Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System restore and Google redirects


  • This topic is locked This topic is locked
24 replies to this topic

#1 katmaan100

katmaan100

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lubbock, Texas
  • Local time:05:14 PM

Posted 30 October 2011 - 05:34 PM

Hello everyone,
I believe i have the same issue that most have here, but I will let y'all decide that.
This is a HP laptop with Vista.
It is asking for numerous restores and when getting on IE it redirects to various websites.
The only way to reset to allow system to run is to disconnect all power including battery, let it set and perform a reinstall of windows and it will run temporarily.
Here is the DDS file along with the Gmer Log:.



DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6000.16512
Run by CMAJWilliams at 14:53:21 on 2011-10-30
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.1151 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [isCfgWiz] "c:\program files\common files\symantec shared\opc\{c86ea115-facd-4aa8-bfa2-398c677d0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vongot~1.lnk - c:\windows\installer\{8c3ae2d1-854d-4650-a73d-c7cc7ee36b80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1D3F5DE0-D78A-49F6-B0A6-7D9E27969A07} : DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\hp\quickplay\000.fcl [2008-1-11 39408]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-24 149864]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2007-12-5 1245064]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20070823.002\IDSvix86.sys [2007-12-5 180272]
.
=============== Created Last 30 ================
.
2011-10-30 19:20:12 -------- d-----w- c:\users\cmajwilliams\appdata\roaming\Malwarebytes
2011-10-30 19:17:57 -------- d-----w- c:\programdata\Malwarebytes
2011-10-30 19:17:54 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-30 19:17:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-30 19:12:22 -------- d-----w- c:\users\cmajwilliams\appdata\roaming\SUPERAntiSpyware.com
2011-10-30 19:11:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-30 19:11:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-14 15:01:06 -------- d-----w- c:\users\cmajwilliams\appdata\local\Microsoft Games
2011-10-14 06:15:46 -------- d-----w- c:\users\cmajwilliams\appdata\local\Hewlett-Packard
2011-10-14 06:15:31 -------- d-----w- c:\users\cmajwilliams\appdata\roaming\Symantec
2011-10-14 06:15:30 -------- d-----w- c:\users\cmajwilliams\appdata\local\QuickPlay
2011-10-14 06:14:35 -------- d-----w- c:\users\cmajwilliams\appdata\local\VirtualStore
2011-10-14 06:12:31 -------- d-----w- c:\program files\Yahoo!
2011-10-14 06:11:05 -------- d-----w- c:\programdata\Electronic Arts
2011-10-14 06:10:17 -------- d-----w- c:\users\cmajwilliams\appdata\local\Downloaded Installations
2011-10-14 05:59:56 -------- d-sh--we C:\Documents and Settings
.
==================== Find3M ====================
.
.
============= FINISH: 14:53:47.33 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-30 17:21:26
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 SAMSUNG_HM250JI rev.HS100-10
Running: gmer.exe; Driver: C:\Users\CMAJWI~1\AppData\Local\Temp\kfkyqkow.sys


---- System - GMER 1.0.15 ----

SSDT 8681BD20 ZwAlpcConnectPort
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0xA9BE8640]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8B0BA360, 0x35B0A2, 0xE8000020]
C:\Program Files\HP\QuickPlay\000.fcl entry point in "" section [0x9DF20000]
.clc C:\Program Files\HP\QuickPlay\000.fcl unknown last section [0x9DF21000, 0x1000, 0x00000000]
? C:\Users\CMAJWI~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\MSSYCLM@Start 1055299352

---- EOF - GMER 1.0.15 ----



I await your expertise and help.

Thank you
Stan Williams

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 PM

Posted 02 November 2011 - 02:20 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 katmaan100

katmaan100
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lubbock, Texas
  • Local time:05:14 PM

Posted 02 November 2011 - 07:00 PM

Gringo,
The laptop would not get onto the internet and would only connect localy.
I had to load the Combofix onto a thumbdrive and then run. It ran succesfully.
After running Combofix, i am able to connect to internet.
Here is the log:


