Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked by worm?


  • Please log in to reply
12 replies to this topic

#1 spencerg

spencerg

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 22 December 2011 - 03:29 PM

Computer VERY slow. Everyone in my address book has gotten some kind of ad or other nonsense. I have attached dds.txt and attach.txt. I have been unable to do GMER. I've run it about 6 times and it locks up each time. I did run Combofix before I noticed the Guide which said not to do so until told to do it. I hope that didn't scwer things up...but it didn't fix the problem, whatever it is.
Here is dds.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Spencer at 22:51:33 on 2011-12-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1185 [GMT -8:00]
.
AV: The Shield Deluxe Antivirus *Enabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: The Shield Deluxe 2008 *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: The Shield Deluxe 2008 *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Update Service\livesrv.exe
C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\IDrive\IDriveE Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\seccenter.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Documents and Settings\TEMP.LIFEBOOK\Application Data\Verizon\UA_ar\UtilityApplication.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IDrive\IDriveETray.exe
C:\Program Files\IDrive\IDriveEBackground.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: The Shield Deluxe 2010 Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\the shield deluxe\the shield deluxe 2010\IEToolbar.dll
uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
uRun: [IDriveE Startup] "c:\program files\idrive\IDrvieEStartup.exe" Hide
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [BitDefender Antiphishing Helper] "c:\program files\the shield deluxe\the shield deluxe 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\the shield deluxe\the shield deluxe 2010\bdagent.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\temp~1.lif\startm~1\programs\startup\idrive~1.lnk - c:\program files\idrive\IDriveEReg2ini.exe
StartupFolder: c:\docume~1\temp~1.lif\startm~1\programs\startup\launch~1.lnk - c:\documents and settings\temp.lifebook\application data\verizon\ua_ar\UtilityApplication.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Are%20You%20Smarter%20Than%20A%205th%20Grader/Images/stg_drm.ocx
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172295703830
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Are%20You%20Smarter%20Than%20A%205th%20Grader/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6859BCCE-60A8-429A-AD6E-AF81928BF882} : DhcpNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {9C450606-ED24-4958-92BA-B8940C99D441} - c:\program files\pixiepack codec pack\InstallerHelper.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\temp.lifebook\application data\mozilla\firefox\profiles\6bk79y6l.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-10-12 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 67656]
R2 IDriveE Service;IDriveE Service;c:\program files\idrive\IDriveE Service.exe [2011-10-7 157128]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-9-17 152328]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2004-8-31 191264]
R3 Fjbtndrv;Fujitsu LIFEBOOK T3000 Button Driver;c:\windows\system32\drivers\FjBtndrv.sys [2003-6-20 11392]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [2004-8-31 31104]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2004-8-31 5760]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2009-11-26 27168]
S0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys --> c:\windows\system32\drivers\kl1.sys [?]
S1 klif;Klif;\??\c:\windows\system32\drivers\klif.sys --> c:\windows\system32\drivers\klif.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-7 135664]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164;c:\windows\system32\drivers\A302.sys [2004-8-31 11831]
S3 Arrakis3;The Shield Deluxe Arrakis Server;c:\program files\common files\the shield deluxe\the shield deluxe arrakis server\bin\arrakis3.exe [2009-9-13 183880]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 DX02;DX02;c:\windows\system32\drivers\dx02.sys [2004-7-29 83712]
S3 FarStoneFireWallDrive;FarStoneFireWallDrive;c:\windows\system32\drivers\fardrive.sys --> c:\windows\system32\drivers\FarDrive.sys [?]
S3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [2004-8-31 6000]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-7 135664]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1f.tmp --> c:\windows\system32\1F.tmp [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-6-18 27064]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2009-11-26 27168]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 12872]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2004-8-31 14208]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-31 14336]
S4 iYogiURLHit.exe;iYogi Hit Agent;c:\program files\iyogi supportdock\services\urlhit\iYogiURLHit.exe [2010-5-31 16896]
S4 pg-plus-8.3;Postgres Plus 8.3 - Server;c:\postgresplus\8.3\bin\pg_ctl.exe runservice -w -n "pg-plus-8.3" -d "c:\postgresplus\8.3\data\" --> c:\postgresplus\8.3\bin\pg_ctl.exe runservice -w -N pg-plus-8.3 [?]
S4 SupportDockClientService.exe;iYogi Communication Agent;c:\program files\iyogi supportdock\services\commagent\SupportDockClientService.exe [2010-6-2 45568]
.
=============== Created Last 30 ================
.
2011-12-19 16:25:02 -------- d-----w- C:\kittysnack409k
2011-12-19 04:13:47 -------- d-----w- C:\kittysnack10620k
2011-12-19 01:53:49 -------- d-----w- C:\kittysnack
2011-12-17 21:45:59 -------- d-sha-r- C:\cmdcons
2011-12-17 17:01:42 98816 ----a-w- c:\windows\sed.exe
2011-12-17 17:01:42 518144 ----a-w- c:\windows\SWREG.exe
2011-12-17 17:01:42 256000 ----a-w- c:\windows\PEV.exe
2011-12-17 17:01:42 208896 ----a-w- c:\windows\MBR.exe
.
==================== Find3M ====================
.
2011-12-02 19:52:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 12:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 09:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-30 22:50:14 1331200 ----a-w- c:\windows\system32\IDriveEService.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2008-04-16 15:35:19 2293848 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2008-04-16 15:34:44 4265560 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
.
============= FINISH: 22:53:21.85 ===============


Here is attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/23/2007 5:11:29 PM
System Uptime: 12/19/2011 10:17:03 PM (0 hours ago)
.
Motherboard: FUJITSU | | FJNB18E
Processor: Intel® Pentium® M processor 1.60GHz | Onboard | 599/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 168.437 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_165E&SUBSYS_127910CF&REV_03\4&16793A72&0&60F0
Manufacturer: Broadcom
Name: Broadcom NetXtreme Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_165E&SUBSYS_127910CF&REV_03\4&16793A72&0&60F0
Service: b57w2k
.
==== System Restore Points ===================
.
RP307: 9/23/2011 9:13:30 AM - System Checkpoint
RP308: 9/24/2011 3:42:37 PM - System Checkpoint
RP309: 9/25/2011 4:00:53 PM - System Checkpoint
RP310: 9/27/2011 11:48:24 AM - System Checkpoint
RP311: 9/29/2011 9:34:23 AM - Installed Sophos confic-a Cleanup Tool.
RP312: 9/29/2011 3:40:33 PM - Unsigned driver install
RP313: 9/29/2011 3:44:29 PM - Printer Driver Kyocera CS-5050 KX Installed
RP314: 10/2/2011 6:01:19 PM - Software Distribution Service 3.0
RP315: 10/4/2011 9:43:56 AM - System Checkpoint
RP316: 10/7/2011 10:24:14 AM - System Checkpoint
RP317: 10/9/2011 12:57:52 AM - System Checkpoint
RP318: 10/11/2011 10:36:47 AM - System Checkpoint
RP319: 10/11/2011 8:59:34 PM - Software Distribution Service 3.0
RP320: 10/12/2011 10:13:27 PM - System Checkpoint
RP321: 10/13/2011 11:03:13 PM - System Checkpoint
RP322: 10/18/2011 6:53:17 PM - System Checkpoint
RP323: 10/19/2011 7:28:49 PM - System Checkpoint
RP324: 10/19/2011 9:36:44 PM - Installed Java™ 6 Update 29
RP325: 10/23/2011 11:33:45 AM - System Checkpoint
RP326: 10/23/2011 9:57:18 PM - Installed Compatibility Pack for the 2007 Office system
RP327: 10/25/2011 3:00:20 AM - Software Distribution Service 3.0
RP328: 10/25/2011 7:45:38 PM - Unsigned driver install
RP329: 10/29/2011 10:37:21 PM - Unsigned driver install
RP330: 10/30/2011 2:59:18 PM - Software Distribution Service 3.0
RP331: 11/21/2011 3:12:34 PM - System Checkpoint
RP332: 11/23/2011 11:39:31 PM - Software Distribution Service 3.0
RP333: 11/25/2011 11:29:14 AM - Unsigned driver install
RP334: 11/26/2011 1:58:37 PM - System Checkpoint
RP335: 11/27/2011 2:59:15 PM - System Checkpoint
RP336: 11/29/2011 9:21:40 PM - System Checkpoint
RP337: 12/2/2011 1:39:13 PM - System Checkpoint
RP338: 12/4/2011 10:52:39 AM - System Checkpoint
RP339: 12/5/2011 11:58:35 AM - System Checkpoint
RP340: 12/9/2011 1:49:32 PM - System Checkpoint
RP341: 12/10/2011 5:04:15 PM - System Checkpoint
RP342: 12/11/2011 7:03:38 PM - System Checkpoint
RP343: 12/12/2011 7:33:15 PM - System Checkpoint
RP344: 12/14/2011 8:39:24 AM - System Checkpoint
RP345: 12/15/2011 9:07:18 AM - Software Distribution Service 3.0
RP346: 12/15/2011 4:56:06 PM - Software Distribution Service 3.0
RP347: 12/15/2011 5:15:13 PM - Software Distribution Service 3.0
RP348: 12/15/2011 6:30:39 PM - Software Distribution Service 3.0
RP349: 12/15/2011 7:19:02 PM - Software Distribution Service 3.0
RP350: 12/15/2011 7:32:52 PM - Software Distribution Service 3.0
RP351: 12/16/2011 3:02:52 AM - Software Distribution Service 3.0
RP352: 12/16/2011 10:58:09 AM - Software Distribution Service 3.0
RP353: 12/16/2011 11:25:04 AM - Software Distribution Service 3.0
RP354: 12/18/2011 12:28:01 AM - System Checkpoint
.
==== Installed Programs ======================
.
4Media iPod to PC Transfer
7-Zip 4.42
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
Are You Smarter Than A 5th Grader
Audible Download Manager
AVR300 Programmer
BackyardEOS 1.2.0
Bonjour
Brother MFL-Pro Suite MFC-495CW
CDA to MP3 Converter v3.3 build 1228
Compatibility Pack for the 2007 Office system
Crimson Editor (remove only)
Critical Update for Windows Media Player 11 (KB959772)
dBpowerAMP DirectShow Decoder Codec
DivX Converter
DivX Player
DivX Web Player
DriverAgent Plugin for Netscape by TouchStone Software
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.3.0
EasyRecovery Lite
EasyRecovery Professional Trial
emWave
ffdshow [rev 2527] [2008-12-19]
Foxit PDF IFilter
Foxit Reader
Fujitsu Button Driver Component
Fujitsu Button Utilities
Fujitsu Hotkey Utility
Fujitsu Pen Service
GlassFish V2 UR1
GoldWave v5.06
Google Earth
Google Update Helper
Google Updater
GreenPC
Harry Potter and the Order of the Phoenix™
Harry Potter and the Prisoner of Azkaban™
Harry Potter II
HeidiSQL 3.1 RC1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IDrive version 3.4.1 September 30, 2011
ImgBurn
Intel PROSet Wireless
Intel® Extreme Graphics 2 Driver
Intel® PROSet/Wireless WiFi Software
IntelliSonic DX
InterActual Player
Inventory Database for MS Access(Remove only)
iPod Copy Expert 3.1.2
iTunes
iYogi SupportDock 4.0
Java Auto Updater
Java™ 6 Update 29
Java™ 6 Update 4
Java™ 6 Update 5
Java™ SE Development Kit 6 Update 3
Kyocera Product Library
mDriver
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Partial Replica Wizard
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Mozilla Firefox 8.0.1 (x86 en-US)
Mozilla Thunderbird (2.0.0.6)
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MySQL-Front 3.2
NetBeans IDE 6.0.1
O2Micro MemoryCardBus Windows Driver
O2Micro SmartCardBus Windows Driver Installer
OpenOffice.org 2.4
PaperPort Image Printer
PixiePack Codec Pack
Postgres Plus 8.3
Puzzle Game
QuickTime
QuickTime Alternative 2.6.0
R-Studio 3.6
Real Alternative 2.0.2
Replay Media Catcher
Revo Uninstaller Pro 2.2.3
River Past Audio Converter
Ruby-186-27
Safari
Samsung CLX-3160 Series
SAMSUNG USB Driver for Mobile Phones
ScanSoft PaperPort 11
Security Task Manager 1.7h
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sibelius Scorch (Firefox, Opera, Netscape only)
SigmaTel AC97 Audio Drivers
SMSC IrCC V5.1.3600.7
Sophos Anti-Rootkit 1.5.20
Sophos confic-a Cleanup Tool
Spybot - Search & Destroy
StuffIt 11
SUPERAntiSpyware Free Edition
System Requirements Lab for Intel
Tablet PC Tutorials for Microsoft Windows XP SP2
The Shield Deluxe 2010
TotalAudioConverter
Tunebite
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon V CAST Media Manager
Verizon Wireless Software Utility Application for Android - Samsung
WebFldrs XP
Windows Driver Package - Intel (NETw4x32) net (03/13/2008 11.5.1.15)
Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39)
Windows Driver Package - Intel net (03/13/2008 11.5.1.15)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Service Pack 3
WinZip
.
==== Event Viewer Messages From Past Week ========
.
12/18/2011 6:08:04 PM, error: PlugPlayManager [11] - The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal.
12/18/2011 6:06:56 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/18/2011 5:45:28 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/17/2011 7:06:36 PM, error: Service Control Manager [7034] - The The Shield Deluxe Virus Shield service terminated unexpectedly. It has done this 1 time(s).
12/16/2011 6:33:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/16/2011 6:33:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/16/2011 5:24:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD bdfsfltr bdftdif Fips intelppm IPSec kl1 klif MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
12/16/2011 5:24:18 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/16/2011 5:24:18 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/16/2011 5:24:18 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/16/2011 5:24:18 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/16/2011 10:49:55 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
12/16/2011 10:16:09 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/16/2011 10:16:09 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
12/16/2011 1:48:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/16/2011 1:45:03 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/16/2011 1:45:03 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2011 9:21:50 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
12/13/2011 9:16:29 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
12/13/2011 9:15:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: kl1 klif
12/13/2011 9:15:31 PM, error: Service Control Manager [7023] - The Human Interface Device Access service terminated with the following error: The specified module could not be found.
12/13/2011 9:15:31 PM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
12/13/2011 9:15:31 PM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
12/13/2011 9:15:31 PM, error: Service Control Manager [7000] - The BtnHnd service failed to start due to the following error: The system cannot find the file specified.
12/13/2011 9:06:07 PM, error: Service Control Manager [7034] - The IDriveE Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================


