+ 2011-09-25 17:36 . 2011-09-25 17:36 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-15 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-15 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-15 150040]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\documents and settings\POS\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-9-11 984352]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-08-05 16:09 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 21:20 57344 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2011-04-18 22:40 2334560 ----a-w- c:\program files\AVG\AVG10\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 21:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-07-31 20:05 16806912 ----a-w- c:\windows\RTHDCPL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\IObit\\Smart Defrag 2\\SmartDefrag.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SSUpdate.exe"=
"c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\dfsvc.exe"=
"c:\\Documents and Settings\\POS\\Local Settings\\Apps\\2.0\\R1JJYHB2.HE7\\JDY0RJ1X.EKJ\\gvac..tion_99b8d9e5a3302077_0001.0000_599f04c31ec09faf\\GvaClient.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Numark Cue\\cue.exe"=
"c:\\Program Files\\Common Files\\Intuit\\Sync\\IntuitSyncManager.exe"=
"c:\\Documents and Settings\\POS\\Desktop\\TDSSKiller.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 5:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [5/23/2011 3:11 PM 13496]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 4:49 AM 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 6:38 PM 116608]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 4:34 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 10:42 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 10:42 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 10:42 PM 27216]
R3 Ch2kPS2;Cherry PS/2 Keyboard Driver (CDI);c:\windows\system32\drivers\Ch2kPS2.sys [10/26/2005 1:48 PM 134446]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10/13/2009 9:02 AM 110080]
R3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [6/12/2011 3:34 PM 23608]
S2 ASFIPmon;Broadcom ASF IP Monitor;"c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe" -service --> c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/25/2010 3:45 PM 135664]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe --> c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [?]
S2 PortEmulator;Port Emulator (Star);c:\program files\StarMicronics\TSP100\Software\20070601\portemu.exe --> c:\program files\StarMicronics\TSP100\Software\20070601\portemu.exe [?]
S3 Diag69xp;Diag69xp;c:\windows\system32\Drivers\Diag69xp.sys --> c:\windows\system32\Drivers\Diag69xp.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/25/2010 3:45 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 QuickBooksDB19;QuickBooksDB19;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 20:45]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 20:45]
.
2011-09-25 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-05-23 22:29]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
DPF: {3A52566B-6018-485B-B713-8B9FF660D8E8} - hxxp://192.168.0.200/webdvr2.18.2.16_71.0.0.0.cab
DPF: {9282A3AA-4954-46B4-B4AE-F086CE3F1110} - hxxp://192.168.0.200/regtrustsite.cab
FF - ProfilePath - c:\documents and settings\POS\Application Data\Mozilla\Firefox\Profiles\kkj9aopi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.phonglekaraoke.com/store/comersus_index.asp
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-26 10:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(816)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-09-26 10:41:05
ComboFix-quarantined-files.txt 2011-09-26 15:41
ComboFix2.txt 2011-09-25 17:13
ComboFix3.txt 2011-09-24 16:47
.
Pre-Run: 136,949,661,696 bytes free
Post-Run: 136,982,773,760 bytes free
.
- - End Of File - - 17CFCA3A95592C7A2349735062FACF20

#12 Lotus81

Lotus81
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 26 September 2011 - 11:21 AM

This is the aswMBr.txt

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-26 11:04:43
-----------------------------
11:04:43.906 OS Version: Windows 5.1.2600 Service Pack 3
11:04:43.906 Number of processors: 2 586 0x170A
11:04:43.906 ComputerName: REG1 UserName: POS
11:04:44.234 Initialize success
11:04:44.859 AVAST engine defs: 11091301
11:04:48.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:04:48.609 Disk 0 Vendor: SAMSUNG_HD161GJ 1AC01117 Size: 152587MB BusType: 3
11:04:50.625 Disk 0 MBR read successfully
11:04:50.625 Disk 0 MBR scan
11:04:51.546 Disk 0 Windows XP default MBR code
11:04:51.562 Disk 0 scanning sectors +312480315
11:04:52.546 Disk 0 scanning C:\WINDOWS\system32\drivers
11:05:18.187 Service scanning
11:05:19.140 Modules scanning
11:05:29.312 Disk 0 trace - called modules:
11:05:29.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
11:05:29.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0caab8]
11:05:29.328 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000007d[0x8b045f18]
11:05:29.328 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b0f2940]
11:05:29.859 AVAST engine scan C:\WINDOWS
11:05:50.093 AVAST engine scan C:\WINDOWS\system32
11:09:52.250 AVAST engine scan C:\WINDOWS\system32\drivers
11:10:27.250 AVAST engine scan C:\Documents and Settings\POS
11:16:26.406 AVAST engine scan C:\Documents and Settings\All Users
11:19:26.859 Scan finished successfully
11:19:44.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\POS\Desktop\MBR.dat"
11:19:44.546 The log file has been saved successfully to "C:\Documents and Settings\POS\Desktop\aswMBR.txt"


Thank you for your help. The computer looks clean now.

#13 Lotus81

Lotus81
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 26 September 2011 - 06:11 PM

Oops, spoke too soon. The computer works okay but still lags a bit. Especially with closing a window browser. I had to click 2 or more times to close a window. Or clicking any button in general would require multiple clicks to work.

Thank you.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:08 AM

Posted 27 September 2011 - 07:10 AM

Download the latest version of Kaspersky Virus Removal Tool
  • Close all other applications and double-click and run the installer.
  • When AVPTool starts, select all the scanable items except for CD-ROM drives.
  • Then please choose Security level: Recommended and perform the following actions.
    Posted Image
  • Click the Start scan button.
  • If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button
  • In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
  • In the Scan window click the Reports button and select Save to file.
  • Name the report AVPT.txt, and save it to the Desktop.
  • Close AVPTool.
  • You will be prompted if you want to uninstall the program; click Yes.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.