ComboFix 11-11-02.03 - CMAJWilliams 11/02/2011 18:08:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.1206 [GMT -5:00]
Running from: c:\users\CMAJWilliams\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\KBL.LOG
.
.
((((((((((((((((((((((((( Files Created from 2011-10-02 to 2011-11-02 )))))))))))))))))))))))))))))))
.
.
2011-10-31 10:30 . 2011-10-31 22:40 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACD9E9D2-CC64-4BD2-80C8-3EA8B783C908}\offreg.dll
2011-10-31 10:05 . 2011-10-31 10:05 156672 ----a-w- c:\windows\system32\t2embed.dll
2011-10-31 10:05 . 2011-10-31 10:05 289792 ----a-w- c:\windows\system32\atmfd.dll
2011-10-31 10:05 . 2011-10-31 10:05 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-10-31 10:05 . 2011-10-31 10:05 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-10-31 10:05 . 2011-10-31 10:05 24064 ----a-w- c:\windows\system32\lpk.dll
2011-10-31 10:05 . 2011-10-31 10:05 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-10-31 10:01 . 2011-10-31 10:01 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-10-31 10:01 . 2011-10-31 10:01 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2011-10-31 10:01 . 2011-10-31 10:01 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2011-10-31 10:01 . 2011-10-31 10:01 272896 ----a-w- c:\windows\system32\polstore.dll
2011-10-31 09:59 . 2011-10-31 09:59 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-10-31 09:59 . 2011-10-31 09:59 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-31 09:58 . 2011-10-31 09:58 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2011-10-31 09:58 . 2011-10-31 09:58 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2011-10-31 09:58 . 2011-10-31 09:58 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2011-10-31 09:57 . 2011-10-31 09:57 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-10-31 09:57 . 2011-10-31 09:57 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-10-31 09:57 . 2011-10-31 09:57 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-10-31 09:57 . 2011-10-31 09:57 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-10-31 09:57 . 2011-10-31 09:57 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-10-31 09:57 . 2011-10-31 09:57 15360 ----a-w- c:\windows\system32\netevent.dll
2011-10-31 09:57 . 2011-10-31 09:57 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-10-31 09:57 . 2011-10-31 09:57 103936 ----a-w- c:\windows\system32\netiohlp.dll
2011-10-31 09:57 . 2011-10-31 09:57 10240 ----a-w- c:\windows\system32\finger.exe
2011-10-31 09:55 . 2011-10-31 09:55 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2011-10-31 09:55 . 2011-10-31 09:55 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2011-10-31 09:55 . 2011-10-31 09:55 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2011-10-31 09:55 . 2011-10-31 09:55 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-10-31 09:55 . 2011-10-31 09:55 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys
2011-10-31 09:55 . 2011-10-31 09:55 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2011-10-31 09:55 . 2011-10-31 09:55 28344 ----a-w- c:\windows\system32\drivers\battc.sys
2011-10-31 09:55 . 2011-10-31 09:55 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2011-10-31 09:55 . 2011-10-31 09:55 542720 ----a-w- c:\windows\system32\sysmain.dll
2011-10-31 09:54 . 2011-10-31 09:54 194560 ----a-w- c:\windows\system32\WebClnt.dll
2011-10-31 09:54 . 2011-10-31 09:54 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2011-10-31 09:53 . 2011-10-31 09:53 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2011-10-31 09:53 . 2011-10-31 09:53 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2011-10-31 09:53 . 2011-10-31 09:53 502784 ----a-w- c:\windows\system32\wlansvc.dll
2011-10-31 09:53 . 2011-10-31 09:53 47104 ----a-w- c:\windows\system32\wlanapi.dll
2011-10-31 09:53 . 2011-10-31 09:53 299520 ----a-w- c:\windows\system32\wlansec.dll
2011-10-31 09:53 . 2011-10-31 09:53 289280 ----a-w- c:\windows\system32\wlanmsm.dll
2011-10-31 09:51 . 2011-10-31 09:51 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-10-31 09:51 . 2011-10-31 09:51 1260032 ----a-w- c:\windows\system32\msxml3.dll
2011-10-31 09:51 . 2011-10-31 09:51 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-10-31 09:51 . 2011-10-31 09:51 1406464 ----a-w- c:\windows\system32\msxml6.dll
2011-10-31 09:50 . 2011-10-31 09:50 216576 ----a-w- c:\windows\system32\msv1_0.dll
2011-10-31 09:49 . 2011-10-31 09:49 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-10-31 09:49 . 2011-10-31 09:49 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-10-31 09:49 . 2011-10-31 09:49 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-10-31 09:48 . 2011-10-31 09:48 2855424 ----a-w- c:\windows\system32\mf.dll
2011-10-31 09:48 . 2011-10-31 09:48 98816 ----a-w- c:\windows\system32\mfps.dll
2011-10-31 09:48 . 2011-10-31 09:48 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2011-10-31 09:48 . 2011-10-31 09:48 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-10-31 09:48 . 2011-10-31 09:48 2048 ----a-w- c:\windows\system32\mferror.dll
2011-10-31 09:46 . 2011-10-31 09:46 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-31 09:46 . 2011-10-31 09:46 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-31 09:45 . 2011-10-31 09:45 376832 ----a-w- c:\windows\system32\winhttp.dll
2011-10-31 09:44 . 2011-10-31 09:44 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-10-31 09:43 . 2011-10-31 09:43 71680 ----a-w- c:\windows\system32\atl.dll
2011-10-31 09:42 . 2011-10-31 09:42 297472 ----a-w- c:\windows\system32\gdi32.dll
2011-10-31 09:41 . 2011-10-31 09:41 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2011-10-31 09:41 . 2011-10-31 09:41 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-10-31 09:38 . 2011-10-31 09:38 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2011-10-31 09:38 . 2011-10-31 09:38 30208 ----a-w- c:\windows\system32\xolehlp.dll
2011-10-31 09:37 . 2011-10-31 09:37 156160 ----a-w- c:\windows\system32\wkssvc.dll
2011-10-31 09:36 . 2011-10-31 09:36 36352 ----a-w- c:\windows\system32\tsgqec.dll
2011-10-31 09:36 . 2011-10-31 09:36 1871872 ----a-w- c:\windows\system32\mstscax.dll
2011-10-31 09:36 . 2011-10-31 09:36 116736 ----a-w- c:\windows\system32\aaclient.dll
2011-10-31 09:35 . 2011-10-31 09:35 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2011-10-31 09:33 . 2011-10-31 09:33 713728 ----a-w- c:\windows\system32\timedate.cpl
2011-10-31 09:32 . 2011-10-31 09:32 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2011-10-31 09:30 . 2011-10-31 09:30 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2011-10-31 09:29 . 2011-10-31 09:29 23040 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll
2011-10-31 09:29 . 2011-10-31 09:29 195072 ----a-w- c:\program files\Movie Maker\WMM2AE.dll
2011-10-31 09:29 . 2011-10-31 09:29 10922496 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2011-10-31 09:27 . 2011-10-31 09:27 1244672 ----a-w- c:\windows\system32\mcmde.dll
2011-10-31 09:27 . 2011-10-31 09:27 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-10-31 09:27 . 2011-10-31 09:27 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-31 09:27 . 2011-10-31 09:27 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-31 09:27 . 2011-10-31 09:27 428032 ----a-w- c:\windows\system32\EncDec.dll
2011-10-31 09:27 . 2011-10-31 09:27 292352 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-31 09:27 . 2011-10-31 09:27 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-31 09:27 . 2011-10-31 09:27 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2011-10-31 09:24 . 2011-10-31 09:24 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-31 09:22 . 2011-10-31 09:22 696832 ----a-w- c:\windows\system32\localspl.dll
2011-10-31 09:20 . 2011-10-31 09:20 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2011-10-31 09:20 . 2011-10-31 09:20 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2011-10-31 09:20 . 2011-10-31 09:20 15928 ----a-w- c:\windows\system32\drivers\pciide.sys
2011-10-31 09:20 . 2011-10-31 09:20 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2011-10-31 09:20 . 2011-10-31 09:20 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-10-31 09:20 . 2011-10-31 09:20 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2011-10-31 09:19 . 2011-10-31 09:19 2923520 ----a-w- c:\windows\explorer.exe
2011-10-31 09:18 . 2011-10-31 09:18 8704 ----a-w- c:\windows\system32\hcrstco.dll
2011-10-31 09:18 . 2011-10-31 09:18 8704 ----a-w- c:\windows\system32\hccoin.dll
2011-10-31 09:18 . 2011-10-31 09:18 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-10-31 09:18 . 2011-10-31 09:18 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-10-31 09:18 . 2011-10-31 09:18 224768 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-10-31 09:18 . 2011-10-31 09:18 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-10-31 09:18 . 2011-10-31 09:18 193536 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-10-31 09:18 . 2011-10-31 09:18 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-10-31 09:18 . 2011-10-31 09:18 171520 ----a-w- c:\windows\system32\wintrust.dll
2011-10-31 09:17 . 2011-10-31 09:17 7680 ----a-w- c:\windows\system32\lsass.exe
2011-10-31 09:17 . 2011-10-31 09:17 72704 ----a-w- c:\windows\system32\secur32.dll
2011-10-31 09:17 . 2011-10-31 09:17 494592 ----a-w- c:\windows\system32\kerberos.dll
2011-10-31 09:17 . 2011-10-31 09:17 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-10-31 09:17 . 2011-10-31 09:17 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-10-31 09:17 . 2011-10-31 09:17 272384 ----a-w- c:\windows\system32\schannel.dll
2011-10-31 09:17 . 2011-10-31 09:17 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2011-10-31 09:16 . 2011-10-31 09:16 24064 ----a-w- c:\windows\system32\netcfg.exe
2011-10-31 09:10 . 2011-10-31 09:10 1585664 ----a-w- c:\windows\system32\setupapi.dll
2011-10-31 09:07 . 2011-10-31 09:07 549888 ----a-w- c:\windows\system32\rpcss.dll