Of course, ANY help appreciated. Oh, I have The Shield 2010 Antivirus and have been unable to run the Update function.
Spencer Gross

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 29 December 2011 - 12:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434001 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 spencerg

spencerg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 29 December 2011 - 04:54 PM

Hello and happy holidays! I am still having a problem: my laptop is running VERY slowly, I was unable to open the Windows Task Manager and my e-mail was hijacked a week ago. I deleted the anti-virus program I was using - Shield Deluxe 2010 and installed Kaspersky. This seems to have sped things up somewhat and I am now able to open the Windows Task Manager. The Kaspersky scan ran so slowly that when it said "2 minutes to completion," it took over two hours, taking several minutes to scan each file. When Kaspersky started up, it said it found an unidentifiable file in QuickTime.
I have been unable to run GMER: I have tried about 6 times and each time it runs for a while, then freezes. I have downloaded it several times from both sources. Kaspersky gave a warning that it was suspicious of the GMER.exe file, but I ran it anyway. I am running Windows XP Professional Tablet version, 5.1.2600 Service Pack 3 Build 2600. And, yes, I have the original Windows CD which came with the laptop.
Attached is the dds.txt I just ran.
Thanks for any help!
Spencer Gross

#4 spencerg

spencerg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 30 December 2011 - 01:42 PM

[I apologize for re-posting my msg from yesterday. I just realized that I was [i]not[/i] supposed to put the dds.txt in an attachment, but was supposed to put it in the body of my msg, which I did below.]

Hello and happy holidays! I am still having a problem: my laptop is running VERY slowly, I was unable to open the Windows Task Manager and my e-mail was hijacked a week ago. I deleted the anti-virus program I was using - Shield Deluxe 2010 and installed Kaspersky. This seems to have sped things up somewhat and I am now able to open the Windows Task Manager. The Kaspersky scan ran so slowly that when it said "2 minutes to completion," it took over two hours, taking several minutes to scan each file. When Kaspersky started up, it said it found an unidentifiable file in QuickTime.
I have been unable to run GMER: I have tried about 6 times and each time it runs for a while, then freezes. I have downloaded it several times from both sources. Kaspersky gave a warning that it was suspicious of the GMER.exe file, but I ran it anyway. I am running Windows XP Professional Tablet version, 5.1.2600 Service Pack 3 Build 2600. And, yes, I have the original Windows CD which came with the laptop.
Below is the dds.txt I just ran.
Thanks for any help!
Spencer Gross

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/23/2007 5:11:29 PM
System Uptime: 12/30/2011 9:45:10 AM (1 hours ago)
.
Motherboard: FUJITSU | | FJNB18E
Processor: Intel® Pentium® M processor 1.60GHz | Onboard | 1599/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 167.891 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_165E&SUBSYS_127910CF&REV_03\4&16793A72&0&60F0
Manufacturer: Broadcom
Name: Broadcom NetXtreme Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_165E&SUBSYS_127910CF&REV_03\4&16793A72&0&60F0
Service: b57w2k
.
==== System Restore Points ===================
.
RP311: 9/29/2011 9:34:23 AM - Installed Sophos confic-a Cleanup Tool.
RP312: 9/29/2011 3:40:33 PM - Unsigned driver install
RP313: 9/29/2011 3:44:29 PM - Printer Driver Kyocera CS-5050 KX Installed
RP314: 10/2/2011 6:01:19 PM - Software Distribution Service 3.0
RP315: 10/4/2011 9:43:56 AM - System Checkpoint
RP316: 10/7/2011 10:24:14 AM - System Checkpoint
RP317: 10/9/2011 12:57:52 AM - System Checkpoint
RP318: 10/11/2011 10:36:47 AM - System Checkpoint
RP319: 10/11/2011 8:59:34 PM - Software Distribution Service 3.0
RP320: 10/12/2011 10:13:27 PM - System Checkpoint
RP321: 10/13/2011 11:03:13 PM - System Checkpoint
RP322: 10/18/2011 6:53:17 PM - System Checkpoint
RP323: 10/19/2011 7:28:49 PM - System Checkpoint
RP324: 10/19/2011 9:36:44 PM - Installed Java™ 6 Update 29
RP325: 10/23/2011 11:33:45 AM - System Checkpoint
RP326: 10/23/2011 9:57:18 PM - Installed Compatibility Pack for the 2007 Office system
RP327: 10/25/2011 3:00:20 AM - Software Distribution Service 3.0
RP328: 10/25/2011 7:45:38 PM - Unsigned driver install
RP329: 10/29/2011 10:37:21 PM - Unsigned driver install
RP330: 10/30/2011 2:59:18 PM - Software Distribution Service 3.0
RP331: 11/21/2011 3:12:34 PM - System Checkpoint
RP332: 11/23/2011 11:39:31 PM - Software Distribution Service 3.0
RP333: 11/25/2011 11:29:14 AM - Unsigned driver install
RP334: 11/26/2011 1:58:37 PM - System Checkpoint
RP335: 11/27/2011 2:59:15 PM - System Checkpoint
RP336: 11/29/2011 9:21:40 PM - System Checkpoint
RP337: 12/2/2011 1:39:13 PM - System Checkpoint
RP338: 12/4/2011 10:52:39 AM - System Checkpoint
RP339: 12/5/2011 11:58:35 AM - System Checkpoint
RP340: 12/9/2011 1:49:32 PM - System Checkpoint
RP341: 12/10/2011 5:04:15 PM - System Checkpoint
RP342: 12/11/2011 7:03:38 PM - System Checkpoint
RP343: 12/12/2011 7:33:15 PM - System Checkpoint
RP344: 12/14/2011 8:39:24 AM - System Checkpoint
RP345: 12/15/2011 9:07:18 AM - Software Distribution Service 3.0
RP346: 12/15/2011 4:56:06 PM - Software Distribution Service 3.0
RP347: 12/15/2011 5:15:13 PM - Software Distribution Service 3.0
RP348: 12/15/2011 6:30:39 PM - Software Distribution Service 3.0
RP349: 12/15/2011 7:19:02 PM - Software Distribution Service 3.0
RP350: 12/15/2011 7:32:52 PM - Software Distribution Service 3.0
RP351: 12/16/2011 3:02:52 AM - Software Distribution Service 3.0
RP352: 12/16/2011 10:58:09 AM - Software Distribution Service 3.0
RP353: 12/16/2011 11:25:04 AM - Software Distribution Service 3.0
RP354: 12/18/2011 12:28:01 AM - System Checkpoint
RP355: 12/20/2011 10:16:08 PM - System Checkpoint
RP356: 12/22/2011 11:58:07 AM - System Checkpoint
RP357: 12/24/2011 11:20:47 AM - System Checkpoint
RP358: 12/25/2011 9:51:25 PM - System Checkpoint
RP359: 12/25/2011 11:27:35 PM - Removed The Shield Deluxe 2010
RP360: 12/25/2011 11:54:31 PM - Installed Kaspersky Internet Security 2012.
RP361: 12/26/2011 3:24:34 PM - Removed QuickTime
RP362: 12/27/2011 4:36:48 PM - System Checkpoint
.
==== Installed Programs ======================
.
4Media iPod to PC Transfer
7-Zip 4.42
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
Audible Download Manager
AVR300 Programmer
BackyardEOS 1.2.0
Bonjour
Brother MFL-Pro Suite MFC-495CW
CDA to MP3 Converter v3.3 build 1228
Compatibility Pack for the 2007 Office system
Crimson Editor (remove only)
Critical Update for Windows Media Player 11 (KB959772)
dBpowerAMP DirectShow Decoder Codec
DivX Converter
DivX Player
DivX Web Player
DriverAgent Plugin for Netscape by TouchStone Software
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.3.0
EasyRecovery Lite
EasyRecovery Professional Trial
emWave
ffdshow [rev 2527] [2008-12-19]
Foxit PDF IFilter
Foxit Reader
Fujitsu Button Driver Component
Fujitsu Button Utilities
Fujitsu Hotkey Utility
Fujitsu Pen Service
GlassFish V2 UR1
GoldWave v5.06
Google Earth
Google Update Helper
Google Updater
GreenPC
Harry Potter and the Order of the Phoenix™
Harry Potter and the Prisoner of Azkaban™
Harry Potter II
HeidiSQL 3.1 RC1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IDrive version 3.4.1 September 30, 2011
ImgBurn
Intel PROSet Wireless
Intel® Extreme Graphics 2 Driver
Intel® PROSet/Wireless WiFi Software
IntelliSonic DX
InterActual Player
Inventory Database for MS Access(Remove only)
iPod Copy Expert 3.1.2
iTunes
iYogi SupportDock 4.0
Java Auto Updater
Java™ 6 Update 29
Java™ 6 Update 4
Java™ 6 Update 5
Java™ SE Development Kit 6 Update 3
Kaspersky Internet Security 2012
Kyocera Product Library
mDriver
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Partial Replica Wizard
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Mozilla Firefox 8.0.1 (x86 en-US)
Mozilla Thunderbird (2.0.0.6)
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MySQL-Front 3.2
NetBeans IDE 6.0.1
O2Micro MemoryCardBus Windows Driver
O2Micro SmartCardBus Windows Driver Installer
OpenOffice.org 2.4
PaperPort Image Printer
PixiePack Codec Pack
Postgres Plus 8.3
Puzzle Game
QuickTime Alternative 2.6.0
R-Studio 3.6
Real Alternative 2.0.2
Replay Media Catcher
Revo Uninstaller Pro 2.2.3
River Past Audio Converter
Ruby-186-27
Safari
Samsung CLX-3160 Series
SAMSUNG USB Driver for Mobile Phones
ScanSoft PaperPort 11
Security Task Manager 1.7h
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sibelius Scorch (Firefox, Opera, Netscape only)
SigmaTel AC97 Audio Drivers
SMSC IrCC V5.1.3600.7
Sophos Anti-Rootkit 1.5.20
Sophos confic-a Cleanup Tool
Spybot - Search & Destroy
StuffIt 11
System Requirements Lab for Intel
Tablet PC Tutorials for Microsoft Windows XP SP2
TotalAudioConverter
Tunebite
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Wireless Software Utility Application for Android - Samsung
WebFldrs XP
Windows Driver Package - Intel (NETw4x32) net (03/13/2008 11.5.1.15)
Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39)
Windows Driver Package - Intel net (03/13/2008 11.5.1.15)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Service Pack 3
WinZip
.
==== Event Viewer Messages From Past Week ========
.
12/29/2011 12:03:10 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
12/29/2011 1:15:16 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
12/29/2011 1:15:16 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/27/2011 10:43:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL
12/24/2011 5:46:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/24/2011 5:46:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/24/2011 11:01:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/23/2011 10:09:10 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
12/23/2011 10:07:11 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: kl1 klif
12/23/2011 10:07:05 AM, error: Service Control Manager [7023] - The Human Interface Device Access service terminated with the following error: The specified module could not be found.
12/23/2011 10:07:05 AM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
12/23/2011 10:07:05 AM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
12/23/2011 10:07:05 AM, error: Service Control Manager [7000] - The BtnHnd service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:17 AM

Posted 31 December 2011 - 11:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

If your download is very slow you can use a good computer and download the files to a CD or flash drive and copy the files to the desktop of the infected computer.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

#6 spencerg

spencerg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 01 January 2012 - 03:08 PM

Hi, nasdaq,
Happy New Year and thank you for taking the time to help me with my problem.

1) I was unable to run aswMBR.exe, or, rather, the program and the whole computer froze each of the four times I ran it. It froze when it reached the file:

C:\WINDOWS\system32\drivers\nv4_mini.sys

Since I couldn't use the Copy function, if it will be helpful, I will hand copy the names of the ~20 files which did get scanned before the program froze. None were flagged as a problem.