Keep me posted.

#15 Lotus81

Lotus81
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 27 September 2011 - 12:24 PM

Status: Disinfected (events: 23)
9/27/2011 11:00:09 AM Disinfected Trojan program Exploit.Java.Agent.bu C:\Documents and Settings\POS\Application Data\Sun\Java\Deployment\cache\6.0\0\3a9c5000-7570c24a High
9/27/2011 11:00:09 AM Disinfected Trojan program Exploit.Java.Agent.bu C:\Documents and Settings\POS\Application Data\Sun\Java\Deployment\cache\6.0\0\3a9c5000-7570c24a/vmain.class High
9/27/2011 11:00:09 AM Disinfected Trojan program Exploit.Java.Agent.bu C:\Documents and Settings\POS\Application Data\Sun\Java\Deployment\cache\6.0\23\160ba957-5841c4f6 High
9/27/2011 11:00:09 AM Disinfected Trojan program Exploit.Java.Agent.bu C:\Documents and Settings\POS\Application Data\Sun\Java\Deployment\cache\6.0\23\160ba957-5841c4f6/________vload.class High
9/27/2011 11:00:09 AM Disinfected Trojan program Exploit.Java.Agent.bu C:\Documents and Settings\POS\Application Data\Sun\Java\Deployment\cache\6.0\31\743fee9f-58285dfc High
9/27/2011 11:00:09 AM Disinfected Trojan program Exploit.Java.Agent.bu C:\Documents and Settings\POS\Application Data\Sun\Java\Deployment\cache\6.0\31\743fee9f-58285dfc/________vload.class High
9/27/2011 11:00:09 AM Disinfected Trojan program Exploit.Java.Agent.bu C:\Documents and Settings\POS\Application Data\Sun\Java\Deployment\cache\6.0\23\160ba957-5841c4f6/vmain.class High
9/27/2011 11:00:09 AM Disinfected Trojan program Exploit.Java.Agent.bu C:\Documents and Settings\POS\Application Data\Sun\Java\Deployment\cache\6.0\34\187b0ca2-51bd0f19 High
9/27/2011 11:00:09 AM Disinfected Trojan program Exploit.Java.Agent.bu C:\Documents and Settings\POS\Application Data\Sun\Java\Deployment\cache\6.0\34\187b0ca2-51bd0f19/vmain.class High
9/27/2011 11:00:09 AM Disinfected Trojan program Exploit.Java.Agent.bu C:\Documents and Settings\POS\Application Data\Sun\Java\Deployment\cache\6.0\31\743fee9f-58285dfc/vmain.class High
9/27/2011 11:00:10 AM Disinfected Trojan program Exploit.Java.Agent.bu C:\Documents and Settings\POS\Application Data\Sun\Java\Deployment\cache\6.0\37\170f8765-72c581bf High
9/27/2011 11:00:10 AM Disinfected Trojan program Exploit.Java.Agent.bu C:\Documents and Settings\POS\Application Data\Sun\Java\Deployment\cache\6.0\37\170f8765-72c581bf/vmain.class High
9/27/2011 11:00:10 AM Disinfected Trojan program Exploit.Java.Agent.f C:\Documents and Settings\POS\Application Data\Sun\Java\Deployment\cache\6.0\37\5b6bd665-24ec2dbf High
9/27/2011 11:00:10 AM Disinfected Trojan program Exploit.Java.Agent.f C:\Documents and Settings\POS\Application Data\Sun\Java\Deployment\cache\6.0\37\5b6bd665-24ec2dbf/quote/GReader.class High
9/27/2011 11:00:10 AM Disinfected Trojan program Exploit.Java.Agent.bu C:\Documents and Settings\POS\Application Data\Sun\Java\Deployment\cache\6.0\43\752509ab-4989bc4a High
9/27/2011 11:00:10 AM Disinfected Trojan program Exploit.Java.Agent.bu C:\Documents and Settings\POS\Application Data\Sun\Java\Deployment\cache\6.0\43\752509ab-4989bc4a/vmain.class High
9/27/2011 11:00:10 AM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\POS\Application Data\Sun\Java\Deployment\cache\6.0\55\3dd9dcf7-7e6c23e4 High
9/27/2011 11:00:10 AM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.bu C:\Documents and Settings\POS\Application Data\Sun\Java\Deployment\cache\6.0\55\3dd9dcf7-7e6c23e4/bpac/a.class High
9/27/2011 11:00:10 AM Disinfected Trojan program Trojan.Java.Agent.am C:\Documents and Settings\POS\Application Data\Sun\Java\Deployment\cache\6.0\55\3dd9dcf7-7e6c23e4/bpac/b.class High
9/27/2011 11:00:10 AM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\POS\Application Data\Sun\Java\Deployment\cache\6.0\55\3dd9dcf7-7e6c23e4/bpac/KAVS.class High
9/27/2011 12:18:50 PM Disinfected Trojan program Trojan.Win32.Patched.mf C:\Program Files\AVG\AVG10\avgcsrvx.exe High
9/27/2011 11:16:23 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\LogMeIn\x86\LMIGuardianSvc.exe.vir High
9/27/2011 11:16:23 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SASCORE.EXE.vir High

Computer still running ok. But any clicking on buttons, require multiple clicks such as Start button, Ok buttons, X closing window etc.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users