2011-10-31 09:07 . 2011-10-31 09:07 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-10-31 09:07 . 2011-10-31 09:07 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-10-31 09:07 . 2011-10-31 09:07 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2011-10-31 09:07 . 2011-10-31 09:07 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-10-31 09:07 . 2011-10-31 09:07 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2011-10-31 09:07 . 2011-10-31 09:07 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2011-10-31 09:07 . 2011-10-31 09:07 97280 ----a-w- c:\windows\system32\iasrecst.dll
2011-10-31 09:07 . 2011-10-31 09:07 53248 ----a-w- c:\windows\system32\iasads.dll
2011-10-31 09:07 . 2011-10-31 09:07 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2011-10-31 09:07 . 2011-10-31 09:07 158720 ----a-w- c:\windows\system32\sdohlp.dll
2011-10-31 09:06 . 2011-10-31 09:06 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-10-31 09:06 . 2011-10-31 09:06 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-10-31 09:04 . 2011-10-31 09:04 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-31 10:03 . 2011-10-31 10:03 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2011-10-31 09:09 . 2011-10-31 09:09 5632 ----a-w- c:\windows\system32\drivers\en-US\sermouse.sys.mui
2011-10-31 09:09 . 2011-10-31 09:09 4608 ----a-w- c:\windows\system32\drivers\en-US\mouclass.sys.mui
2011-10-31 09:09 . 2011-10-31 09:09 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2011-10-31 09:09 . 2011-10-31 09:09 3072 ----a-w- c:\windows\system32\drivers\en-US\mouhid.sys.mui
2011-10-31 09:09 . 2011-10-31 09:09 3072 ----a-w- c:\windows\system32\drivers\en-US\kbdhid.sys.mui
2011-10-31 09:09 . 2011-10-31 09:09 10752 ----a-w- c:\windows\system32\drivers\en-US\i8042prt.sys.mui
2011-10-31 09:02 . 2011-10-31 09:02 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2011-10-31 08:12 . 2011-10-31 08:12 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2011-10-31 08:12 . 2011-10-31 08:12 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-10-31 08:12 . 2011-10-31 08:12 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-10-31 08:12 . 2011-10-31 08:12 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-10-31 08:12 . 2011-10-31 08:12 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-10-31 . B35CFCEF838382AB6490B321C87EDF17 . 21560 . . [6.0.6000.16632] . . c:\windows\System32\drivers\atapi.sys
.
[7] 2006-11-02 . E86CF7CE67D5DE898F27EF884DC357D8 . 17408 . . [6.0.6000.16386] . . c:\windows\System32\drivers\asyncmac.sys
[7] 2006-11-02 . E86CF7CE67D5DE898F27EF884DC357D8 . 17408 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.0.6000.16386_none_22210ce737ee2d9b\asyncmac.sys
.
[7] 2006-11-02 . AC3DD1708B22761EBD7CBE14DCC3B5D7 . 6144 . . [6.0.6000.16386] . . c:\windows\System32\drivers\beep.sys
[7] 2006-11-02 . AC3DD1708B22761EBD7CBE14DCC3B5D7 . 6144 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys
.
[7] 2011-10-31 . B076B2AB806B3F696DAB21375389101C . 35384 . . [6.0.6000.16386] . . c:\windows\System32\drivers\kbdclass.sys
.
[7] 2006-11-02 . 227C11E1E7CF6EF8AFB2A238D209760C . 500840 . . [6.0.6000.16386] . . c:\windows\System32\drivers\ndis.sys
.
[7] 2011-10-31 . 37430AA7A66D7A63407ADC2C0D05E9F6 . 1060920 . . [6.0.6000.16386] . . c:\windows\System32\drivers\ntfs.sys
.
[7] 2006-11-02 . EC5EFB3C60F1B624648344A328BCE596 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\drivers\null.sys
[7] 2006-11-02 . EC5EFB3C60F1B624648344A328BCE596 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6000.16386_none_a72f2b811e11f9f3\null.sys
.
[7] 2011-10-31 . 300208927321066EA53761FDC98747C6 . 813568 . . [6.0.6000.16908] . . c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[7] 2011-10-31 . 2512B4D1353370D6688B1AF1F5AFA1CF . 816640 . . [6.0.6000.21108] . . c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[7] 2011-10-31 . 65877AA1B6A7CB797488E831698973E9 . 904776 . . [6.0.6002.18091] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
.
[7] 2006-11-02 . BEB6470532B7461D7BB426E3FACB424F . 81408 . . [6.0.6000.16386] . . c:\windows\System32\browser.dll
[7] 2006-11-02 . BEB6470532B7461D7BB426E3FACB424F . 81408 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.0.6000.16386_none_76b264bda1136499\browser.dll
.
[7] 2011-10-31 . D09A5DA84B7C9CA9B02EBCD7FAE41C8D . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[7] 2011-10-31 . 2D3AC5E7AC01E905F3ABD2D745FE3A9B . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[7] 2011-10-31 . CB7E838C140B4087B2DA323F2D4523C5 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[7] 2011-10-31 . C731B1FE449D4E9CEA358C9D55B69BE9 . 7680 . . [6.0.6000.16386] . . c:\windows\System32\lsass.exe
[7] 2011-10-31 . C731B1FE449D4E9CEA358C9D55B69BE9 . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[7] 2011-10-31 . BA9A67672E025078C77967731BCFC560 . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[7] 2011-10-31 . 3978F3540329E16C0AC3BCF677E5669F . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[7] 2011-10-31 . 203D86EBD6D8E4C8501B222421E81506 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[7] 2011-10-31 . A911ECAC81F94ADEAFBE8E3F7873EDB0 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[7] 2011-10-31 . 6F1F23D3599EAE17734451936B7F17C6 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[7] 2011-10-31 . 59DE082968FDD257FFF0D209B9A5B460 . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[7] 2011-10-31 . AFF8A58280863629CA4FFA9E0B259F1E . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[7] 2011-10-31 . DCF733788C7D088D814E5F80EB4B3E0F . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[7] 2011-10-31 . F4C62B07E5BF96F1FDCA9DB393ECED22 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe
[7] 2009-09-10 . D09A5DA84B7C9CA9B02EBCD7FAE41C8D . 7680 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[7] 2009-09-10 . 2D3AC5E7AC01E905F3ABD2D745FE3A9B . 9728 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[7] 2009-09-09 . CB7E838C140B4087B2DA323F2D4523C5 . 9728 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[7] 2009-06-15 . C731B1FE449D4E9CEA358C9D55B69BE9 . 7680 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[7] 2009-06-15 . C731B1FE449D4E9CEA358C9D55B69BE9 . 7680 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[7] 2009-06-15 . 6F1F23D3599EAE17734451936B7F17C6 . 9728 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[7] 2009-06-15 . BA9A67672E025078C77967731BCFC560 . 7680 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[7] 2009-06-15 . A911ECAC81F94ADEAFBE8E3F7873EDB0 . 9728 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[7] 2009-06-15 . A911ECAC81F94ADEAFBE8E3F7873EDB0 . 9728 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[7] 2009-06-15 . 203D86EBD6D8E4C8501B222421E81506 . 9728 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[7] 2009-06-15 . 3978F3540329E16C0AC3BCF677E5669F . 9728 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[7] 2009-06-15 . 3978F3540329E16C0AC3BCF677E5669F . 9728 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[7] 2009-02-13 . F4C62B07E5BF96F1FDCA9DB393ECED22 . 9728 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\a0f675af602fab14d8ec1c1e7e313f1d\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe
[7] 2009-02-13 . 59DE082968FDD257FFF0D209B9A5B460 . 7680 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\a0f675af602fab14d8ec1c1e7e313f1d\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[7] 2009-02-13 . AFF8A58280863629CA4FFA9E0B259F1E . 7680 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\a0f675af602fab14d8ec1c1e7e313f1d\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[7] 2008-01-19 . DCF733788C7D088D814E5F80EB4B3E0F . 9728 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\a0f675af602fab14d8ec1c1e7e313f1d\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[7] 2006-11-02 . 6A0E382E74280E4CC0DF17FE2661D003 . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
.
[7] 2006-11-02 . 90A4DAE28B94497F83BEA0F2A3B77092 . 273920 . . [6.0.6000.16386] . . c:\windows\System32\netman.dll
[7] 2006-11-02 . 90A4DAE28B94497F83BEA0F2A3B77092 . 273920 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.0.6000.16386_none_0d86599a54e4c25f\netman.dll
.
[7] 2006-11-02 . 4843A1784BA6434DFF80F841DDC592C6 . 1236992 . . [2001.12.6930.16386] . . c:\windows\System32\comres.dll
[7] 2006-11-02 . 4843A1784BA6434DFF80F841DDC592C6 . 1236992 . . [2001.12.6930.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6000.16386_none_2a7a18dbe946c84f\comres.dll
.
[7] 2007-12-06 . F1148566FA5173A4FD48AF8E8BC09401 . 750080 . . [7.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.20647_none_220fe38215833e63\qmgr.dll
[7] 2007-12-06 . DA551697E34D2B9943C8B1C8EAFFE89A . 750080 . . [7.0.6000.16386] . . c:\windows\System32\qmgr.dll
[7] 2007-12-06 . DA551697E34D2B9943C8B1C8EAFFE89A . 750080 . . [7.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16531_none_218b14e6fc62ea9e\qmgr.dll
[7] 2006-11-02 . 733FB484A06B9D6A44DD9CA1D3BE937B . 749568 . . [7.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16386_none_215a02f0fc86fab8\qmgr.dll
.
[7] 2011-10-31 . 7B981222A257D076885BFFB66F19B7CE . 549888 . . [6.0.6000.16386] . . c:\windows\System32\rpcss.dll
[7] 2011-10-31 . 7B981222A257D076885BFFB66F19B7CE . 549888 . . [6.0.6000.16830] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[7] 2011-10-31 . B1BB45E24717A7F790B4411C4446EF5E . 550400 . . [6.0.6000.21023] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
[7] 2011-10-31 . 301AE00E12408650BADDC04DBC832830 . 551424 . . [6.0.6001.18226] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[7] 2011-10-31 . 4DFCBDEF3CCAA98F99038DED78945253 . 551424 . . [6.0.6001.22389] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[7] 2009-03-03 . 301AE00E12408650BADDC04DBC832830 . 551424 . . [6.0.6001.18226] . . c:\windows\SoftwareDistribution\Download\f13192b645fde958d0047e219b26d32a\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[7] 2009-03-03 . 4DFCBDEF3CCAA98F99038DED78945253 . 551424 . . [6.0.6001.22389] . . c:\windows\SoftwareDistribution\Download\f13192b645fde958d0047e219b26d32a\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[7] 2009-03-03 . 7B981222A257D076885BFFB66F19B7CE . 549888 . . [6.0.6000.16830] . . c:\windows\SoftwareDistribution\Download\f13192b645fde958d0047e219b26d32a\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[7] 2009-03-03 . B1BB45E24717A7F790B4411C4446EF5E . 550400 . . [6.0.6000.21023] . . c:\windows\SoftwareDistribution\Download\f13192b645fde958d0047e219b26d32a\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