2) Here is the log from TDSSKiller, which found no suspicious files:

10:38:52.0690 2824 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
10:38:53.0201 2824 ============================================================
10:38:53.0201 2824 Current date / time: 2012/01/01 10:38:53.0201
10:38:53.0201 2824 SystemInfo:
10:38:53.0201 2824
10:38:53.0201 2824 OS Version: 5.1.2600 ServicePack: 3.0
10:38:53.0201 2824 Product type: Workstation
10:38:53.0201 2824 ComputerName: LIFEBOOK
10:38:53.0201 2824 UserName: Spencer
10:38:53.0201 2824 Windows directory: C:\WINDOWS
10:38:53.0201 2824 System windows directory: C:\WINDOWS
10:38:53.0201 2824 Processor architecture: Intel x86
10:38:53.0201 2824 Number of processors: 1
10:38:53.0201 2824 Page size: 0x1000
10:38:53.0201 2824 Boot type: Normal boot
10:38:53.0201 2824 ============================================================
10:39:14.0451 2824 Initialize success
10:39:22.0172 2572 ============================================================
10:39:22.0172 2572 Scan started
10:39:22.0172 2572 Mode: Manual;
10:39:22.0172 2572 ============================================================
10:39:33.0288 2572 Abiosdsk - ok
10:39:33.0338 2572 abp480n5 - ok
10:39:33.0629 2572 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:39:33.0639 2572 ACPI - ok
10:39:33.0689 2572 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:39:33.0689 2572 ACPIEC - ok
10:39:33.0709 2572 adpu160m - ok
10:39:33.0759 2572 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:39:33.0759 2572 aec - ok
10:39:34.0119 2572 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:39:34.0129 2572 AFD - ok
10:39:34.0240 2572 AgereSoftModem (edcb69e898132ca78659848c3b485b0a) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
10:39:34.0330 2572 AgereSoftModem - ok
10:39:34.0360 2572 Aha154x - ok
10:39:34.0390 2572 aic78u2 - ok
10:39:34.0420 2572 aic78xx - ok
10:39:34.0560 2572 AliIde - ok
10:39:34.0590 2572 amsint - ok
10:39:34.0650 2572 ApfiltrService (27276d9bbd6f5322af18229760634df9) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
10:39:34.0650 2572 ApfiltrService - ok
10:39:34.0740 2572 AR5211 (ba0d4249d42ed6ec04c89d7b53abf065) C:\WINDOWS\system32\DRIVERS\ar5211.sys
10:39:34.0770 2572 AR5211 - ok
10:39:34.0840 2572 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:39:35.0101 2572 Arp1394 - ok
10:39:35.0271 2572 asc - ok
10:39:35.0301 2572 asc3350p - ok
10:39:35.0331 2572 asc3550 - ok
10:39:35.0612 2572 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:39:35.0612 2572 AsyncMac - ok
10:39:35.0682 2572 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:39:35.0682 2572 atapi - ok
10:39:35.0712 2572 Atdisk - ok
10:39:35.0772 2572 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:39:35.0772 2572 Atmarpc - ok
10:39:35.0872 2572 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:39:35.0872 2572 audstub - ok
10:39:36.0132 2572 b57w2k (3f09ac7cbef693554092664deef9ad00) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
10:39:36.0152 2572 b57w2k - ok
10:39:36.0222 2572 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:39:36.0222 2572 Beep - ok
10:39:36.0383 2572 BtnHnd - ok
10:39:36.0743 2572 catchme - ok
10:39:36.0853 2572 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:39:36.0883 2572 cbidf2k - ok
10:39:36.0933 2572 cd20xrnt - ok
10:39:37.0214 2572 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:39:37.0224 2572 Cdaudio - ok
10:39:37.0735 2572 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:39:37.0755 2572 Cdfs - ok
10:39:38.0386 2572 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:39:38.0446 2572 Cdrom - ok
10:39:38.0506 2572 Changer - ok
10:39:38.0756 2572 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:39:38.0756 2572 CmBatt - ok
10:39:38.0786 2572 CmdIde - ok
10:39:38.0846 2572 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:39:38.0856 2572 Compbatt - ok
10:39:39.0006 2572 CONAN (0d4905aa2c08e373abe3b018f7826e96) C:\WINDOWS\system32\drivers\o2mmb.sys
10:39:39.0036 2572 CONAN - ok
10:39:39.0087 2572 Cpqarray - ok
10:39:39.0347 2572 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
10:39:39.0357 2572 cpudrv - ok
10:39:39.0397 2572 dac2w2k - ok
10:39:39.0417 2572 dac960nt - ok
10:39:39.0497 2572 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
10:39:39.0497 2572 DgiVecp - ok
10:39:39.0587 2572 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:39:39.0828 2572 Disk - ok
10:39:39.0918 2572 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:39:39.0948 2572 dmboot - ok
10:39:39.0998 2572 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:39:40.0008 2572 dmio - ok
10:39:40.0038 2572 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:39:40.0038 2572 dmload - ok
10:39:40.0118 2572 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:39:40.0118 2572 DMusic - ok
10:39:40.0539 2572 dpti2o - ok
10:39:41.0109 2572 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:39:41.0170 2572 drmkaud - ok
10:39:42.0151 2572 DX02 (0567351701b5ecc9e1c1cd36da6685f8) C:\WINDOWS\system32\drivers\dx02.sys
10:39:42.0191 2572 DX02 - ok
10:39:42.0471 2572 FarStoneFireWallDrive - ok
10:39:42.0582 2572 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:39:42.0592 2572 Fastfat - ok
10:39:42.0672 2572 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:39:42.0672 2572 Fdc - ok
10:39:43.0213 2572 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:39:43.0213 2572 Fips - ok
10:39:43.0653 2572 Fjbtndrv (589b339237147c1d5058bd5e21f04fee) C:\WINDOWS\system32\DRIVERS\Fjbtndrv.sys
10:39:43.0673 2572 Fjbtndrv - ok
10:39:43.0723 2572 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:39:43.0723 2572 Flpydisk - ok
10:39:44.0214 2572 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:39:44.0274 2572 FltMgr - ok
10:39:44.0625 2572 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:39:44.0625 2572 Fs_Rec - ok
10:39:44.0785 2572 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:39:44.0805 2572 Ftdisk - ok
10:39:45.0686 2572 FUJ02B1 (00845dcd64fe6348ddf7890c310c17b9) C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys
10:39:45.0706 2572 FUJ02B1 - ok
10:39:45.0766 2572 FUJ02E1 (4aa9db198679cbc97c322393735baf08) C:\WINDOWS\system32\Drivers\FUJ02E1.sys
10:39:45.0786 2572 FUJ02E1 - ok
10:39:46.0357 2572 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
10:39:46.0357 2572 GEARAspiWDM - ok
10:39:46.0698 2572 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:39:46.0718 2572 Gpc - ok
10:39:46.0908 2572 hidpen (9dd539f435110b2e8fc69e3676e30b34) C:\WINDOWS\system32\DRIVERS\hidpen.sys
10:39:47.0298 2572 hidpen - ok
10:39:48.0941 2572 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:39:49.0201 2572 HidUsb - ok
10:39:51.0464 2572 hpn - ok
10:39:54.0098 2572 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:39:54.0499 2572 HTTP - ok
10:39:54.0539 2572 i2omgmt - ok
10:39:54.0579 2572 i2omp - ok
10:39:55.0029 2572 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:39:55.0440 2572 i8042prt - ok
10:39:56.0201 2572 ialm (da91f5385cfc8ba0f110f2fde112b563) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:39:56.0672 2572 ialm - ok
10:39:58.0735 2572 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:39:58.0785 2572 Imapi - ok
10:39:59.0676 2572 ini910u - ok
10:40:00.0197 2572 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:40:00.0227 2572 IntelIde - ok
10:40:00.0748 2572 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:40:00.0748 2572 intelppm - ok
10:40:00.0798 2572 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:40:00.0798 2572 Ip6Fw - ok
10:40:00.0858 2572 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:40:00.0858 2572 IpFilterDriver - ok
10:40:01.0299 2572 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:40:01.0319 2572 IpInIp - ok
10:40:01.0759 2572 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:40:01.0769 2572 IpNat - ok
10:40:01.0809 2572 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:40:01.0809 2572 IPSec - ok
10:40:01.0849 2572 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
10:40:01.0849 2572 irda - ok
10:40:02.0340 2572 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:40:02.0360 2572 IRENUM - ok
10:40:02.0881 2572 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:40:02.0911 2572 isapnp - ok
10:40:03.0912 2572 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:40:04.0002 2572 Kbdclass - ok
10:40:05.0444 2572 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:40:05.0475 2572 kbdhid - ok
10:40:06.0586 2572 kl1 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\drivers\kl1.sys
10:40:06.0596 2572 kl1 - ok
10:40:06.0846 2572 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\WINDOWS\system32\DRIVERS\kl2.sys
10:40:06.0857 2572 kl2 - ok
10:40:07.0047 2572 klif (5d92a03045a6a98708975b3d77b39a36) C:\WINDOWS\system32\DRIVERS\klif.sys
10:40:07.0057 2572 klif - ok
10:40:07.0137 2572 klim5 (96a7ec308a93da26dfe481308baac2a2) C:\WINDOWS\system32\DRIVERS\klim5.sys
10:40:07.0137 2572 klim5 - ok
10:40:07.0367 2572 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
10:40:07.0367 2572 klmouflt - ok
10:40:07.0427 2572 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:40:07.0437 2572 kmixer - ok
10:40:07.0517 2572 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:40:07.0517 2572 KSecDD - ok
10:40:07.0558 2572 lbrtfdc - ok
10:40:07.0668 2572 MbxStby (c5d77b47f413eb62d41e523e2b4700e2) C:\WINDOWS\system32\drivers\MbxStby.sys
10:40:07.0898 2572 MbxStby - ok
10:40:08.0088 2572 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:40:08.0098 2572 mnmdd - ok
10:40:08.0188 2572 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:40:08.0198 2572 Modem - ok
10:40:08.0429 2572 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:40:08.0449 2572 Mouclass - ok
10:40:08.0509 2572 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:40:08.0529 2572 mouhid - ok
10:40:08.0579 2572 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:40:08.0599 2572 MountMgr - ok
10:40:08.0639 2572 mraid35x - ok
10:40:08.0950 2572 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:40:08.0990 2572 MRxDAV - ok
10:40:09.0250 2572 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:40:09.0620 2572 MRxSmb - ok
10:40:09.0671 2572 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:40:09.0671 2572 Msfs - ok
10:40:09.0741 2572 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:40:09.0741 2572 MSKSSRV - ok
10:40:09.0961 2572 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:40:09.0981 2572 MSPCLOCK - ok
10:40:10.0131 2572 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:40:10.0141 2572 MSPQM - ok
10:40:10.0201 2572 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:40:10.0201 2572 mssmbios - ok
10:40:10.0512 2572 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:40:10.0512 2572 Mup - ok
10:40:10.0582 2572 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:40:10.0592 2572 NDIS - ok
10:40:10.0682 2572 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:40:10.0682 2572 NdisTapi - ok
10:40:10.0762 2572 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:40:10.0772 2572 Ndisuio - ok
10:40:11.0193 2572 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:40:11.0203 2572 NdisWan - ok
10:40:11.0283 2572 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:40:11.0283 2572 NDProxy - ok
10:40:11.0523 2572 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:40:11.0523 2572 NetBIOS - ok
10:40:11.0593 2572 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:40:11.0623 2572 NetBT - ok
10:40:11.0724 2572 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:40:11.0724 2572 NIC1394 - ok
10:40:11.0754 2572 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:40:11.0764 2572 Npfs - ok
10:40:12.0144 2572 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:40:12.0585 2572 Ntfs - ok
10:40:12.0695 2572 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:40:12.0715 2572 Null - ok
10:40:12.0765 2572 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:40:12.0765 2572 NwlnkFlt - ok
10:40:12.0825 2572 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:40:12.0845 2572 NwlnkFwd - ok
10:40:13.0156 2572 O2SCBUS (dd3764730845a74a7fc1021148803fdd) C:\WINDOWS\system32\DRIVERS\ozscr.sys
10:40:13.0206 2572 O2SCBUS - ok
10:40:13.0286 2572 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:40:13.0316 2572 ohci1394 - ok
10:40:13.0386 2572 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
10:40:13.0606 2572 Parport - ok
10:40:13.0666 2572 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:40:13.0666 2572 PartMgr - ok
10:40:13.0746 2572 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:40:13.0746 2572 ParVdm - ok
10:40:13.0786 2572 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:40:13.0786 2572 PCI - ok
10:40:13.0817 2572 PCIDump - ok
10:40:13.0877 2572 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:40:13.0887 2572 PCIIde - ok
10:40:14.0267 2572 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:40:14.0317 2572 Pcmcia - ok
10:40:14.0748 2572 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
10:40:14.0778 2572 pcouffin - ok
10:40:14.0808 2572 PDCOMP - ok
10:40:14.0838 2572 PDFRAME - ok
10:40:14.0868 2572 PDRELI - ok
10:40:14.0908 2572 PDRFRAME - ok
10:40:15.0219 2572 perc2 - ok
10:40:15.0339 2572 perc2hib - ok
10:40:15.0679 2572 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:40:15.0689 2572 PptpMiniport - ok
10:40:15.0749 2572 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:40:15.0749 2572 PSched - ok
10:40:15.0789 2572 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:40:15.0799 2572 Ptilink - ok
10:40:15.0869 2572 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:40:15.0900 2572 PxHelp20 - ok
10:40:15.0940 2572 ql1080 - ok
10:40:16.0370 2572 Ql10wnt - ok
10:40:16.0400 2572 ql12160 - ok
10:40:16.0430 2572 ql1240 - ok
10:40:16.0460 2572 ql1280 - ok
10:40:16.0721 2572 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:40:16.0721 2572 RasAcd - ok
10:40:16.0811 2572 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
10:40:16.0831 2572 Rasirda - ok
10:40:16.0891 2572 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:40:16.0891 2572 Rasl2tp - ok
10:40:17.0271 2572 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:40:17.0302 2572 RasPppoe - ok
10:40:18.0313 2572 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:40:18.0363 2572 Raspti - ok
10:40:19.0515 2572 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:40:19.0515 2572 Rdbss - ok
10:40:19.0605 2572 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:40:19.0625 2572 RDPCDD - ok
10:40:19.0885 2572 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:40:19.0895 2572 rdpdr - ok
10:40:20.0406 2572 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:40:20.0436 2572 RDPWD - ok
10:40:20.0556 2572 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:40:20.0556 2572 redbook - ok
10:40:20.0646 2572 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
10:40:20.0656 2572 Revoflt - ok
10:40:20.0887 2572 RRNetCap (fceae318066198c162d2176ec2975ace) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
10:40:20.0887 2572 RRNetCap - ok
10:40:20.0897 2572 RRNetCapMP (fceae318066198c162d2176ec2975ace) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
10:40:20.0897 2572 RRNetCapMP - ok
10:40:21.0417 2572 s24trans (2bc0b847cbcfe62a79b18ce0b440334d) C:\WINDOWS\system32\DRIVERS\s24trans.sys
10:40:21.0478 2572 s24trans - ok
10:40:21.0678 2572 SABProcEnum - ok
10:40:22.0058 2572 SASKUTIL - ok
10:40:22.0479 2572 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:40:22.0479 2572 Secdrv - ok
10:40:22.0559 2572 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:40:22.0569 2572 Serenum - ok
10:40:22.0619 2572 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:40:22.0649 2572 Serial - ok
10:40:22.0739 2572 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
10:40:22.0960 2572 Sfloppy - ok
10:40:23.0520 2572 Simbad - ok
10:40:23.0581 2572 SMCIRDA (62556d170f22c43a544481e4ee16d2e2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
10:40:23.0581 2572 SMCIRDA - ok
10:40:23.0621 2572 Sparrow - ok
10:40:23.0701 2572 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:40:23.0701 2572 splitter - ok
10:40:23.0981 2572 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:40:24.0111 2572 sr - ok
10:40:24.0622 2572 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:40:24.0632 2572 Srv - ok
10:40:24.0712 2572 SSPORT - ok
10:40:24.0792 2572 STAC97 (243a7e7eb95257dfaa9a449a4df358e2) C:\WINDOWS\system32\drivers\stac97.sys
10:40:24.0802 2572 STAC97 - ok
10:40:25.0123 2572 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
10:40:25.0143 2572 StillCam - ok
10:40:25.0634 2572 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:40:25.0664 2572 swenum - ok
10:40:25.0724 2572 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:40:25.0734 2572 swmidi - ok
10:40:25.0784 2572 symc810 - ok
10:40:25.0834 2572 symc8xx - ok
10:40:26.0274 2572 sym_hi - ok
10:40:26.0665 2572 sym_u3 - ok
10:40:26.0755 2572 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:40:26.0755 2572 sysaudio - ok
10:40:26.0855 2572 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
10:40:26.0855 2572 tbhsd - ok
10:40:27.0336 2572 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:40:27.0346 2572 Tcpip - ok
10:40:27.0606 2572 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:40:27.0616 2572 TDPIPE - ok
10:40:27.0656 2572 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:40:27.0666 2572 TDTCP - ok
10:40:27.0747 2572 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:40:27.0747 2572 TermDD - ok
10:40:27.0807 2572 TosIde - ok
10:40:27.0887 2572 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\drivers\TVICHW32.sys
10:40:27.0887 2572 TVICHW32 - ok
10:40:28.0678 2572 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:40:28.0678 2572 Udfs - ok
10:40:28.0718 2572 ultra - ok
10:40:28.0848 2572 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:40:28.0858 2572 Update - ok
10:40:29.0149 2572 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:40:29.0189 2572 USBAAPL - ok
10:40:29.0769 2572 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:40:29.0799 2572 usbccgp - ok
10:40:30.0380 2572 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:40:30.0400 2572 usbehci - ok
10:40:30.0490 2572 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:40:30.0501 2572 usbhub - ok
10:40:30.0741 2572 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:40:30.0761 2572 usbscan - ok
10:40:30.0831 2572 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:40:30.0831 2572 usbstor - ok
10:40:30.0921 2572 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:40:30.0941 2572 usbuhci - ok
10:40:31.0412 2572 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:40:31.0422 2572 VgaSave - ok
10:40:31.0452 2572 ViaIde - ok
10:40:31.0502 2572 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:40:31.0512 2572 VolSnap - ok
10:40:32.0533 2572 w22n51 (ec606db5388c3bffdc254b1fc9e0fbba) C:\WINDOWS\system32\DRIVERS\w22n51.sys
10:40:34.0687 2572 w22n51 - ok
10:40:36.0830 2572 w29n51 (68eb5bc07781a36a63633541c11e1ad6) C:\WINDOWS\system32\DRIVERS\w29n51.sys
10:40:37.0340 2572 w29n51 - ok
10:40:37.0651 2572 WacomPen (aced8c149b30f8496c237bcba3727b48) C:\WINDOWS\system32\DRIVERS\wacompen.sys
10:40:37.0661 2572 WacomPen - ok
10:40:37.0771 2572 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:40:37.0771 2572 Wanarp - ok
10:40:37.0811 2572 WDICA - ok
10:40:38.0172 2572 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:40:38.0182 2572 wdmaud - ok
10:40:38.0562 2572 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:40:38.0572 2572 WS2IFSL - ok
10:40:38.0652 2572 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:40:38.0652 2572 WudfPf - ok
10:40:38.0682 2572 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:40:38.0682 2572 WudfRd - ok
10:40:38.0762 2572 {6080A529-897E-4629-A488-ABA0C29B635E} (5a5749d1b68bd321a6df6c2589879908) C:\WINDOWS\system32\drivers\ialmsbw.sys
10:40:38.0762 2572 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
10:40:38.0853 2572 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (11d6d2eb80ccb2f676b7a9a84d74c6ae) C:\WINDOWS\system32\drivers\ialmkchw.sys
10:40:39.0113 2572 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
10:40:39.0363 2572 {E6759E0C-470B-44DC-A4A1-627E68BB3A85} (e13f355e70358d0757a7f6edfece7bb8) C:\WINDOWS\system32\drivers\A302.sys
10:40:39.0363 2572 {E6759E0C-470B-44DC-A4A1-627E68BB3A85} - ok
10:40:39.0604 2572 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
10:40:39.0824 2572 \Device\Harddisk0\DR0 - ok
10:40:39.0834 2572 Boot (0x1200) (41be0bc6d82658947418f7b3891d9632) \Device\Harddisk0\DR0\Partition0
10:40:39.0844 2572 \Device\Harddisk0\DR0\Partition0 - ok
10:40:39.0844 2572 ============================================================
10:40:39.0844 2572 Scan finished
10:40:39.0844 2572 ============================================================
10:40:39.0874 3696 Detected object count: 0
10:40:39.0874 3696 Actual detected object count: 0

3) Right before you responded, 1)I had just received e-mail from several people in my Yahoo account address book stating they had just received a second round of hijacked e-mail from me, and 2) I downloaded and ran Trend Rootkit Buster. I didn't act on the results, however, i.e. I didn't try to Fix anything. Here is the log from that:

+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 5.0.0.1041
| Computer Name: LIFEBOOK
| User Name: Spencer
+----------------------------------------------------


--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
MBR unsupported disk type
[HIDDEN_FILE]:
FullPath : C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_17274\Plugins\emalware.i63
FullPathLength: 103
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_17274\Plugins\emalware.i64
FullPathLength: 103
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_17274\Plugins\emalware.i65
FullPathLength: 103
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_17274\Plugins\emalware.i66
FullPathLength: 103
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_17274\Plugins\emalware.i67
FullPathLength: 103
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_17274\Plugins\emalware.i68
FullPathLength: 103
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_17274\Plugins\emalware.i69
FullPathLength: 103
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_17274\Plugins\emalware.i70
FullPathLength: 103
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_17274\Plugins\emalware.i71
FullPathLength: 103
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_17274\Plugins\emalware.i72
FullPathLength: 103
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Threat Scanner\av32bit_26748\Plugins\e_spyw.i39
FullPathLength: 113
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
11 hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
[HIDDEN_REGISTRY][Hidden Reg Key]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data
SubKey : Data
FullLength: 0x5c
[HIDDEN_REGISTRY][Hidden Reg Key]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
SubKey : Data 2
FullLength: 0x5e
2 hidden registry entries found.


--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

--== Service Win32 API Hook List ==--
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8059b554
CurrentHandler : 0xb1845fba
ServiceNumber : 0xb
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80567aed
CurrentHandler : 0xb18468b4
ServiceNumber : 0x19
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8059110b
CurrentHandler : 0xb185faee
ServiceNumber : 0x1f
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80570022
CurrentHandler : 0xb1846e26
ServiceNumber : 0x23
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x805775c8
CurrentHandler : 0xb1846d14
ServiceNumber : 0x2b
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x805893c7
CurrentHandler : 0xb185fe06
ServiceNumber : 0x2e
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x805b1bea
CurrentHandler : 0xb1847056
ServiceNumber : 0x2f
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8058124c
CurrentHandler : 0xb184721e
ServiceNumber : 0x30
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80565333
CurrentHandler : 0xb1845d76
ServiceNumber : 0x32
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8057b80d
CurrentHandler : 0xb1846f3e
ServiceNumber : 0x33
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80578803
CurrentHandler : 0xb18465e6
ServiceNumber : 0x35
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x805db3e4
CurrentHandler : 0xb185fece
ServiceNumber : 0x38
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8065bf7d
CurrentHandler : 0xb184753c
ServiceNumber : 0x39
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80597ffa
CurrentHandler : 0xb185a084
ServiceNumber : 0x3f
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80595c1a
CurrentHandler : 0xb185b88e
ServiceNumber : 0x41
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x805795b9
CurrentHandler : 0xb18468f6
ServiceNumber : 0x42
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x805748c2
CurrentHandler : 0xb184853c
ServiceNumber : 0x44
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80573e7d
CurrentHandler : 0xb185b088
ServiceNumber : 0x47
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8057fb2b
CurrentHandler : 0xb185ba38
ServiceNumber : 0x49
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x805a425d
CurrentHandler : 0xb184762e
ServiceNumber : 0x61
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x805af5c3
CurrentHandler : 0xb185abc0
ServiceNumber : 0x62
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x805af400
CurrentHandler : 0xb185ae1c
ServiceNumber : 0x63
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8057ac99
CurrentHandler : 0xb1847b9a
ServiceNumber : 0x6c
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80593faa
CurrentHandler : 0xb185e30a
ServiceNumber : 0x6f
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8057fc98
CurrentHandler : 0xb1846eb8
ServiceNumber : 0x72
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80577676
CurrentHandler : 0xb1846da0
ServiceNumber : 0x78
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80574aa9
CurrentHandler : 0xb18461f4
ServiceNumber : 0x7a
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8056e467
CurrentHandler : 0xb184797e
ServiceNumber : 0x7d
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x805dd9ac
CurrentHandler : 0xb1846fd0
ServiceNumber : 0x7e
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8059323b
CurrentHandler : 0xb18460e8
ServiceNumber : 0x80
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80573b86
CurrentHandler : 0xb1859eb8
ServiceNumber : 0xa0
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8064f0a7
CurrentHandler : 0xb185b698
ServiceNumber : 0xa1
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80580a94
CurrentHandler : 0xb185e500
ServiceNumber : 0xa3
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8057ee6e
CurrentHandler : 0xb1847ec0
ServiceNumber : 0xa7
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8056a419
CurrentHandler : 0xb185b488
ServiceNumber : 0xb1
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8058f954
CurrentHandler : 0xb18477ce
ServiceNumber : 0xb4
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8064f526
CurrentHandler : 0xb185a198
ServiceNumber : 0xc0
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8064fe82
CurrentHandler : 0xb185a80c
ServiceNumber : 0xc1
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8057e67c
CurrentHandler : 0xb1860048
ServiceNumber : 0xc2
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8056bc24
CurrentHandler : 0xb185ff96
ServiceNumber : 0xc3
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8056dc86
CurrentHandler : 0xb18600b4
ServiceNumber : 0xc8
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8064fa19
CurrentHandler : 0xb185aa14
ServiceNumber : 0xcc
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80578e76
CurrentHandler : 0xb18483de
ServiceNumber : 0xce
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8064fb1a
CurrentHandler : 0xb185a33e
ServiceNumber : 0xcf
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8064fc05
CurrentHandler : 0xb185a4d4
ServiceNumber : 0xd0
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8064fd32
CurrentHandler : 0xb185a670
ServiceNumber : 0xd1
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80599040
CurrentHandler : 0xb185fc76
ServiceNumber : 0xd2
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8062e33f
CurrentHandler : 0xb1846756
ServiceNumber : 0xd5
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x805a8e5c
CurrentHandler : 0xb18473e8
ServiceNumber : 0xe6
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x805a8349
CurrentHandler : 0xb1848010
ServiceNumber : 0xf0
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8057bc5b
CurrentHandler : 0xb185b248
ServiceNumber : 0xf7
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8062ff21
CurrentHandler : 0xb1848104
ServiceNumber : 0xfd
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x805e05ab
CurrentHandler : 0xb184823e
ServiceNumber : 0xfe
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8064aa57
CurrentHandler : 0xb184745e
ServiceNumber : 0xff
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x805839b9
CurrentHandler : 0xb1846392
ServiceNumber : 0x101
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80577f1f
CurrentHandler : 0xb18462ea
ServiceNumber : 0x102
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8057a81e
CurrentHandler : 0xb1847d78
ServiceNumber : 0x10b
ModuleName : k
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8057f712
CurrentHandler : 0xb184647c
ServiceNumber : 0x115
ModuleName : k
SDTType : 0x0
No hidden operating system service hooks found.