[7] 2006-11-02 . B46D8EA6DD30BAA49F674DACDC4C491F . 545792 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16386_none_67941a0040f4ed68\rpcss.dll
.
[7] 2006-11-02 . 329CF3C97CE4C19375C8ABCABAE258B0 . 279552 . . [6.0.6000.16386] . . c:\windows\System32\services.exe
[7] 2006-11-02 . 329CF3C97CE4C19375C8ABCABAE258B0 . 279552 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
.
[7] 2006-11-02 . DA612EF2556776DF2630B68BF2D48935 . 124928 . . [6.0.6000.16386] . . c:\windows\System32\spoolsv.exe
[7] 2006-11-02 . DA612EF2556776DF2630B68BF2D48935 . 124928 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6000.16386_none_d414e125c49db442\spoolsv.exe
.
[7] 2006-11-02 . 9F75392B9128A91ABAFB044EA350BAAD . 308224 . . [6.0.6000.16386] . . c:\windows\System32\winlogon.exe
[7] 2006-11-02 . 9F75392B9128A91ABAFB044EA350BAAD . 308224 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
.
[7] 2011-10-31 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\System32\wuauclt.exe
[7] 2011-10-31 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wuauclt.exe
[7] 2006-11-02 . FF81090B6EF1A42A19DF226632711D25 . 41472 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_6.0.6000.16386_none_acab9aecacae685d\wuauclt.exe
.
[7] 2006-11-02 . BB61FB941A382A197AC2989337BF6364 . 537088 . . [5.82] . . c:\windows\System32\comctl32.dll
[7] 2006-11-02 . BB61FB941A382A197AC2989337BF6364 . 537088 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6000.16386_none_37655d04db0c72a6\comctl32.dll
[7] 2006-11-02 . B28A9B2300A250B703D44C1759AF2605 . 1648128 . . [6.10] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
[7] 2006-11-02 . 4A05089F43041903A3C523A3C16E3350 . 537088 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\comctl32.dll
.
[7] 2006-11-02 . 1C26FB097170A2A91066D1E3A24366E3 . 123392 . . [6.0.6000.16386] . . c:\windows\System32\cryptsvc.dll
[7] 2006-11-02 . 1C26FB097170A2A91066D1E3A24366E3 . 123392 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\cryptsvc.dll
.
[7] 2006-11-02 . DFB250BAC1A9108ABD777EA181E32015 . 259584 . . [2001.12.6930.16386] . . c:\windows\System32\es.dll
[7] 2006-11-02 . DFB250BAC1A9108ABD777EA181E32015 . 259584 . . [2001.12.6930.16386] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.16386_none_0ab6dd2154d28f55\es.dll
.
[7] 2006-11-02 . EE12864398F1C3BF5BEE91F6AF9842E1 . 115200 . . [6.0.6000.16386] . . c:\windows\System32\imm32.dll
[7] 2006-11-02 . EE12864398F1C3BF5BEE91F6AF9842E1 . 115200 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6000.16386_none_5a1f5c1a7d7fec2e\imm32.dll
.
[7] 2011-10-31 . B82C7AC1D559F0FD088792171D64C7F3 . 875520 . . [6.0.6000.16386] . . c:\windows\System32\kernel32.dll
[7] 2011-10-31 . B82C7AC1D559F0FD088792171D64C7F3 . 875520 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[7] 2011-10-31 . BB792054BD990EC05D9E260D50FEAD39 . 875520 . . [6.0.6000.21010] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[7] 2011-10-31 . DB6E3731E6F5C8AE2843F80B5787F7C6 . 888832 . . [6.0.6001.18215] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
[7] 2011-10-31 . 1987D817D08F5EAF0B7F334026FDDB79 . 890880 . . [6.0.6001.22376] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
[7] 2009-02-13 . DB6E3731E6F5C8AE2843F80B5787F7C6 . 888832 . . [6.0.6001.18215] . . c:\windows\SoftwareDistribution\Download\a0f675af602fab14d8ec1c1e7e313f1d\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
[7] 2009-02-13 . 1987D817D08F5EAF0B7F334026FDDB79 . 890880 . . [6.0.6001.22376] . . c:\windows\SoftwareDistribution\Download\a0f675af602fab14d8ec1c1e7e313f1d\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
[7] 2009-02-13 . B82C7AC1D559F0FD088792171D64C7F3 . 875520 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\a0f675af602fab14d8ec1c1e7e313f1d\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[7] 2009-02-13 . BB792054BD990EC05D9E260D50FEAD39 . 875520 . . [6.0.6000.21010] . . c:\windows\SoftwareDistribution\Download\a0f675af602fab14d8ec1c1e7e313f1d\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[7] 2006-11-02 . 1E36AE445E4DA83B82D51FEB2D4F8772 . 874496 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16386_none_91872345596077da\kernel32.dll
.
[7] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\System32\linkinfo.dll
[7] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-linkinfo_31bf3856ad364e35_6.0.6000.16386_none_362e7020a86900de\linkinfo.dll
.
[7] 2011-10-31 . 7BE32E67440BB5B2205C5402A2FBDE25 . 24064 . . [6.0.6000.16939] . . c:\windows\System32\lpk.dll
[7] 2011-10-31 . 7BE32E67440BB5B2205C5402A2FBDE25 . 24064 . . [6.0.6000.16939] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2\lpk.dll
[7] 2011-10-31 . 1C8BB8BB211F8ADB8E51FC2FF5C411D6 . 24064 . . [6.0.6000.21142] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21142_none_a84d1555769c394e\lpk.dll
[7] 2011-10-31 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18124_none_aba7f34857b9444a\lpk.dll
[7] 2011-10-31 . 7ABEC59B0338BAA1261190B89B2B90E6 . 23552 . . [6.0.6002.22247] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22247_none_ac1ef11970e467fb\lpk.dll
[7] 2011-10-31 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18344_none_a9abdfa25aa329e1\lpk.dll
[7] 2011-10-31 . 6223ACDEE46548B706EE8E8C51A985B0 . 23552 . . [6.0.6001.22544] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22544_none_aa357e5373c0c6d2\lpk.dll
[7] 2009-10-19 . 7BE32E67440BB5B2205C5402A2FBDE25 . 24064 . . [6.0.6000.16939] . . c:\windows\SoftwareDistribution\Download\19dcb4d7ce20e97b7a9f6c3ca4d2bfdf\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2\lpk.dll
[7] 2009-10-19 . 1C8BB8BB211F8ADB8E51FC2FF5C411D6 . 24064 . . [6.0.6000.21142] . . c:\windows\SoftwareDistribution\Download\19dcb4d7ce20e97b7a9f6c3ca4d2bfdf\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21142_none_a84d1555769c394e\lpk.dll
[7] 2009-10-19 . 6223ACDEE46548B706EE8E8C51A985B0 . 23552 . . [6.0.6001.22544] . . c:\windows\SoftwareDistribution\Download\19dcb4d7ce20e97b7a9f6c3ca4d2bfdf\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22544_none_aa357e5373c0c6d2\lpk.dll
[7] 2009-10-19 . 7ABEC59B0338BAA1261190B89B2B90E6 . 23552 . . [6.0.6002.22247] . . c:\windows\SoftwareDistribution\Download\19dcb4d7ce20e97b7a9f6c3ca4d2bfdf\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22247_none_ac1ef11970e467fb\lpk.dll
[7] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\SoftwareDistribution\Download\19dcb4d7ce20e97b7a9f6c3ca4d2bfdf\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18124_none_aba7f34857b9444a\lpk.dll
[7] 2008-01-19 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\SoftwareDistribution\Download\19dcb4d7ce20e97b7a9f6c3ca4d2bfdf\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18344_none_a9abdfa25aa329e1\lpk.dll
[7] 2006-11-02 . 6D832E5314A2445D3F644C71FAF32BDC . 24064 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16386_none_a79c567c5d9b4c78\lpk.dll
.
[7] 2011-10-31 . 8A49DC126EEB62C030782A9CBDA3A99E . 3599360 . . [7.00.6000.16386] . . c:\windows\System32\mshtml.dll
[7] 2011-10-31 . 8A49DC126EEB62C030782A9CBDA3A99E . 3599360 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16982_none_11085adc2541f3d6\mshtml.dll
[7] 2011-10-31 . 0EE8B3A112C58EB71951DA5C77E7C01A . 3602944 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21184_none_1193d05d3e5df990\mshtml.dll
[7] 2011-10-31 . 360A4FA3715C63086AE00C108E592E08 . 3600896 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18167_none_14efae9a1f7a1de3\mshtml.dll
[7] 2011-10-31 . F1F3D1793483B394835DAB3D4C326CDB . 3603456 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22290_none_1551d99b38b6601f\mshtml.dll
[7] 2011-10-31 . 804BEB97942AFDD90A0418DDB4EF8342 . 3585024 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18385_none_12f19a602265d0cc\mshtml.dll
[7] 2011-10-31 . 6EF8BF95A1CE83ECA056524A02B29E25 . 3587584 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22585_none_137b39113b836dbd\mshtml.dll
[7] 2009-12-18 . 804BEB97942AFDD90A0418DDB4EF8342 . 3585024 . . [7.00.6000.16386] . . c:\windows\SoftwareDistribution\Download\fe59f940c1f33c624a58e6cb58d47b4d\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18385_none_12f19a602265d0cc\mshtml.dll
[7] 2009-12-18 . 8A49DC126EEB62C030782A9CBDA3A99E . 3599360 . . [7.00.6000.16386] . . c:\windows\SoftwareDistribution\Download\fe59f940c1f33c624a58e6cb58d47b4d\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16982_none_11085adc2541f3d6\mshtml.dll
[7] 2009-12-18 . 0EE8B3A112C58EB71951DA5C77E7C01A . 3602944 . . [7.00.6000.16386] . . c:\windows\SoftwareDistribution\Download\fe59f940c1f33c624a58e6cb58d47b4d\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21184_none_1193d05d3e5df990\mshtml.dll
[7] 2009-12-18 . 6EF8BF95A1CE83ECA056524A02B29E25 . 3587584 . . [7.00.6000.16386] . . c:\windows\SoftwareDistribution\Download\fe59f940c1f33c624a58e6cb58d47b4d\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22585_none_137b39113b836dbd\mshtml.dll
[7] 2009-12-17 . F1F3D1793483B394835DAB3D4C326CDB . 3603456 . . [7.00.6000.16386] . . c:\windows\SoftwareDistribution\Download\fe59f940c1f33c624a58e6cb58d47b4d\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22290_none_1551d99b38b6601f\mshtml.dll
[7] 2009-12-16 . 360A4FA3715C63086AE00C108E592E08 . 3600896 . . [7.00.6000.16386] . . c:\windows\SoftwareDistribution\Download\fe59f940c1f33c624a58e6cb58d47b4d\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18167_none_14efae9a1f7a1de3\mshtml.dll
[7] 2007-12-06 . 4E46B65BE046A26929BA7B6B5AA41E30 . 3584000 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20643_none_11be30093e3e4897\mshtml.dll
[7] 2007-12-06 . A1DC082CA89742222971FBE0DC5421AE . 3583488 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16527_none_114e343e250cd647\mshtml.dll
[7] 2007-12-06 . 24C5786C3A9ED534409D5DA0B56504D6 . 3584000 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20591_none_11861df33e68a477\mshtml.dll
[7] 2007-12-06 . 1F8EBB4387471DF7E7160F981BDEAFB7 . 3583488 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16481_none_110751142542e8bc\mshtml.dll
[7] 2007-12-06 . 88BAE1EF672DCB0E3191EB106A677D4A . 3582976 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20547_none_11c22f4b3e3ab0cc\mshtml.dll