--== Dump Hidden Port ==--
No hidden ports found.

--== Dump Kernel Code Patching ==--
No kernel code patching detected.

--== Dump Hidden Services ==--
No hidden services found.

Any help appreciated! Sincerely,
Spencer Gross

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:17 AM

Posted 07 January 2012 - 10:45 AM

I apologize for this late reply. I missed you post.

If you still need help please let me know what problem persists.

#8 spencerg

spencerg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 08 January 2012 - 03:14 PM

Hi, nasdaq,

Thanks for the response. Yes, I still seem to be having problems. My computer is still running really slowly. Since I last replied, I ran the AVG Rootkit scan, which indicated problems in two sys files:
;"C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS";"IRP hook, \Driver\Disk IRP_MJ_SYSTEM_CONTROL -> CLASSPNP.SYS ClassInitialize+0x666";"Object is white-listed (critical/system file that should not be removed)"
;"C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS";"IRP hook, \Driver\Disk IRP_MJ_PNP -> CLASSPNP.SYS ClassDebugPrint+0x6FB";"Object is white-listed (critical/system file that should not be removed)"
;"C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS";"IRP hook, \Driver\PCIIde IRP_MJ_PNP -> PCIIDEX.SYS PciIdeXDebugPrint+0x2D80";"Object is white-listed (critical/system file that should not be removed)"
;"C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS";"IRP hook, \Driver\IntelIde IRP_MJ_PNP -> PCIIDEX.SYS PciIdeXDebugPrint+0x2D80";"Object is white-listed (critical/system file that should not be removed)"

I replaced those two drivers by hooking up an old drive copy, deleting the drivers from my current drive and copying them from the old drive. This seems to have had two results: 1) I reran AVGRootkit scan and that seems to have taken care of that, i.e. the scan came up clean. 2) I was now able to run aswMBR.exe.

So, I have attached that scan report and re-ran TDSSKiller. The aswMBR came up with two "suspicious" modules.

aswMBR:

aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2012-01-08 09:48:31
-----------------------------
09:48:31.844 OS Version: Windows 5.1.2600 Service Pack 3
09:48:31.844 Number of processors: 1 586 0xD06
09:48:31.844 ComputerName: LIFEBOOK UserName: Spencer
09:48:42.509 Initialize success
09:49:09.208 AVAST engine defs: 12010701
09:49:42.626 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:49:42.626 Disk 0 Vendor: WDC_WD2500BEVE-00A0HT0 11.01A11 Size: 238475MB BusType: 3
09:49:42.656 Disk 0 MBR read successfully
09:49:42.656 Disk 0 MBR scan
09:49:42.686 Disk 0 unknown MBR code
09:49:42.686 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63
09:49:42.736 Disk 0 scanning sectors +488392065
09:49:42.786 Disk 0 scanning C:\WINDOWS\system32\drivers
09:50:29.083 Service scanning
09:50:30.775 Modules scanning
09:50:36.443 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
09:50:38.677 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
09:50:38.687 Disk 0 trace - called modules:
09:50:39.117 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
09:50:39.117 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6b41f0]
09:50:39.117 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000008a[0x8a63b210]
09:50:39.127 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a667940]
09:50:40.459 AVAST engine scan C:\WINDOWS
09:51:05.014 AVAST engine scan C:\WINDOWS\system32
09:57:42.025 AVAST engine scan C:\WINDOWS\system32\drivers
09:58:23.184 AVAST engine scan C:\Documents and Settings\TEMP.LIFEBOOK
10:04:08.551 AVAST engine scan C:\Documents and Settings\All Users
10:07:25.554 Scan finished successfully
11:42:33.272 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TEMP.LIFEBOOK\Desktop\MBR.dat"
11:42:33.282 The log file has been saved successfully to "C:\Documents and Settings\TEMP.LIFEBOOK\Desktop\aswMBR.txt"


TDSSKiller:

11:44:14.0187 4428 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
11:44:14.0968 4428 ============================================================
11:44:14.0968 4428 Current date / time: 2012/01/08 11:44:14.0968
11:44:14.0968 4428 SystemInfo:
11:44:14.0968 4428
11:44:14.0968 4428 OS Version: 5.1.2600 ServicePack: 3.0
11:44:14.0968 4428 Product type: Workstation
11:44:14.0968 4428 ComputerName: LIFEBOOK
11:44:14.0968 4428 UserName: Spencer
11:44:14.0968 4428 Windows directory: C:\WINDOWS
11:44:14.0968 4428 System windows directory: C:\WINDOWS
11:44:14.0968 4428 Processor architecture: Intel x86
11:44:14.0968 4428 Number of processors: 1
11:44:14.0968 4428 Page size: 0x1000
11:44:14.0968 4428 Boot type: Normal boot
11:44:14.0968 4428 ============================================================
11:44:19.0655 4428 Initialize success
11:44:21.0778 0580 ============================================================
11:44:21.0778 0580 Scan started
11:44:21.0778 0580 Mode: Manual;
11:44:21.0778 0580 ============================================================
11:44:28.0658 0580 Abiosdsk - ok
11:44:28.0778 0580 abp480n5 - ok
11:44:28.0848 0580 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:44:28.0858 0580 ACPI - ok
11:44:28.0908 0580 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:44:28.0908 0580 ACPIEC - ok
11:44:28.0928 0580 adpu160m - ok
11:44:29.0188 0580 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:44:29.0198 0580 aec - ok
11:44:29.0278 0580 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:44:29.0278 0580 AFD - ok
11:44:29.0399 0580 AgereSoftModem (edcb69e898132ca78659848c3b485b0a) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
11:44:29.0439 0580 AgereSoftModem - ok
11:44:29.0479 0580 Aha154x - ok
11:44:29.0519 0580 aic78u2 - ok
11:44:29.0539 0580 aic78xx - ok
11:44:29.0589 0580 AliIde - ok
11:44:29.0619 0580 amsint - ok
11:44:29.0779 0580 ApfiltrService (27276d9bbd6f5322af18229760634df9) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
11:44:29.0789 0580 ApfiltrService - ok
11:44:29.0869 0580 AR5211 (ba0d4249d42ed6ec04c89d7b53abf065) C:\WINDOWS\system32\DRIVERS\ar5211.sys
11:44:29.0899 0580 AR5211 - ok
11:44:29.0959 0580 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:44:29.0959 0580 Arp1394 - ok
11:44:29.0999 0580 asc - ok
11:44:30.0210 0580 asc3350p - ok
11:44:30.0240 0580 asc3550 - ok
11:44:30.0330 0580 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:44:30.0330 0580 AsyncMac - ok
11:44:30.0380 0580 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:44:30.0390 0580 atapi - ok
11:44:30.0410 0580 Atdisk - ok
11:44:30.0470 0580 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:44:30.0470 0580 Atmarpc - ok
11:44:30.0811 0580 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:44:30.0811 0580 audstub - ok
11:44:30.0901 0580 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
11:44:30.0911 0580 AVGIDSDriver - ok
11:44:30.0961 0580 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
11:44:30.0961 0580 AVGIDSEH - ok
11:44:31.0001 0580 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
11:44:31.0001 0580 AVGIDSFilter - ok
11:44:31.0321 0580 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
11:44:31.0321 0580 AVGIDSShim - ok
11:44:31.0381 0580 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
11:44:31.0391 0580 Avgldx86 - ok
11:44:31.0422 0580 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
11:44:31.0432 0580 Avgmfx86 - ok
11:44:31.0462 0580 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
11:44:31.0462 0580 Avgrkx86 - ok
11:44:31.0862 0580 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
11:44:31.0982 0580 Avgtdix - ok
11:44:32.0964 0580 b57w2k (3f09ac7cbef693554092664deef9ad00) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:44:32.0974 0580 b57w2k - ok
11:44:33.0114 0580 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:44:33.0124 0580 Beep - ok
11:44:33.0184 0580 bioschk (a27675a96df7c619b606a2aa2dcc8ba0) C:\WINDOWS\system32\Drivers\bioschk.sys
11:44:33.0184 0580 bioschk - ok
11:44:33.0334 0580 BtnHnd - ok
11:44:33.0525 0580 catchme - ok
11:44:33.0585 0580 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:44:33.0585 0580 cbidf2k - ok
11:44:33.0615 0580 cd20xrnt - ok
11:44:33.0685 0580 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:44:33.0685 0580 Cdaudio - ok
11:44:33.0825 0580 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:44:33.0835 0580 Cdfs - ok
11:44:33.0915 0580 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:44:33.0915 0580 Cdrom - ok
11:44:33.0945 0580 Changer - ok
11:44:34.0065 0580 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:44:34.0095 0580 CmBatt - ok
11:44:34.0115 0580 CmdIde - ok
11:44:34.0125 0580 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:44:34.0135 0580 Compbatt - ok
11:44:34.0196 0580 CONAN (0d4905aa2c08e373abe3b018f7826e96) C:\WINDOWS\system32\drivers\o2mmb.sys
11:44:34.0206 0580 CONAN - ok
11:44:34.0236 0580 Cpqarray - ok
11:44:34.0346 0580 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
11:44:34.0346 0580 cpudrv - ok
11:44:34.0366 0580 dac2w2k - ok
11:44:34.0386 0580 dac960nt - ok
11:44:34.0456 0580 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
11:44:34.0486 0580 DgiVecp - ok
11:44:34.0526 0580 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:44:34.0526 0580 Disk - ok
11:44:34.0586 0580 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:44:34.0616 0580 dmboot - ok
11:44:34.0646 0580 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:44:34.0656 0580 dmio - ok
11:44:34.0796 0580 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:44:34.0796 0580 dmload - ok
11:44:34.0887 0580 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:44:34.0887 0580 DMusic - ok
11:44:34.0927 0580 dpti2o - ok
11:44:34.0967 0580 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:44:34.0967 0580 drmkaud - ok
11:44:35.0047 0580 DX02 (0567351701b5ecc9e1c1cd36da6685f8) C:\WINDOWS\system32\drivers\dx02.sys
11:44:35.0047 0580 DX02 - ok
11:44:35.0117 0580 FarStoneFireWallDrive - ok
11:44:35.0187 0580 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:44:35.0197 0580 Fastfat - ok
11:44:35.0247 0580 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:44:35.0247 0580 Fdc - ok
11:44:35.0337 0580 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:44:35.0337 0580 Fips - ok
11:44:35.0407 0580 Fjbtndrv (589b339237147c1d5058bd5e21f04fee) C:\WINDOWS\system32\DRIVERS\Fjbtndrv.sys
11:44:35.0407 0580 Fjbtndrv - ok
11:44:35.0437 0580 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:44:35.0447 0580 Flpydisk - ok
11:44:35.0527 0580 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:44:35.0527 0580 FltMgr - ok
11:44:35.0598 0580 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:44:35.0598 0580 Fs_Rec - ok
11:44:35.0638 0580 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:44:35.0638 0580 Ftdisk - ok
11:44:35.0748 0580 FUJ02B1 (00845dcd64fe6348ddf7890c310c17b9) C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys
11:44:35.0748 0580 FUJ02B1 - ok
11:44:35.0798 0580 FUJ02E1 (4aa9db198679cbc97c322393735baf08) C:\WINDOWS\system32\Drivers\FUJ02E1.sys
11:44:35.0798 0580 FUJ02E1 - ok
11:44:35.0838 0580 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
11:44:35.0838 0580 GEARAspiWDM - ok
11:44:35.0908 0580 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:44:35.0908 0580 Gpc - ok
11:44:36.0008 0580 hidpen (9dd539f435110b2e8fc69e3676e30b34) C:\WINDOWS\system32\DRIVERS\hidpen.sys
11:44:36.0008 0580 hidpen - ok
11:44:36.0088 0580 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:44:36.0098 0580 HidUsb - ok
11:44:36.0128 0580 hpn - ok
11:44:36.0208 0580 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:44:36.0218 0580 HTTP - ok
11:44:36.0279 0580 i2omgmt - ok
11:44:36.0309 0580 i2omp - ok
11:44:36.0359 0580 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:44:36.0359 0580 i8042prt - ok
11:44:36.0499 0580 ialm (da91f5385cfc8ba0f110f2fde112b563) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:44:36.0569 0580 ialm - ok
11:44:36.0669 0580 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:44:36.0669 0580 Imapi - ok
11:44:36.0759 0580 ini910u - ok
11:44:36.0809 0580 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:44:36.0809 0580 IntelIde - ok
11:44:36.0899 0580 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:44:36.0909 0580 intelppm - ok
11:44:36.0980 0580 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:44:36.0980 0580 Ip6Fw - ok
11:44:37.0100 0580 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:44:37.0110 0580 IpFilterDriver - ok
11:44:37.0220 0580 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:44:37.0220 0580 IpInIp - ok
11:44:37.0290 0580 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:44:37.0300 0580 IpNat - ok
11:44:37.0350 0580 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:44:37.0350 0580 IPSec - ok
11:44:37.0390 0580 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
11:44:37.0400 0580 irda - ok
11:44:37.0430 0580 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:44:37.0430 0580 IRENUM - ok
11:44:37.0490 0580 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:44:37.0490 0580 isapnp - ok
11:44:37.0550 0580 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:44:37.0550 0580 Kbdclass - ok
11:44:37.0590 0580 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:44:37.0590 0580 kbdhid - ok
11:44:37.0630 0580 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:44:37.0630 0580 kmixer - ok
11:44:37.0771 0580 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:44:37.0771 0580 KSecDD - ok
11:44:37.0821 0580 lbrtfdc - ok
11:44:37.0911 0580 MbxStby (c5d77b47f413eb62d41e523e2b4700e2) C:\WINDOWS\system32\drivers\MbxStby.sys
11:44:37.0911 0580 MbxStby - ok
11:44:38.0011 0580 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:44:38.0011 0580 mnmdd - ok
11:44:38.0101 0580 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:44:38.0101 0580 Modem - ok
11:44:38.0131 0580 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:44:38.0141 0580 Mouclass - ok
11:44:38.0191 0580 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:44:38.0191 0580 mouhid - ok
11:44:38.0221 0580 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:44:38.0221 0580 MountMgr - ok
11:44:38.0251 0580 mraid35x - ok
11:44:38.0291 0580 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:44:38.0301 0580 MRxDAV - ok
11:44:38.0382 0580 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:44:38.0392 0580 MRxSmb - ok
11:44:38.0432 0580 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:44:38.0442 0580 Msfs - ok
11:44:38.0532 0580 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:44:38.0532 0580 MSKSSRV - ok
11:44:38.0572 0580 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:44:38.0572 0580 MSPCLOCK - ok
11:44:38.0612 0580 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:44:38.0612 0580 MSPQM - ok
11:44:38.0682 0580 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:44:38.0682 0580 mssmbios - ok
11:44:38.0802 0580 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:44:38.0802 0580 Mup - ok
11:44:38.0872 0580 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:44:38.0882 0580 NDIS - ok
11:44:39.0173 0580 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:44:39.0173 0580 NdisTapi - ok
11:44:39.0303 0580 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:44:39.0313 0580 Ndisuio - ok
11:44:39.0363 0580 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:44:39.0363 0580 NdisWan - ok
11:44:39.0563 0580 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:44:39.0563 0580 NDProxy - ok
11:44:39.0854 0580 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:44:39.0864 0580 NetBIOS - ok
11:44:40.0134 0580 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:44:40.0144 0580 NetBT - ok
11:44:40.0224 0580 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:44:40.0234 0580 NIC1394 - ok
11:44:40.0274 0580 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:44:40.0274 0580 Npfs - ok
11:44:40.0334 0580 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:44:40.0354 0580 Ntfs - ok
11:44:40.0455 0580 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:44:40.0455 0580 Null - ok
11:44:40.0625 0580 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:44:40.0625 0580 NwlnkFlt - ok
11:44:40.0655 0580 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:44:40.0665 0580 NwlnkFwd - ok
11:44:40.0815 0580 O2SCBUS (dd3764730845a74a7fc1021148803fdd) C:\WINDOWS\system32\DRIVERS\ozscr.sys
11:44:40.0825 0580 O2SCBUS - ok
11:44:40.0875 0580 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:44:40.0875 0580 ohci1394 - ok
11:44:40.0935 0580 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
11:44:40.0935 0580 Parport - ok
11:44:40.0975 0580 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:44:40.0975 0580 PartMgr - ok
11:44:41.0206 0580 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:44:41.0206 0580 ParVdm - ok
11:44:41.0356 0580 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:44:41.0356 0580 PCI - ok
11:44:41.0406 0580 PCIDump - ok
11:44:41.0446 0580 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:44:41.0446 0580 PCIIde - ok
11:44:41.0476 0580 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:44:41.0486 0580 Pcmcia - ok
11:44:41.0686 0580 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
11:44:41.0686 0580 pcouffin - ok
11:44:41.0786 0580 PDCOMP - ok
11:44:41.0816 0580 PDFRAME - ok
11:44:41.0847 0580 PDRELI - ok
11:44:41.0877 0580 PDRFRAME - ok
11:44:41.0907 0580 perc2 - ok
11:44:41.0927 0580 perc2hib - ok
11:44:42.0167 0580 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:44:42.0177 0580 PptpMiniport - ok
11:44:42.0297 0580 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:44:42.0297 0580 PSched - ok
11:44:42.0327 0580 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:44:42.0327 0580 Ptilink - ok
11:44:42.0387 0580 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:44:42.0397 0580 PxHelp20 - ok
11:44:42.0417 0580 ql1080 - ok
11:44:42.0447 0580 Ql10wnt - ok
11:44:42.0477 0580 ql12160 - ok
11:44:42.0507 0580 ql1240 - ok
11:44:42.0538 0580 ql1280 - ok
11:44:42.0798 0580 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:44:42.0798 0580 RasAcd - ok
11:44:42.0888 0580 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:44:42.0888 0580 Rasirda - ok
11:44:42.0918 0580 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:44:42.0928 0580 Rasl2tp - ok
11:44:42.0968 0580 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:44:42.0968 0580 RasPppoe - ok
11:44:43.0198 0580 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:44:43.0198 0580 Raspti - ok
11:44:43.0309 0580 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:44:43.0309 0580 Rdbss - ok
11:44:43.0369 0580 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:44:43.0369 0580 RDPCDD - ok
11:44:43.0449 0580 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:44:43.0459 0580 rdpdr - ok
11:44:43.0529 0580 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:44:43.0539 0580 RDPWD - ok
11:44:43.0629 0580 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:44:43.0629 0580 redbook - ok
11:44:43.0809 0580 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
11:44:43.0809 0580 Revoflt - ok
11:44:43.0869 0580 RRNetCap (fceae318066198c162d2176ec2975ace) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
11:44:43.0869 0580 RRNetCap - ok
11:44:43.0889 0580 RRNetCapMP (fceae318066198c162d2176ec2975ace) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
11:44:43.0889 0580 RRNetCapMP - ok
11:44:43.0980 0580 s24trans (2bc0b847cbcfe62a79b18ce0b440334d) C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:44:43.0990 0580 s24trans - ok
11:44:44.0270 0580 SABProcEnum - ok
11:44:44.0370 0580 SASKUTIL - ok
11:44:44.0470 0580 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:44:44.0470 0580 Secdrv - ok
11:44:44.0560 0580 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:44:44.0560 0580 Serenum - ok
11:44:44.0721 0580 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:44:44.0721 0580 Serial - ok
11:44:44.0861 0580 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
11:44:44.0861 0580 Sfloppy - ok
11:44:44.0911 0580 Simbad - ok
11:44:44.0961 0580 SMCIRDA (62556d170f22c43a544481e4ee16d2e2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
11:44:44.0961 0580 SMCIRDA - ok
11:44:45.0001 0580 Sparrow - ok
11:44:45.0071 0580 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:44:45.0081 0580 splitter - ok
11:44:45.0231 0580 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:44:45.0231 0580 sr - ok
11:44:45.0301 0580 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:44:45.0312 0580 Srv - ok
11:44:45.0352 0580 SSPORT - ok
11:44:45.0422 0580 STAC97 (243a7e7eb95257dfaa9a449a4df358e2) C:\WINDOWS\system32\drivers\stac97.sys
11:44:45.0432 0580 STAC97 - ok
11:44:45.0512 0580 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
11:44:45.0522 0580 StillCam - ok
11:44:45.0622 0580 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:44:45.0622 0580 swenum - ok
11:44:45.0792 0580 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:44:45.0792 0580 swmidi - ok
11:44:45.0882 0580 symc810 - ok
11:44:45.0912 0580 symc8xx - ok
11:44:45.0942 0580 sym_hi - ok
11:44:45.0972 0580 sym_u3 - ok
11:44:46.0063 0580 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:44:46.0063 0580 sysaudio - ok
11:44:46.0333 0580 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
11:44:46.0333 0580 tbhsd - ok
11:44:46.0453 0580 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:44:46.0463 0580 Tcpip - ok
11:44:46.0533 0580 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:44:46.0543 0580 TDPIPE - ok
11:44:46.0583 0580 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:44:46.0593 0580 TDTCP - ok
11:44:46.0643 0580 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:44:46.0643 0580 TermDD - ok
11:44:46.0894 0580 TosIde - ok
11:44:46.0984 0580 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\drivers\TVICHW32.sys
11:44:46.0994 0580 TVICHW32 - ok
11:44:47.0104 0580 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:44:47.0104 0580 Udfs - ok
11:44:47.0154 0580 ultra - ok
11:44:47.0214 0580 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:44:47.0224 0580 Update - ok
11:44:47.0384 0580 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:44:47.0395 0580 USBAAPL - ok
11:44:47.0455 0580 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:44:47.0455 0580 usbccgp - ok
11:44:47.0535 0580 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:44:47.0535 0580 usbehci - ok
11:44:47.0575 0580 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:44:47.0575 0580 usbhub - ok
11:44:47.0645 0580 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:44:47.0645 0580 usbscan - ok
11:44:47.0925 0580 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:44:47.0925 0580 usbstor - ok
11:44:47.0995 0580 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:44:47.0995 0580 usbuhci - ok
11:44:48.0065 0580 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:44:48.0065 0580 VgaSave - ok
11:44:48.0096 0580 ViaIde - ok
11:44:48.0156 0580 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:44:48.0156 0580 VolSnap - ok
11:44:48.0636 0580 w22n51 (ec606db5388c3bffdc254b1fc9e0fbba) C:\WINDOWS\system32\DRIVERS\w22n51.sys
11:44:49.0197 0580 w22n51 - ok
11:44:49.0477 0580 w29n51 (68eb5bc07781a36a63633541c11e1ad6) C:\WINDOWS\system32\DRIVERS\w29n51.sys
11:44:49.0538 0580 w29n51 - ok
11:44:49.0608 0580 WacomPen (aced8c149b30f8496c237bcba3727b48) C:\WINDOWS\system32\DRIVERS\wacompen.sys
11:44:49.0608 0580 WacomPen - ok
11:44:49.0668 0580 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:44:49.0668 0580 Wanarp - ok
11:44:49.0758 0580 WDICA - ok
11:44:49.0938 0580 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:44:49.0938 0580 wdmaud - ok
11:44:50.0128 0580 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:44:50.0128 0580 WS2IFSL - ok
11:44:50.0199 0580 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:44:50.0199 0580 WudfPf - ok
11:44:50.0229 0580 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:44:50.0229 0580 WudfRd - ok
11:44:50.0429 0580 {6080A529-897E-4629-A488-ABA0C29B635E} (5a5749d1b68bd321a6df6c2589879908) C:\WINDOWS\system32\drivers\ialmsbw.sys
11:44:50.0439 0580 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
11:44:50.0489 0580 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (11d6d2eb80ccb2f676b7a9a84d74c6ae) C:\WINDOWS\system32\drivers\ialmkchw.sys
11:44:50.0489 0580 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
11:44:50.0519 0580 {E6759E0C-470B-44DC-A4A1-627E68BB3A85} (e13f355e70358d0757a7f6edfece7bb8) C:\WINDOWS\system32\drivers\A302.sys
11:44:50.0529 0580 {E6759E0C-470B-44DC-A4A1-627E68BB3A85} - ok
11:44:50.0559 0580 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
11:44:50.0839 0580 \Device\Harddisk0\DR0 - ok
11:44:50.0849 0580 Boot (0x1200) (41be0bc6d82658947418f7b3891d9632) \Device\Harddisk0\DR0\Partition0
11:44:50.0859 0580 \Device\Harddisk0\DR0\Partition0 - ok
11:44:50.0859 0580 ============================================================
11:44:50.0859 0580 Scan finished
11:44:50.0859 0580 ============================================================
11:44:50.0890 5876 Detected object count: 0
11:44:50.0890 5876 Actual detected object count: 0


Again, any help really appreciated!