[7] 2007-12-06 . 7B57E7A3307D38C3441076E6B6CAD866 . 3581952 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16448_none_113992ca251c2a59\mshtml.dll
[7] 2007-12-06 . 070B5BE00CCC851F7C8B39CD1609B009 . 3580416 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16397_none_110280fe25459f90\mshtml.dll
[7] 2007-12-06 . 7D22E0D46A572614D6BE2DE7B4529076 . 3580416 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20491_none_11861c0d3e68a750\mshtml.dll
[7] 2006-11-02 . 2D972F487EACEBBB2B3A02F290C3511A . 3580416 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16386_none_110c50a0253e6a48\mshtml.dll
.
[7] 2006-11-02 . 75287677BB8BC9A16C32CE8A72F485A0 . 681472 . . [7.0.6000.16386] . . c:\windows\System32\msvcrt.dll
[7] 2006-11-02 . 75287677BB8BC9A16C32CE8A72F485A0 . 681472 . . [7.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6000.16386_none_cf1e7424a1fb0cd9\msvcrt.dll
[-] 2004-08-05 . 351B1AD22FD0EC70D889766E0B4F72ED . 343040 . . [7.0.2600.2180] . . c:\windows\SMINST\msvcrt.dll
.
[7] 2006-11-02 . 54E9576169A248AD62A1EB9773225826 . 227328 . . [6.0.6000.16386] . . c:\windows\System32\mswsock.dll
[7] 2006-11-02 . 54E9576169A248AD62A1EB9773225826 . 227328 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6000.16386_none_b61c950a3060adba\mswsock.dll
.
[7] 2006-11-02 . 889A2C9F2AACCD8F64EF50AC0B3D553B . 559616 . . [6.0.6000.16386] . . c:\windows\System32\netlogon.dll
[7] 2006-11-02 . 889A2C9F2AACCD8F64EF50AC0B3D553B . 559616 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
.
[7] 2006-11-02 . 3CDEC51291F735C5C276B957239017A3 . 96768 . . [6.0.6000.16386] . . c:\windows\System32\powrprof.dll
[7] 2006-11-02 . 3CDEC51291F735C5C276B957239017A3 . 96768 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6000.16386_none_a0e2dc64ffed4e9d\powrprof.dll
.
[7] 2006-11-02 . 80E2839D05CA5970A86D7BE2A08BFF61 . 176640 . . [6.0.6000.16386] . . c:\windows\System32\scecli.dll
[7] 2006-11-02 . 80E2839D05CA5970A86D7BE2A08BFF61 . 176640 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
.
[7] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\sfc.dll
[7] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6000.16386_none_a4ff01505f4694a4\sfc.dll
.
[7] 2006-11-02 . 10DA15933D582D2FEDCF705EFE394B09 . 22016 . . [6.0.6000.16386] . . c:\windows\System32\svchost.exe
[7] 2006-11-02 . 10DA15933D582D2FEDCF705EFE394B09 . 22016 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
.
[7] 2006-11-02 . EF3DD33C740FC2F82E7E4622F1C49289 . 242688 . . [6.0.6000.16386] . . c:\windows\System32\tapisrv.dll
[7] 2006-11-02 . EF3DD33C740FC2F82E7E4622F1C49289 . 242688 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.0.6000.16386_none_e10616dfe80787ab\tapisrv.dll
.
[7] 2007-12-06 . 9D9F061EDA75425FC67F0365E3467C86 . 633856 . . [6.0.6000.20537] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[7] 2007-12-06 . 63B4F59D7C89B1BF5277F1FFEFD491CD . 633856 . . [6.0.6000.16386] . . c:\windows\System32\user32.dll
[7] 2007-12-06 . 63B4F59D7C89B1BF5277F1FFEFD491CD . 633856 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[7] 2006-11-02 . E698A5437B89A285ACA3FF022356810A . 633856 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
.
[7] 2006-11-02 . 22027835939F86C3E47AD8E3FBDE3D11 . 24576 . . [6.0.6000.16386] . . c:\windows\System32\userinit.exe
[7] 2006-11-02 . 22027835939F86C3E47AD8E3FBDE3D11 . 24576 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
.
[7] 2011-10-31 . C7A318E74FEF945EBFF855C1513CD96C . 832512 . . [7.00.6000.16386] . . c:\windows\System32\wininet.dll
[7] 2011-10-31 . C7A318E74FEF945EBFF855C1513CD96C . 832512 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16982_none_ffae3bbda4eb8aa0\wininet.dll
[7] 2011-10-31 . 6F837BD5085F73A8FF0425AA6705A8D1 . 841216 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21184_none_0039b13ebe07905a\wininet.dll
[7] 2011-10-31 . 565B8A25FB59E8E1F5ED59C95F72B7D7 . 834048 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18167_none_03958f7b9f23b4ad\wininet.dll
[7] 2011-10-31 . C86BBCF0DA44F2B36C9AA59032916EF0 . 834048 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22290_none_03f7ba7cb85ff6e9\wininet.dll
[7] 2011-10-31 . 27DFDEA0533477C8923FC874F6439CF0 . 833024 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18385_none_01977b41a20f6796\wininet.dll
[7] 2011-10-31 . 4D36519B1212659127A4CFCC19E33049 . 834048 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22585_none_022119f2bb2d0487\wininet.dll
[7] 2009-12-18 . 27DFDEA0533477C8923FC874F6439CF0 . 833024 . . [7.00.6000.16386] . . c:\windows\SoftwareDistribution\Download\fe59f940c1f33c624a58e6cb58d47b4d\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18385_none_01977b41a20f6796\wininet.dll
[7] 2009-12-18 . C7A318E74FEF945EBFF855C1513CD96C . 832512 . . [7.00.6000.16386] . . c:\windows\SoftwareDistribution\Download\fe59f940c1f33c624a58e6cb58d47b4d\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16982_none_ffae3bbda4eb8aa0\wininet.dll
[7] 2009-12-18 . 6F837BD5085F73A8FF0425AA6705A8D1 . 841216 . . [7.00.6000.16386] . . c:\windows\SoftwareDistribution\Download\fe59f940c1f33c624a58e6cb58d47b4d\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21184_none_0039b13ebe07905a\wininet.dll
[7] 2009-12-18 . 4D36519B1212659127A4CFCC19E33049 . 834048 . . [7.00.6000.16386] . . c:\windows\SoftwareDistribution\Download\fe59f940c1f33c624a58e6cb58d47b4d\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22585_none_022119f2bb2d0487\wininet.dll
[7] 2009-12-17 . C86BBCF0DA44F2B36C9AA59032916EF0 . 834048 . . [7.00.6000.16386] . . c:\windows\SoftwareDistribution\Download\fe59f940c1f33c624a58e6cb58d47b4d\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22290_none_03f7ba7cb85ff6e9\wininet.dll
[7] 2009-12-16 . 565B8A25FB59E8E1F5ED59C95F72B7D7 . 834048 . . [7.00.6000.16386] . . c:\windows\SoftwareDistribution\Download\fe59f940c1f33c624a58e6cb58d47b4d\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18167_none_03958f7b9f23b4ad\wininet.dll
[7] 2007-12-06 . 4E0726724C9387B9012BA90928A2AF4F . 824320 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20627_none_007db1eabdd40cdb\wininet.dll
[7] 2007-12-06 . E7E09F39D29388CD34F21C188E462BD9 . 823808 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16512_none_fff9e399a4b2d26d\wininet.dll
[7] 2007-12-06 . 355F1F19DAAD8F769936752F993EA8BF . 823808 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20583_none_0038cf54be0851fe\wininet.dll
[7] 2007-12-06 . 9C1C977FA682D428C7133CF29013211B . 822784 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16473_none_ffba0275a4e29643\wininet.dll
[7] 2007-12-06 . 1EA5200F3D45EFDFC25F630A52DDF9E5 . 823296 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20547_none_0068102cbde44796\wininet.dll
[7] 2007-12-06 . 7DBB98EBB2D267ACF9E6BC04AEC6CBF3 . 822784 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16448_none_ffdf73aba4c5c123\wininet.dll
[7] 2006-11-02 . 214A456AADCC7DD1B36E2287BA71A9CA . 822272 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16386_none_ffb23181a4e80112\wininet.dll
.
[7] 2006-11-02 . D99A071C1018BB3D4ABAAD4B62048AC2 . 178688 . . [6.0.6000.16386] . . c:\windows\System32\ws2_32.dll
[7] 2006-11-02 . D99A071C1018BB3D4ABAAD4B62048AC2 . 178688 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll
.
[7] 2006-11-02 . 17C0671BF57057108A6D949510EE42C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\ws2help.dll
[7] 2006-11-02 . 17C0671BF57057108A6D949510EE42C8 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\ws2help.dll
.
[7] 2011-10-31 . 6D06CD98D954FE87FB2DB8108793B399 . 2923520 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[7] 2011-10-31 . BD06F0BF753BC704B653C3A50F89D362 . 2923520 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[7] 2011-10-31 . 37440D09DEAE0B672A04DCCF7ABF06BE . 2923520 . . [6.0.6000.16386] . . c:\windows\explorer.exe
[7] 2011-10-31 . 37440D09DEAE0B672A04DCCF7ABF06BE . 2923520 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[7] 2011-10-31 . E7156B0B74762D9DE0E66BDCDE06E5FB . 2923520 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[7] 2011-10-31 . 4F554999D7D5F05DAAEBBA7B5BA1089D . 2927104 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[7] 2011-10-31 . 50BA5850147410CDE89C523AD3BC606E . 2927616 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[7] 2008-10-30 . 50BA5850147410CDE89C523AD3BC606E . 2927616 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[7] 2008-10-29 . 4F554999D7D5F05DAAEBBA7B5BA1089D . 2927104 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[7] 2008-10-29 . 37440D09DEAE0B672A04DCCF7ABF06BE . 2923520 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[7] 2008-10-28 . E7156B0B74762D9DE0E66BDCDE06E5FB . 2923520 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[7] 2007-08-27 . 6D06CD98D954FE87FB2DB8108793B399 . 2923520 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[7] 2007-08-27 . BD06F0BF753BC704B653C3A50F89D362 . 2923520 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[7] 2006-11-02 . FD8C53FB002217F6F888BCF6F5D7084D . 2923520 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
.
[7] 2006-11-02 . F13123E76FDA33E55F11E0EB832E832A . 134656 . . [6.0.6000.16386] . . c:\windows\regedit.exe
[7] 2006-11-02 . F13123E76FDA33E55F11E0EB832E832A . 134656 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe
.
[7] 2006-11-02 . CCE6FB960F8985BF500CE9CB0B2EF4CF . 1314816 . . [6.0.6000.16386] . . c:\windows\System32\ole32.dll
[7] 2006-11-02 . CCE6FB960F8985BF500CE9CB0B2EF4CF . 1314816 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6000.16386_none_a9e6e55ff5664fb0\ole32.dll
.
[7] 2006-11-02 . 456FB859236C9074ACF6C3B6243D8B46 . 502784 . . [1.0626.6000.16386] . . c:\windows\System32\usp10.dll
[7] 2006-11-02 . 456FB859236C9074ACF6C3B6243D8B46 . 502784 . . [1.0626.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6000.16386_none_aac3b7125b914f5a\usp10.dll
.
[7] 2006-11-02 . 919CC2A0476D5A6A4C935D4B88E29912 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\ksuser.dll
[7] 2006-11-02 . 919CC2A0476D5A6A4C935D4B88E29912 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.0.6000.16386_none_e5cada609a6133bd\ksuser.dll
.
[7] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\System32\ctfmon.exe
[7] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe
.
[7] 2006-11-02 . B264DFA21677728613267FE63802B332 . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[7] 2006-11-02 . B264DFA21677728613267FE63802B332 . 245248 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16386_none_caf99b2e2002860e\shsvcs.dll
.
[7] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] . . c:\windows\System32\cngaudit.dll
[7] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
.
[7] 2006-11-02 . D4385B03E8CCCEE6F0EE249F827C1F3E . 95744 . . [6.0.6000.16386] . . c:\windows\System32\wininit.exe
[7] 2006-11-02 . D4385B03E8CCCEE6F0EE249F827C1F3E . 95744 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
.
[7] 2006-11-02 . 9A043808667C8C1893DA7275AF373F0E . 105984 . . [6.0.6000.16386] . . c:\windows\System32\regsvc.dll
[7] 2006-11-02 . 9A043808667C8C1893DA7275AF373F0E . 105984 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.0.6000.16386_none_872f43bd868c402d\regsvc.dll
.
[7] 2011-10-31 . 886CEC884B5BE29AB9828B8AB46B11F7 . 595456 . . [6.0.6000.16386] . . c:\windows\System32\schedsvc.dll
[7] 2011-10-31 . 886CEC884B5BE29AB9828B8AB46B11F7 . 595456 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.16609_none_2d23e28599d3cbd6\schedsvc.dll
[7] 2011-10-31 . BF17DA9F25A4F84C2577AC13EE126CB7 . 595968 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.20734_none_2d880e1ab30e40c0\schedsvc.dll
[7] 2007-12-06 . BF17DA9F25A4F84C2577AC13EE126CB7 . 595968 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\5d7f15f2b764c278a7ffd0d37add0d96\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.20734_none_2d880e1ab30e40c0\schedsvc.dll
[7] 2007-12-06 . 886CEC884B5BE29AB9828B8AB46B11F7 . 595456 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\5d7f15f2b764c278a7ffd0d37add0d96\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.16609_none_2d23e28599d3cbd6\schedsvc.dll
[7] 2006-11-02 . 5C72614E6625D39CC1504BF078FDC4CA . 595456 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.16386_none_2cca5c959a1767e4\schedsvc.dll
.
[7] 2006-11-02 . 8D3E4BAFF8B3997138C38EB1B600519A . 155136 . . [6.0.6000.16386] . . c:\windows\System32\ssdpsrv.dll
[7] 2006-11-02 . 8D3E4BAFF8B3997138C38EB1B600519A . 155136 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.0.6000.16386_none_7d92b0efd44d38e1\ssdpsrv.dll
.
[7] 2006-11-02 . FAD71C1E8E4047B154E899AE31EB8CAA . 427520 . . [6.0.6000.16386] . . c:\windows\System32\termsrv.dll
[7] 2006-11-02 . FAD71C1E8E4047B154E899AE31EB8CAA . 427520 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6000.16386_none_8c687fcc5759068e\termsrv.dll
.
[7] 2006-11-02 . 312BA286EB3BE9EAE82DA427ED2C0284 . 291840 . . [6.0.6000.16386] . . c:\windows\System32\hnetcfg.dll
[7] 2006-11-02 . 312BA286EB3BE9EAE82DA427ED2C0284 . 291840 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.0.6000.16386_none_adff83b897ae75bd\hnetcfg.dll
.
[7] 2007-12-06 . CE71AFD6738AA025D742CDBCFBDC8B9C . 53864 . . [6.0.6000.16399] . . c:\windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
.
[7] 2006-11-02 . D7657856319941907BBDC2A11713CFD7 . 17408 . . [6.0.6000.16386] . . c:\windows\System32\ias.dll
[7] 2006-11-02 . D7657856319941907BBDC2A11713CFD7 . 17408 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.0.6000.16386_none_f6ca18a8459b3244\ias.dll
.
[7] 2006-11-02 09:46 . BA8639F9EB0F74F2946DE6DE1AF4691F . 924944 . . [4.1.6140] . . c:\windows\System32\mfc40u.dll
[7] 2006-11-02 09:46 . BA8639F9EB0F74F2946DE6DE1AF4691F . 924944 . . [4.1.6140] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6000.16386_none_f0dc500958a528b5\mfc40u.dll
.
[7] 2011-10-31 . A676D072FF3967821EC292F5C885A32D . 3504824 . . [6.0.6000.16551] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16551_none_6a1511c2b724295c\ntkrnlpa.exe
.
[7] 2006-11-02 . 8EB871A3DEB6B3D5A85EB6DDFC390B59 . 259072 . . [6.0.6000.16386] . . c:\windows\System32\upnphost.dll
[7] 2006-11-02 . 8EB871A3DEB6B3D5A85EB6DDFC390B59 . 259072 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.0.6000.16386_none_bfb172793798ecfb\upnphost.dll
.
[7] 2006-11-02 . 68AC082734363E6BA813E7EAA353DB13 . 445440 . . [6.0.6000.16386] . . c:\windows\System32\dsound.dll
[7] 2006-11-02 . 68AC082734363E6BA813E7EAA353DB13 . 445440 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.0.6000.16386_none_5664fc5c44f7ce2c\dsound.dll
.
[7] 2006-11-02 . E72A22DCF0733AC06695ACD2268F6EB3 . 1788416 . . [6.0.6000.16386] . . c:\windows\System32\d3d9.dll
[7] 2006-11-02 . E72A22DCF0733AC06695ACD2268F6EB3 . 1788416 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.0.6000.16386_none_c016aaa963db2525\d3d9.dll
.
[7] 2006-11-02 . 29EF7A2EE634DD701571E781DE5E7E91 . 528384 . . [6.0.6000.16386] . . c:\windows\System32\ddraw.dll
[7] 2006-11-02 . 29EF7A2EE634DD701571E781DE5E7E91 . 528384 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.0.6000.16386_none_02cee0f0c3162de9\ddraw.dll
.
[7] 2006-11-02 09:46 . DF54915B3DD106854F18C678BEB2977D . 88576 . . [6.0.6000.16386] . . c:\windows\System32\olepro32.dll
[7] 2006-11-02 09:46 . DF54915B3DD106854F18C678BEB2977D . 88576 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.0.6000.16386_none_37dcf89704c935aa\olepro32.dll
.
[7] 2006-11-02 . BA7C3E9DD6B1A632124C8659E8014028 . 39424 . . [6.0.6000.16386] . . c:\windows\System32\perfctrs.dll
[7] 2006-11-02 . BA7C3E9DD6B1A632124C8659E8014028 . 39424 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6000.16386_none_2f3c7bc7602ec1c4\perfctrs.dll
.
[7] 2006-11-02 . D8C819157EBA10401FD25FB48184EF24 . 20480 . . [6.0.6000.16386] . . c:\windows\System32\version.dll
[7] 2006-11-02 . D8C819157EBA10401FD25FB48184EF24 . 20480 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.0.6000.16386_none_12c78d3353faab20\version.dll
.
[7] 2011-10-31 . C071905121F6DE5F399550FC70138FEC . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16982_none_2d2748491d16f983\iexplore.exe
[7] 2011-10-31 . 115076DAD84312F3A51698C15BC39D39 . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21184_none_2db2bdca3632ff3d\iexplore.exe
[7] 2011-10-31 . 6C8AC3469BBEFE194BB18B2D84D98252 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18385_none_2f1087cd1a3ad679\iexplore.exe
[7] 2011-10-31 . F47755101C622AF18EE669ECEB3A97AD . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22585_none_2f9a267e3358736a\iexplore.exe
[7] 2009-12-18 . 6C8AC3469BBEFE194BB18B2D84D98252 . 634648 . . [7.00.6000.16386] . . c:\windows\SoftwareDistribution\Download\fe59f940c1f33c624a58e6cb58d47b4d\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18385_none_2f1087cd1a3ad679\iexplore.exe
[7] 2009-12-18 . C071905121F6DE5F399550FC70138FEC . 634632 . . [7.00.6000.16386] . . c:\windows\SoftwareDistribution\Download\fe59f940c1f33c624a58e6cb58d47b4d\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16982_none_2d2748491d16f983\iexplore.exe
[7] 2009-12-18 . 115076DAD84312F3A51698C15BC39D39 . 634632 . . [7.00.6000.16386] . . c:\windows\SoftwareDistribution\Download\fe59f940c1f33c624a58e6cb58d47b4d\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21184_none_2db2bdca3632ff3d\iexplore.exe
[7] 2009-12-18 . F47755101C622AF18EE669ECEB3A97AD . 634632 . . [7.00.6000.16386] . . c:\windows\SoftwareDistribution\Download\fe59f940c1f33c624a58e6cb58d47b4d\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22585_none_2f9a267e3358736a\iexplore.exe
[7] 2007-12-06 . BD8502DFD53FC24FB8D6929DC46B8C2C . 625152 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20627_none_2df6be7635ff7bbe\iexplore.exe
[7] 2007-12-06 . 275CEE268B9E5D82474C43D5D249D111 . 625152 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16512_none_2d72f0251cde4150\iexplore.exe
[7] 2007-12-06 . 9B3516C1F30DA17ADD3818573047D63C . 625152 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20583_none_2db1dbe03633c0e1\iexplore.exe
[7] 2007-12-06 . 10BDB55982586A432A3951EB19A26009 . 625152 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16473_none_2d330f011d0e0526\iexplore.exe
[7] 2006-11-02 . 8308F01F27DF839E0010B0F72F855E35 . 623616 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_2d2b3e0d1d136ff5\iexplore.exe
.
[7] 2011-10-31 . 0E8F7801D17C7437CEE216099B975163 . 3471032 . . [6.0.6000.16551] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16551_none_6a1511c2b724295c\ntoskrnl.exe
.
[7] 2006-11-02 . 62B0D0F6F5580D9D0DFA5E0B466FF2ED . 270848 . . [6.0.6000.16386] . . c:\windows\System32\w32time.dll
[7] 2006-11-02 . 62B0D0F6F5580D9D0DFA5E0B466FF2ED . 270848 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-time-service_31bf3856ad364e35_6.0.6000.16386_none_8670a1b3705f945b\w32time.dll
.
[7] 2006-11-02 . A941E099EF46E3CC12F898CBE1C39910 . 451584 . . [6.0.6000.16386] . . c:\windows\System32\wiaservc.dll
[7] 2006-11-02 . A941E099EF46E3CC12F898CBE1C39910 . 451584 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6000.16386_none_305d7915b6684b33\wiaservc.dll
.
[7] 2006-11-02 . 848E745A842F903FD521DB585AB00D97 . 17408 . . [6.0.6000.16386] . . c:\windows\System32\midimap.dll
[7] 2006-11-02 . 848E745A842F903FD521DB585AB00D97 . 17408 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6000.16386_none_8ac7060813a4d0d2\midimap.dll
.
[7] 2006-11-02 . A7D525E5C0D91C8C1D84C6BCD25AD77D . 10240 . . [6.0.6000.16386] . . c:\windows\System32\rasadhlp.dll
[7] 2006-11-02 . A7D525E5C0D91C8C1D84C6BCD25AD77D . 10240 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6000.16386_none_0da33cba68680e8f\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2011-10-31 1232896]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-02 1783136]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-12 4615552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 51048]
"isCfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" [2007-08-24 607624]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-12-6 53248]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20070823.002\IDSvix86.sys [2007-08-15 180272]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2007-10-01 39408]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2007-08-25 149864]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-02 18:15
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-02 18:29:50
ComboFix-quarantined-files.txt 2011-11-02 23:29
.
Pre-Run: 191,859,306,496 bytes free
Post-Run: 191,340,204,032 bytes free
.
- - End Of File - - 30A63A00594028A82EFEEA33FC15A247



Computer appears to be ok???
Please advise.
Thank you.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 PM

Posted 02 November 2011 - 08:40 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 katmaan100

katmaan100
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lubbock, Texas
  • Local time:05:14 PM

Posted 03 November 2011 - 06:52 PM

Gringo,

I ran the CBfix with the script.
I went to connect to the Internet and it would not do it.
I saved the log on a thumbdrive and moved to a clean computer.
Here is the log:


ComboFix 11-11-03.05 - CMAJWilliams 11/03/2011 18:38:33.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.1054 [GMT -5:00]
Running from: c:\users\CMAJWilliams\Desktop\ComboFix.exe
Command switches used :: c:\users\CMAJWilliams\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-10-03 to 2011-11-03 )))))))))))))))))))))))))))))))
.
.
2011-11-03 23:43 . 2011-11-03 23:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-02 23:55 . 2011-11-02 23:55 -------- d-----w- c:\programdata\Yahoo! Companion
2011-10-31 10:30 . 2011-10-31 22:40 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACD9E9D2-CC64-4BD2-80C8-3EA8B783C908}\offreg.dll
2011-10-31 10:05 . 2011-10-31 10:05 156672 ----a-w- c:\windows\system32\t2embed.dll
2011-10-31 10:05 . 2011-10-31 10:05 289792 ----a-w- c:\windows\system32\atmfd.dll
2011-10-31 10:05 . 2011-10-31 10:05 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-10-31 10:05 . 2011-10-31 10:05 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-10-31 10:05 . 2011-10-31 10:05 24064 ----a-w- c:\windows\system32\lpk.dll
2011-10-31 10:05 . 2011-10-31 10:05 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-10-31 10:01 . 2011-10-31 10:01 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-10-31 10:01 . 2011-10-31 10:01 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2011-10-31 10:01 . 2011-10-31 10:01 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2011-10-31 10:01 . 2011-10-31 10:01 272896 ----a-w- c:\windows\system32\polstore.dll
2011-10-31 09:59 . 2011-10-31 09:59 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-10-31 09:59 . 2011-10-31 09:59 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-31 09:58 . 2011-10-31 09:58 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2011-10-31 09:58 . 2011-10-31 09:58 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2011-10-31 09:58 . 2011-10-31 09:58 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2011-10-31 09:57 . 2011-10-31 09:57 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-10-31 09:57 . 2011-10-31 09:57 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-10-31 09:57 . 2011-10-31 09:57 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-10-31 09:57 . 2011-10-31 09:57 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-10-31 09:57 . 2011-10-31 09:57 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-10-31 09:57 . 2011-10-31 09:57 15360 ----a-w- c:\windows\system32\netevent.dll
2011-10-31 09:57 . 2011-10-31 09:57 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-10-31 09:57 . 2011-10-31 09:57 103936 ----a-w- c:\windows\system32\netiohlp.dll
2011-10-31 09:57 . 2011-10-31 09:57 10240 ----a-w- c:\windows\system32\finger.exe
2011-10-31 09:55 . 2011-10-31 09:55 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2011-10-31 09:55 . 2011-10-31 09:55 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2011-10-31 09:55 . 2011-10-31 09:55 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2011-10-31 09:55 . 2011-10-31 09:55 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-10-31 09:55 . 2011-10-31 09:55 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys
2011-10-31 09:55 . 2011-10-31 09:55 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2011-10-31 09:55 . 2011-10-31 09:55 28344 ----a-w- c:\windows\system32\drivers\battc.sys
2011-10-31 09:55 . 2011-10-31 09:55 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2011-10-31 09:55 . 2011-10-31 09:55 542720 ----a-w- c:\windows\system32\sysmain.dll
2011-10-31 09:54 . 2011-10-31 09:54 194560 ----a-w- c:\windows\system32\WebClnt.dll
2011-10-31 09:54 . 2011-10-31 09:54 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2011-10-31 09:53 . 2011-10-31 09:53 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2011-10-31 09:53 . 2011-10-31 09:53 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2011-10-31 09:53 . 2011-10-31 09:53 502784 ----a-w- c:\windows\system32\wlansvc.dll
2011-10-31 09:53 . 2011-10-31 09:53 47104 ----a-w- c:\windows\system32\wlanapi.dll
2011-10-31 09:53 . 2011-10-31 09:53 299520 ----a-w- c:\windows\system32\wlansec.dll
2011-10-31 09:53 . 2011-10-31 09:53 289280 ----a-w- c:\windows\system32\wlanmsm.dll
2011-10-31 09:51 . 2011-10-31 09:51 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-10-31 09:51 . 2011-10-31 09:51 1260032 ----a-w- c:\windows\system32\msxml3.dll
2011-10-31 09:51 . 2011-10-31 09:51 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-10-31 09:51 . 2011-10-31 09:51 1406464 ----a-w- c:\windows\system32\msxml6.dll
2011-10-31 09:50 . 2011-10-31 09:50 216576 ----a-w- c:\windows\system32\msv1_0.dll
2011-10-31 09:49 . 2011-10-31 09:49 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-10-31 09:49 . 2011-10-31 09:49 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-10-31 09:49 . 2011-10-31 09:49 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-10-31 09:48 . 2011-10-31 09:48 2855424 ----a-w- c:\windows\system32\mf.dll
2011-10-31 09:48 . 2011-10-31 09:48 98816 ----a-w- c:\windows\system32\mfps.dll
2011-10-31 09:48 . 2011-10-31 09:48 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2011-10-31 09:48 . 2011-10-31 09:48 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-10-31 09:48 . 2011-10-31 09:48 2048 ----a-w- c:\windows\system32\mferror.dll
2011-10-31 09:46 . 2011-10-31 09:46 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-31 09:46 . 2011-10-31 09:46 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-31 09:45 . 2011-10-31 09:45 376832 ----a-w- c:\windows\system32\winhttp.dll
2011-10-31 09:44 . 2011-10-31 09:44 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-10-31 09:43 . 2011-10-31 09:43 71680 ----a-w- c:\windows\system32\atl.dll
2011-10-31 09:42 . 2011-10-31 09:42 297472 ----a-w- c:\windows\system32\gdi32.dll
2011-10-31 09:41 . 2011-10-31 09:41 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2011-10-31 09:41 . 2011-10-31 09:41 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-10-31 09:38 . 2011-10-31 09:38 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2011-10-31 09:38 . 2011-10-31 09:38 30208 ----a-w- c:\windows\system32\xolehlp.dll
2011-10-31 09:37 . 2011-10-31 09:37 156160 ----a-w- c:\windows\system32\wkssvc.dll
2011-10-31 09:36 . 2011-10-31 09:36 36352 ----a-w- c:\windows\system32\tsgqec.dll
2011-10-31 09:36 . 2011-10-31 09:36 1871872 ----a-w- c:\windows\system32\mstscax.dll
2011-10-31 09:36 . 2011-10-31 09:36 116736 ----a-w- c:\windows\system32\aaclient.dll
2011-10-31 09:35 . 2011-10-31 09:35 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2011-10-31 09:33 . 2011-10-31 09:33 713728 ----a-w- c:\windows\system32\timedate.cpl
2011-10-31 09:32 . 2011-10-31 09:32 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2011-10-31 09:30 . 2011-10-31 09:30 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2011-10-31 09:29 . 2011-10-31 09:29 23040 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll
2011-10-31 09:29 . 2011-10-31 09:29 195072 ----a-w- c:\program files\Movie Maker\WMM2AE.dll
2011-10-31 09:29 . 2011-10-31 09:29 10922496 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2011-10-31 09:27 . 2011-10-31 09:27 1244672 ----a-w- c:\windows\system32\mcmde.dll
2011-10-31 09:27 . 2011-10-31 09:27 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-10-31 09:27 . 2011-10-31 09:27 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-31 09:27 . 2011-10-31 09:27 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-31 09:27 . 2011-10-31 09:27 428032 ----a-w- c:\windows\system32\EncDec.dll
2011-10-31 09:27 . 2011-10-31 09:27 292352 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-31 09:27 . 2011-10-31 09:27 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-31 09:27 . 2011-10-31 09:27 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2011-10-31 09:24 . 2011-10-31 09:24 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-31 09:22 . 2011-10-31 09:22 696832 ----a-w- c:\windows\system32\localspl.dll
2011-10-31 09:20 . 2011-10-31 09:20 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2011-10-31 09:20 . 2011-10-31 09:20 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2011-10-31 09:20 . 2011-10-31 09:20 15928 ----a-w- c:\windows\system32\drivers\pciide.sys
2011-10-31 09:20 . 2011-10-31 09:20 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2011-10-31 09:20 . 2011-10-31 09:20 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-10-31 09:20 . 2011-10-31 09:20 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2011-10-31 09:19 . 2011-10-31 09:19 2923520 ----a-w- c:\windows\explorer.exe
2011-10-31 09:18 . 2011-10-31 09:18 8704 ----a-w- c:\windows\system32\hcrstco.dll
2011-10-31 09:18 . 2011-10-31 09:18 8704 ----a-w- c:\windows\system32\hccoin.dll
2011-10-31 09:18 . 2011-10-31 09:18 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-10-31 09:18 . 2011-10-31 09:18 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-10-31 09:18 . 2011-10-31 09:18 224768 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-10-31 09:18 . 2011-10-31 09:18 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-10-31 09:18 . 2011-10-31 09:18 193536 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-10-31 09:18 . 2011-10-31 09:18 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-10-31 09:18 . 2011-10-31 09:18 171520 ----a-w- c:\windows\system32\wintrust.dll
2011-10-31 09:17 . 2011-10-31 09:17 7680 ----a-w- c:\windows\system32\lsass.exe
2011-10-31 09:17 . 2011-10-31 09:17 72704 ----a-w- c:\windows\system32\secur32.dll
2011-10-31 09:17 . 2011-10-31 09:17 494592 ----a-w- c:\windows\system32\kerberos.dll
2011-10-31 09:17 . 2011-10-31 09:17 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-10-31 09:17 . 2011-10-31 09:17 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-10-31 09:17 . 2011-10-31 09:17 272384 ----a-w- c:\windows\system32\schannel.dll
2011-10-31 09:17 . 2011-10-31 09:17 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2011-10-31 09:16 . 2011-10-31 09:16 24064 ----a-w- c:\windows\system32\netcfg.exe
2011-10-31 09:10 . 2011-10-31 09:10 1585664 ----a-w- c:\windows\system32\setupapi.dll
2011-10-31 09:07 . 2011-10-31 09:07 549888 ----a-w- c:\windows\system32\rpcss.dll
2011-10-31 09:07 . 2011-10-31 09:07 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-10-31 09:07 . 2011-10-31 09:07 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-10-31 09:07 . 2011-10-31 09:07 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2011-10-31 09:07 . 2011-10-31 09:07 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-10-31 09:07 . 2011-10-31 09:07 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2011-10-31 09:07 . 2011-10-31 09:07 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2011-10-31 09:07 . 2011-10-31 09:07 97280 ----a-w- c:\windows\system32\iasrecst.dll
2011-10-31 09:07 . 2011-10-31 09:07 53248 ----a-w- c:\windows\system32\iasads.dll
2011-10-31 09:07 . 2011-10-31 09:07 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2011-10-31 09:07 . 2011-10-31 09:07 158720 ----a-w- c:\windows\system32\sdohlp.dll
2011-10-31 09:06 . 2011-10-31 09:06 62464 ----a-w- c:\windows\system32\l3codeca.acm
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-31 10:03 . 2011-10-31 10:03 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2011-10-31 09:09 . 2011-10-31 09:09 5632 ----a-w- c:\windows\system32\drivers\en-US\sermouse.sys.mui
2011-10-31 09:09 . 2011-10-31 09:09 4608 ----a-w- c:\windows\system32\drivers\en-US\mouclass.sys.mui
2011-10-31 09:09 . 2011-10-31 09:09 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2011-10-31 09:09 . 2011-10-31 09:09 3072 ----a-w- c:\windows\system32\drivers\en-US\mouhid.sys.mui
2011-10-31 09:09 . 2011-10-31 09:09 3072 ----a-w- c:\windows\system32\drivers\en-US\kbdhid.sys.mui
2011-10-31 09:09 . 2011-10-31 09:09 10752 ----a-w- c:\windows\system32\drivers\en-US\i8042prt.sys.mui
2011-10-31 09:02 . 2011-10-31 09:02 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2011-10-31 08:12 . 2011-10-31 08:12 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2011-10-31 08:12 . 2011-10-31 08:12 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-10-31 08:12 . 2011-10-31 08:12 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-10-31 08:12 . 2011-10-31 08:12 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-10-31 08:12 . 2011-10-31 08:12 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2011-10-31 1232896]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-02 1783136]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-12 4615552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 51048]
"isCfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" [2007-08-24 607624]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-12-6 53248]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20070823.002\IDSvix86.sys [2007-08-15 180272]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2007-10-01 39408]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2007-08-25 149864]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-03 18:43
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5612)
c:\program files\Common Files\Symantec Shared\auCOLPwd.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2011-11-03 18:45:59
ComboFix-quarantined-files.txt 2011-11-03 23:45
ComboFix2.txt 2011-11-02 23:29
.
Pre-Run: 188,254,093,312 bytes free
Post-Run: 187,194,970,112 bytes free
.
- - End Of File - - 9813AC75F539F45676020B398A016F9D



Thanks for your help.
Please advise

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 PM

Posted 03 November 2011 - 08:15 PM

please run the following:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    NetBT.sys
    afd.sys
    ipsec.sys
    
    :reg
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd /s
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt /s
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ipsec /s
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 katmaan100

katmaan100
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lubbock, Texas
  • Local time:05:14 PM

Posted 03 November 2011 - 08:26 PM

Gringo,
I am now getting every time that i double click on an icon on the desktop, or go thru the programs list,
a window that says an illegal operation attempted on a regristry key that is marked for deletion.
This is for any icon or program.

Please avdise.

#8 katmaan100

katmaan100
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lubbock, Texas
  • Local time:05:14 PM

Posted 03 November 2011 - 08:39 PM

Gringo,
I got smarter and ran as an administrator. :thumbsup:


Here is the log:


SystemLook 30.07.11 by jpshortstuff
Log created at 20:36 on 03/11/2011 by CMAJWilliams
Administrator - Elevation successful

========== filefind ==========

Searching for "NetBT.sys"
C:\WINDOWS\System32\drivers\netbt.sys --a---- 184320 bytes [08:57 02/11/2006] [08:57 02/11/2006] E3A168912E7EEFC3BD3B814720D68B41
C:\WINDOWS\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6000.16386_none_5e2e0665fa591691\netbt.sys --a---- 184320 bytes [08:57 02/11/2006] [08:57 02/11/2006] E3A168912E7EEFC3BD3B814720D68B41

Searching for "afd.sys"
C:\WINDOWS\System32\drivers\afd.sys --a---- 270336 bytes [08:58 02/11/2006] [08:58 02/11/2006] 5D24CAF8EFD924A875698FF28384DB8B
C:\WINDOWS\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6000.16386_none_d5b1809661820e7c\afd.sys --a---- 270336 bytes [08:58 02/11/2006] [08:58 02/11/2006] 5D24CAF8EFD924A875698FF28384DB8B

Searching for "ispec.sys"
No files found.

========== reg ==========

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd]
"DisplayName"="Ancilliary Function Driver for Winsock"
"Group"="PNP_TDI"
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
"Description"="Ancilliary Function Driver for Winsock"
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000001 (1)
"Type"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd\Parameters]
(No values found)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd\Enum]
"0"="Root\LEGACY_AFD\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt]
"DisplayName"="NETBT"
"Group"="PNP_TDI"
"ImagePath"="System32\DRIVERS\netbt.sys"
"Description"="This service implements NetBios over TCP/IP."
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000001 (1)
"Type"= 0x0000000001 (1)
"DependOnService"="Tdx tcpip"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Linkage]
"OtherDependencies"="Tcpip"
"Bind"="\Device\Tcpip_{1D3F5DE0-D78A-49F6-B0A6-7D9E27969A07} \Device\Tcpip_{BAC48701-5C8E-45EF-BF3C-B4E4700EBA7F} \Device\Tcpip6_{1D3F5DE0-D78A-49F6-B0A6-7D9E27969A07} \Device\Tcpip6_{BAC48701-5C8E-45EF-BF3C-B4E4700EBA7F}"
"Route"=""Tcpip" "{1D3F5DE0-D78A-49F6-B0A6-7D9E27969A07}" "Tcpip" "{BAC48701-5C8E-45EF-BF3C-B4E4700EBA7F}" "Tcpip6" "{1D3F5DE0-D78A-49F6-B0A6-7D9E27969A07}" "Tcpip6" "{BAC48701-5C8E-45EF-BF3C-B4E4700EBA7F}""
"Export"="\Device\NetBT_Tcpip_{1D3F5DE0-D78A-49F6-B0A6-7D9E27969A07} \Device\NetBT_Tcpip_{BAC48701-5C8E-45EF-BF3C-B4E4700EBA7F} \Device\NetBT_Tcpip6_{1D3F5DE0-D78A-49F6-B0A6-7D9E27969A07} \Device\NetBT_Tcpip6_{BAC48701-5C8E-45EF-BF3C-B4E4700EBA7F}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters]
"BcastNameQueryCount"= 0x0000000003 (3)
"BcastQueryTimeout"= 0x00000002ee (750)
"CacheTimeout"= 0x00000927c0 (600000)
"EnableLMHOSTS"= 0x0000000001 (1)
"NameServerPort"= 0x0000000089 (137)
"NameSrvQueryCount"= 0x0000000003 (3)
"NameSrvQueryTimeout"= 0x00000005dc (1500)
"NbProvider"="_tcp"
"SessionKeepAlive"= 0x000036ee80 (3600000)
"Size/Small/Medium/Large"= 0x0000000001 (1)
"TransportBindName"="\Device\"
"UseNewSmb"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces]
(No values found)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{1D3F5DE0-D78A-49F6-B0A6-7D9E27969A07}]
"NameServerList"=" "
"NetbiosOptions"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{BAC48701-5C8E-45EF-BF3C-B4E4700EBA7F}]
"NameServerList"=" "
"NetbiosOptions"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Security]
"Security"=01 00 14 88 d0 00 00 00 dc 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 a0 00 07 00 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 25 02 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 40 00 00 00 01 01 00 00 00 00 00 05 13 00 00 00 00 00 14 00 40 00 00 00 01 01 00 00 00 00 00 05 14 00 00 00 00 00 18 00 9d 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2c 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Enum]
"0"="Root\LEGACY_NETBT\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ispec]
(Unable to open key - key not found)

-= EOF =-



Please advise

Thank you

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 PM

Posted 03 November 2011 - 08:46 PM

after running combofix have you restarted the computer?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 katmaan100

katmaan100
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lubbock, Texas
  • Local time:05:14 PM

Posted 03 November 2011 - 09:34 PM

Gringo,
Yes and it is now getting on the internet, but only hard wired.

Edited by katmaan100, 03 November 2011 - 09:36 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 PM

Posted 03 November 2011 - 09:45 PM

Hello


try this and see if you get wireless back

http://oit.pdx.edu/use-windows-to-manage-wireless


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 katmaan100

katmaan100
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lubbock, Texas
  • Local time:05:14 PM

Posted 03 November 2011 - 10:34 PM

Gringo,
I have restarted the computer a couple of times, and I can connect wired but wireless will not allow anything other than local.
This is a Vista HP laptop.
It will not allow me to change the network locations type from public to private.
But that is another problem.

Back to the redirect and systen restore issue.
Please avdise.
Thank you

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 PM

Posted 03 November 2011 - 11:12 PM

did you go to the web page I have posted in post 11


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 katmaan100

katmaan100
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lubbock, Texas
  • Local time:05:14 PM

Posted 04 November 2011 - 12:16 PM

Gringo,
Does it make a difference if this unit is Vista?
The instructions is for XP.

I followed the instructions up to the wireless network connections window that explains to check the 2 boxes in the lower point in the window, due to the window does not have the boxes.
And the general tab does not have a wireless networks tab in this window.
I looked around those windows and backed up and looked at settings for that wireless connection and could not find anything that showed anything similar.

Please advise.
Thank you

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 PM

Posted 04 November 2011 - 05:00 PM

Hello


sorry about that

What is the make and model of the computer


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users