Spencer Gross

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:17 AM

Posted 09 January 2012 - 09:03 AM

Now run the aswMBR.exe tool. Select the FixMBR button.

Important > you need to wait for the tool to report ... Infection fixed successfully
Do not reboot the machine until it has said so.

When you see the message restart the computer normally.

Run aswBMR.exe normally and post the log.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Please post the logs and let me know what problem persists.

#10 spencerg

spencerg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 09 January 2012 - 07:13 PM

Here is the new aswMBR log. Now I will get going on the Combofix.

aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2012-01-09 09:30:41
-----------------------------
09:30:41.719 OS Version: Windows 5.1.2600 Service Pack 3
09:30:41.739 Number of processors: 1 586 0xD06
09:30:41.739 ComputerName: LIFEBOOK UserName: Spencer
09:31:32.642 Initialize success
09:33:14.038 AVAST engine defs: 12010701
09:33:17.553 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:33:17.553 Disk 0 Vendor: WDC_WD2500BEVE-00A0HT0 11.01A11 Size: 238475MB BusType: 3
09:33:17.573 Disk 0 MBR read successfully
09:33:17.573 Disk 0 MBR scan
09:33:17.843 Disk 0 Windows XP default MBR code
09:33:17.853 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63
09:33:17.883 Disk 0 scanning sectors +488392065
09:33:17.983 Disk 0 scanning C:\WINDOWS\system32\drivers
09:34:22.596 Service scanning
09:34:25.671 Modules scanning
09:34:44.548 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
09:34:46.971 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
09:34:46.971 Disk 0 trace - called modules:
09:34:47.692 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:34:47.702 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6b41f0]
09:34:47.702 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000008a[0x8a63b210]
09:34:47.702 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a667940]
09:34:51.137 AVAST engine scan C:\WINDOWS
09:35:21.992 AVAST engine scan C:\WINDOWS\system32
09:54:13.879 AVAST engine scan C:\WINDOWS\system32\drivers
09:55:42.136 AVAST engine scan C:\Documents and Settings\TEMP.LIFEBOOK
10:04:07.323 AVAST engine scan C:\Documents and Settings\All Users
10:08:55.887 Scan finished successfully
12:57:02.351 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TEMP.LIFEBOOK\Desktop\MBR.dat"
12:57:02.952 The log file has been saved successfully to "C:\Documents and Settings\TEMP.LIFEBOOK\Desktop\aswMBR.txt"
12:58:06.293 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TEMP.LIFEBOOK\Desktop\MBR.dat"
12:58:06.393 The log file has been saved successfully to "C:\Documents and Settings\TEMP.LIFEBOOK\Desktop\aswMBR2.txt"

#11 spencerg

spencerg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 09 January 2012 - 09:02 PM

Here is the Combofix log:


ComboFix 12-01-09.06 - Spencer 01/09/2012 16:49:34.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1671 [GMT -8:00]
Running from: c:\documents and settings\TEMP.LIFEBOOK\Desktop\kittysnack.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: The Shield Deluxe Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))
.
.
2012-01-06 18:17 . 2008-04-13 18:40 24960 ----a-w- c:\windows\system32\drivers\pciidex.sys
2012-01-04 05:13 . 2012-01-04 05:13 14664 ----a-w- c:\windows\stinger.sys
2012-01-04 05:06 . 2012-01-04 05:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2012-01-04 05:04 . 2012-01-04 05:04 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2012-01-04 05:02 . 2012-01-04 05:02 -------- d-----w- c:\program files\McAfee Security Scan
2012-01-04 05:02 . 2012-01-04 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-01-04 04:56 . 2004-02-28 07:49 3909 ----a-r- c:\windows\system32\drivers\bioschk.sys
2012-01-02 19:46 . 2012-01-06 21:07 -------- d-----w- c:\documents and settings\TEMP.LIFEBOOK\Application Data\AVG
2012-01-02 19:12 . 2012-01-02 19:12 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-01-02 19:07 . 2012-01-09 13:42 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-02 19:07 . 2012-01-02 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-01-02 18:53 . 2012-01-09 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-12-31 04:30 . 2012-01-01 07:06 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-12-31 03:23 . 2011-12-31 03:23 388096 ----a-r- c:\documents and settings\TEMP.LIFEBOOK\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-31 03:23 . 2011-12-31 03:23 -------- d-----w- c:\program files\Trend Micro
2011-12-26 07:49 . 2011-12-26 07:49 -------- d-----w- C:\kleaner.tmp
2011-12-25 21:39 . 2011-12-26 07:38 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-12-24 21:00 . 2011-12-24 21:00 -------- d-----w- c:\documents and settings\TEMP.LIFEBOOK\Application Data\Malwarebytes
2011-12-24 20:59 . 2011-12-26 07:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-19 01:53 . 2011-12-19 02:46 -------- d-----w- C:\kittysnack
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-02 19:52 . 2011-05-22 23:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2004-09-01 01:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2004-09-01 01:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-09-01 01:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-09-01 01:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-09-01 01:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-09-01 01:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-09-01 00:59 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2004-09-01 01:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-09-01 00:59 186880 ----a-w- c:\windows\system32\encdec.dll
2008-04-16 15:35 . 2008-04-16 15:35 2293848 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2008-04-16 15:34 . 2008-04-16 15:34 4265560 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2010-03-31 17:09 . 2010-03-31 17:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 19:36 . 2010-04-08 19:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2012-01-02 02:05 . 2012-01-02 02:05 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-09-14 05:10 . 2009-12-03 05:07 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\I386\NTFS.SYS
.
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-04 12:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 095257739A1A7347B2BF7A8AE390704D . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\I386\REGEDIT.EXE
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 2826C4417F3DE4390BE20F5909FC17E0 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-12-19_02.23.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 08:02 . 2009-07-12 08:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 08:05 . 2009-07-12 08:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 08:05 . 2009-07-12 08:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2012-01-09 17:23 . 2012-01-09 17:23 16384 c:\windows\Temp\Perflib_Perfdata_828.dat
- 2004-08-03 22:59 . 2008-04-13 18:40 36352 c:\windows\system32\drivers\disk.sys
+ 2004-08-03 22:59 . 2008-04-13 19:40 36352 c:\windows\system32\drivers\disk.sys
+ 2011-09-13 14:30 . 2011-09-13 14:30 32592 c:\windows\system32\drivers\avgrkx86.sys
+ 2011-08-08 14:08 . 2011-08-08 14:08 40016 c:\windows\system32\drivers\avgmfx86.sys
+ 2011-10-04 14:21 . 2011-10-04 14:21 16720 c:\windows\system32\drivers\AVGIDSShim.sys
+ 2011-07-11 09:14 . 2011-07-11 09:14 24272 c:\windows\system32\drivers\AVGIDSFilter.sys
+ 2011-07-11 09:14 . 2011-07-11 09:14 23120 c:\windows\system32\drivers\AVGIDSEH.sys
+ 2004-09-01 01:36 . 2012-01-02 00:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-09-01 01:36 . 2010-01-07 15:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-09-01 01:36 . 2010-01-07 15:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-09-01 01:36 . 2012-01-02 00:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-09-01 01:36 . 2010-01-07 15:39 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-12-27 18:57 . 2012-01-02 00:31 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-12-25 11:49 . 2011-12-25 11:49 31504 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_wp.exe
+ 2011-12-25 19:07 . 2011-12-25 19:07 81920 c:\windows\Microsoft.Net\Framework\v1.1.4322\System.Security.dll
- 2011-07-08 21:00 . 2011-07-08 21:00 81920 c:\windows\Microsoft.Net\Framework\v1.1.4322\System.Security.dll
+ 2011-12-25 06:55 . 2011-12-25 06:55 77824 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorsn.dll
- 2011-07-07 19:04 . 2011-07-07 19:04 77824 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorsn.dll
+ 2011-12-25 06:55 . 2011-12-25 06:55 86016 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorie.dll
- 2011-07-07 19:04 . 2011-07-07 19:04 86016 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorie.dll
+ 2011-12-25 06:55 . 2011-12-25 06:55 81920 c:\windows\Microsoft.Net\Framework\v1.1.4322\CORPerfMonExt.dll
- 2011-07-07 19:03 . 2011-07-07 19:03 81920 c:\windows\Microsoft.Net\Framework\v1.1.4322\CORPerfMonExt.dll
- 2011-07-07 20:09 . 2011-07-07 20:09 32768 c:\windows\Microsoft.Net\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-12-25 07:49 . 2011-12-25 07:49 32768 c:\windows\Microsoft.Net\Framework\v1.1.4322\aspnet_wp.exe
- 2011-07-07 20:09 . 2011-07-07 20:09 24576 c:\windows\Microsoft.Net\Framework\v1.1.4322\aspnet_filter.dll
+ 2011-12-25 07:49 . 2011-12-25 07:49 24576 c:\windows\Microsoft.Net\Framework\v1.1.4322\aspnet_filter.dll
+ 2011-12-31 03:11 . 2011-12-31 03:11 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_3de8528a\System.Drawing.Design.dll
+ 2011-12-31 03:09 . 2011-12-31 03:09 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_4d0c5dcc\CustomMarshalers.dll
+ 2011-12-31 03:54 . 2011-12-31 03:54 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll
+ 2011-12-31 02:06 . 2011-12-31 02:06 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-12-31 02:05 . 2011-12-31 02:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-10-12 04:11 . 2011-10-12 04:11 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-12-31 02:11 . 2011-12-31 02:11 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-12-31 02:07 . 2011-12-31 02:07 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-12-31 02:08 . 2011-12-31 02:08 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-12-31 02:08 . 2011-12-31 02:08 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-12-31 02:11 . 2011-12-31 02:11 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-12-31 02:10 . 2011-12-31 02:10 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-12-31 02:06 . 2011-12-31 02:06 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-12-31 02:06 . 2011-12-31 02:06 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-12-31 02:07 . 2011-12-31 02:07 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-12-31 02:07 . 2011-12-31 02:07 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-12-31 02:06 . 2011-12-31 02:06 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-12 04:00 . 2011-10-12 04:00 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-12-31 02:28 . 2011-12-31 02:28 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-12-31 02:06 . 2011-12-31 02:06 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-12-31 02:07 . 2011-12-31 02:07 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-10-12 04:11 . 2011-10-12 04:11 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-12-31 02:11 . 2011-12-31 02:11 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-12 04:10 . 2011-10-12 04:10 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-12-31 02:07 . 2011-12-31 02:07 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-12-31 02:06 . 2011-12-31 02:06 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-12-31 02:09 . 2011-12-31 02:09 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-12-31 02:09 . 2011-12-31 02:09 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2004-09-01 01:00 . 2011-12-31 02:16 530774 c:\windows\system32\perfh009.dat
- 2004-09-01 01:00 . 2011-11-22 07:57 530774 c:\windows\system32\perfh009.dat
+ 2004-09-01 01:00 . 2011-12-31 02:16 100138 c:\windows\system32\perfc009.dat
- 2004-09-01 01:00 . 2011-11-22 07:57 100138 c:\windows\system32\perfc009.dat
+ 2011-07-11 09:14 . 2011-07-11 09:14 295248 c:\windows\system32\drivers\avgtdix.sys
+ 2011-10-07 14:23 . 2011-10-07 14:23 230608 c:\windows\system32\drivers\avgldx86.sys
+ 2011-07-11 09:14 . 2011-07-11 09:14 134608 c:\windows\system32\drivers\AVGIDSDriver.sys
+ 2011-12-31 03:15 . 2011-12-29 22:02 340086 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
+ 2011-12-25 11:49 . 2011-12-25 11:49 436496 c:\windows\Microsoft.Net\Framework\v2.0.50727\webengine.dll
+ 2011-12-25 06:55 . 2011-12-25 06:55 102400 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorld.dll
- 2011-07-07 19:04 . 2011-07-07 19:04 102400 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorld.dll
- 2011-07-07 19:01 . 2011-07-07 19:01 315392 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorjit.dll
+ 2011-12-25 06:53 . 2011-12-25 06:53 315392 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorjit.dll
- 2011-07-07 20:09 . 2011-07-07 20:09 258048 c:\windows\Microsoft.Net\Framework\v1.1.4322\aspnet_isapi.dll
+ 2011-12-25 07:49 . 2011-12-25 07:49 258048 c:\windows\Microsoft.Net\Framework\v1.1.4322\aspnet_isapi.dll
+ 2011-12-25 13:40 . 2011-12-25 13:40 819200 c:\windows\Installer\9f6844.msp
+ 2012-01-02 19:01 . 2012-01-02 19:01 219648 c:\windows\Installer\13205c.msi
+ 2011-12-31 03:14 . 2011-12-31 03:14 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_c5bdfdac\System.Drawing.dll
+ 2011-12-31 03:15 . 2011-12-31 03:15 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_016eec3d\System.Drawing.Design.dll
+ 2011-12-31 03:15 . 2011-12-31 03:15 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_83c2b08d\CustomMarshalers.dll
+ 2011-12-31 03:53 . 2011-12-31 03:53 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0bda7bdfaf440d5dd4bc6a1dea7ffa39\System.Web.Routing.ni.dll
+ 2011-12-31 03:54 . 2011-12-31 03:54 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll
+ 2011-12-31 03:54 . 2011-12-31 03:54 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll
+ 2011-12-31 03:54 . 2011-12-31 03:54 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll
+ 2011-12-31 03:54 . 2011-12-31 03:54 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\09c6a41f187ba483486cdb92dad714a1\System.Web.DynamicData.ni.dll
+ 2011-12-31 03:53 . 2011-12-31 03:53 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5efb726d424b9712632eff749411fa89\System.Web.Abstractions.ni.dll
+ 2011-12-31 03:51 . 2011-12-31 03:51 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f374e8e7849a72d1470b4a6a0771a137\System.Data.Entity.Design.ni.dll
+ 2011-12-31 03:50 . 2011-12-31 03:50 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\439732479756e0f6df88d29e50a402bf\ServiceModelReg.ni.exe
+ 2011-12-31 03:47 . 2011-12-31 03:47 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bfcea15c95909860c4f4ac19bd7a2d6c\AspNetMMCExt.ni.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-12-31 02:05 . 2011-12-31 02:05 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-12-31 02:06 . 2011-12-31 02:06 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-12-31 02:07 . 2011-12-31 02:07 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-12-31 02:09 . 2011-12-31 02:09 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-12-31 02:09 . 2011-12-31 02:09 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-12-31 02:10 . 2011-12-31 02:10 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-12-31 02:10 . 2011-12-31 02:10 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-12-31 02:10 . 2011-12-31 02:10 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-12-31 02:10 . 2011-12-31 02:10 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-12-31 02:08 . 2011-12-31 02:08 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-12-31 02:06 . 2011-12-31 02:06 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-12 04:11 . 2011-10-12 04:11 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-12-31 02:12 . 2011-12-31 02:12 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-12-31 02:12 . 2011-12-31 02:12 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-12 04:11 . 2011-10-12 04:11 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-12-31 02:11 . 2011-12-31 02:11 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-10-12 04:11 . 2011-10-12 04:11 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-10-12 04:11 . 2011-10-12 04:11 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-12-31 02:11 . 2011-12-31 02:11 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-12-31 02:07 . 2011-12-31 02:07 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-12-31 02:07 . 2011-12-31 02:07 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-12-31 02:07 . 2011-12-31 02:07 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-12-31 02:08 . 2011-12-31 02:08 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-12-31 02:10 . 2011-12-31 02:10 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-12-31 02:09 . 2011-12-31 02:09 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-12-31 02:05 . 2011-12-31 02:05 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-12-31 02:09 . 2011-12-31 02:09 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-12-31 02:09 . 2011-12-31 02:09 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-12-31 02:09 . 2011-12-31 02:09 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-12 04:11 . 2011-10-12 04:11 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-12-31 02:11 . 2011-12-31 02:11 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2011-12-25 11:50 . 2011-12-25 11:50 5246976 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Web.dll
+ 2011-12-25 19:07 . 2011-12-25 19:07 2064384 c:\windows\Microsoft.Net\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2011-12-25 19:06 . 2011-12-25 19:06 1269760 c:\windows\Microsoft.Net\Framework\v1.1.4322\System.Web.dll
- 2011-07-08 20:59 . 2011-07-08 20:59 1232896 c:\windows\Microsoft.Net\Framework\v1.1.4322\System.dll
+ 2011-12-25 19:06 . 2011-12-25 19:06 1232896 c:\windows\Microsoft.Net\Framework\v1.1.4322\System.dll
- 2011-07-07 19:02 . 2011-07-07 19:02 2514944 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorwks.dll
+ 2011-12-25 06:54 . 2011-12-25 06:54 2514944 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorwks.dll
- 2011-07-07 19:02 . 2011-07-07 19:02 2527232 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorsvr.dll
+ 2011-12-25 06:53 . 2011-12-25 06:53 2527232 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorsvr.dll
+ 2011-12-25 19:06 . 2011-12-25 19:06 2142208 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorlib.dll
- 2011-07-08 20:59 . 2011-07-08 20:59 2142208 c:\windows\Microsoft.Net\Framework\v1.1.4322\mscorlib.dll
+ 2011-12-31 03:23 . 2011-12-31 03:23 1094656 c:\windows\Installer\df1e9.msi
+ 2012-01-02 19:11 . 2012-01-02 19:11 4683264 c:\windows\Installer\132064.msi
+ 2012-01-02 19:03 . 2012-01-02 19:03 2186240 c:\windows\Installer\132060.msi
+ 2011-12-26 17:59 . 2011-12-26 17:59 4368896 c:\windows\Installer\11e219.msp
+ 2011-12-31 03:15 . 2011-12-31 03:15 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_3830fab2\System.dll
+ 2011-12-31 03:08 . 2011-12-31 03:08 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_061cbaad\System.dll
+ 2011-12-31 03:13 . 2011-12-31 03:13 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_c18e1208\System.Xml.dll
+ 2011-12-31 03:15 . 2011-12-31 03:15 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_3c7f7fdb\System.Xml.dll
+ 2011-12-31 03:13 . 2011-12-31 03:13 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_fcd9875c\System.Windows.Forms.dll
+ 2011-12-31 03:15 . 2011-12-31 03:15 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_c48157f2\System.Windows.Forms.dll
+ 2011-12-31 03:16 . 2011-12-31 03:16 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e9914e64\System.Drawing.dll
+ 2011-12-31 03:14 . 2011-12-31 03:14 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_f889a85b\System.Design.dll
+ 2011-12-31 03:15 . 2011-12-31 03:15 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_8bc2f9c9\System.Design.dll
+ 2011-12-31 03:14 . 2011-12-31 03:14 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e74174f5\mscorlib.dll
+ 2011-12-31 03:16 . 2011-12-31 03:16 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d276c7fb\mscorlib.dll
+ 2011-12-31 03:56 . 2011-12-31 03:56 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll
+ 2011-12-31 03:56 . 2011-12-31 03:56 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll
+ 2011-12-31 03:56 . 2011-12-31 03:56 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll
+ 2011-12-31 03:55 . 2011-12-31 03:55 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll
+ 2011-12-31 03:55 . 2011-12-31 03:55 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
+ 2011-12-31 03:54 . 2011-12-31 03:54 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll
+ 2011-12-31 03:54 . 2011-12-31 03:54 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c8f78b9e94857fdf6c2a378dd1629ee0\System.Web.Extensions.ni.dll
+ 2011-12-31 03:52 . 2011-12-31 03:52 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b024162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll
+ 2011-12-31 03:47 . 2011-12-31 03:47 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll
+ 2011-12-31 03:51 . 2011-12-31 03:51 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f35064c125799df650c1a959d8fa450b\System.Data.Services.ni.dll
+ 2011-12-31 03:51 . 2011-12-31 03:51 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll
+ 2011-12-31 03:51 . 2011-12-31 03:51 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6c46eade19e6f222f8b233ab0065d84a\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-12-31 02:12 . 2011-12-31 02:12 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-10-12 04:11 . 2011-10-12 04:11 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-12-31 02:08 . 2011-12-31 02:08 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-12 04:11 . 2011-10-12 04:11 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-12-31 02:06 . 2011-12-31 02:06 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-06 05:13 . 2010-10-06 05:13 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2011-12-30 20:39 . 2011-12-30 20:39 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-12-31 02:05 . 2011-12-31 02:05 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-12-31 02:05 . 2011-12-31 02:05 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-10-12 04:11 . 2011-10-12 04:11 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-12-31 02:12 . 2011-12-31 02:12 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-10-12 04:10 . 2011-12-31 02:11 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-12 04:10 . 2011-10-12 04:10 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-12-31 02:28 . 2011-12-31 02:28 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2011-10-12 04:00 . 2011-10-12 04:00 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2011-12-31 02:28 . 2011-12-31 02:28 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-12-31 02:28 . 2011-12-31 02:28 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-12-27 01:02 . 2011-12-27 01:02 12482048 c:\windows\Microsoft.Net\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp
+ 2011-12-26 17:02 . 2011-12-26 17:02 19677184 c:\windows\Installer\11e232.msp
+ 2011-12-31 03:53 . 2011-12-31 03:53 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
+ 2011-12-31 03:49 . 2011-12-31 03:49 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll
+ 2011-12-31 02:37 . 2011-12-31 02:37 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9e15d80ffb037e9171fa4bd2e0233497\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDriveE Startup"="c:\program files\IDrive\IDrvieEStartup.exe" [2011-06-24 185800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-07-02 163840]
"AGRSMMSG"="AGRSMMSG.exe" [2005-07-01 88201]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-05-23 1351680]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-05-23 1191936]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
.
c:\documents and settings\TEMP.LIFEBOOK\Start Menu\Programs\Startup\
IDrive Tray.lnk - c:\program files\IDrive\IDriveEReg2ini.exe [2011-10-7 304584]
Launch Utility Application.lnk - c:\documents and settings\TEMP.LIFEBOOK\Application Data\Verizon\UA_ar\UtilityApplication.exe [2011-3-22 547840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.250\SSScheduler.exe [2011-12-9 272792]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 10:41 11776 ------w- c:\windows\system32\tabbtnwl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 00:12 32256 ------w- c:\windows\system32\tpgwlnot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\River Past\\Audio Converter\\AudioConverter.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/5/2010 1:29 PM 116608]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [8/31/2004 5:38 PM 191264]
R3 Fjbtndrv;Fujitsu LIFEBOOK T3000 Button Driver;c:\windows\system32\drivers\FjBtndrv.sys [6/20/2003 1:30 PM 11392]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [8/31/2004 5:38 PM 31104]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [8/31/2004 5:38 PM 5760]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6/11/2008 9:52 PM 47360]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [11/26/2009 2:28 PM 27168]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2010 7:37 AM 135664]
S2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [10/7/2011 9:42 PM 157128]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164;c:\windows\system32\drivers\A302.sys [8/31/2004 5:38 PM 11831]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S3 bioschk;FPC BIOS Check Driver;c:\windows\system32\drivers\bioschk.sys [1/3/2012 8:56 PM 3909]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 DX02;DX02;c:\windows\system32\drivers\dx02.sys [7/29/2004 12:27 PM 83712]
S3 FarStoneFireWallDrive;FarStoneFireWallDrive;c:\windows\system32\Drivers\FarDrive.sys --> c:\windows\system32\Drivers\FarDrive.sys [?]
S3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [8/31/2004 5:38 PM 6000]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2010 7:37 AM 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.250\McCHSvc.exe [12/9/2011 3:18 AM 237272]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/18/2010 2:25 PM 27064]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [11/26/2009 2:28 PM 27168]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [8/31/2004 10:22 AM 14208]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/31/2004 5:00 PM 14336]
S4 iYogiURLHit.exe;iYogi Hit Agent;c:\program files\iYogi SupportDock\Services\URLHit\iYogiURLHit.exe [5/31/2010 6:57 AM 16896]
S4 pg-plus-8.3;Postgres Plus 8.3 - Server;c:\postgresplus\8.3\bin\pg_ctl.exe runservice -w -N "pg-plus-8.3" -D "c:\postgresplus\8.3\data\" --> c:\postgresplus\8.3\bin\pg_ctl.exe runservice -w -N pg-plus-8.3 [?]
S4 SupportDockClientService.exe;iYogi Communication Agent;c:\program files\iYogi SupportDock\Services\CommAgent\SupportDockClientService.exe [6/2/2010 7:44 AM 45568]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-05 00:32 8192 ------w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 15:36]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 15:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.43.1
FF - ProfilePath - c:\documents and settings\TEMP.LIFEBOOK\Application Data\Mozilla\Firefox\Profiles\6bk79y6l.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-09 17:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\docume~1\TEMP~1.LIF\LOCALS~1\Temp\avg-b76e401a-f59a-4a74-8064-5c2f68152103.tmp.mht 8070 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2012)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2012-01-09 17:26:19
ComboFix-quarantined-files.txt 2012-01-10 01:26
ComboFix2.txt 2011-12-19 16:46
ComboFix3.txt 2011-12-19 04:31
ComboFix4.txt 2011-12-19 02:46
.
Pre-Run: 184,197,074,944 bytes free
Post-Run: 184,289,198,080 bytes free
.
- - End Of File - - 85658E52A88773450236FC79B7E8BBD0

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:17 AM

Posted 10 January 2012 - 11:15 AM

Lets check these suspicious files.

>>> Run Jotti's malware scan: Please copy each line from the following (in bold):
C:\WINDOWS\System32\drivers\dxgthk.sys
C:\WINDOWS\system32\ntdll.dll

  • Go to Jotti's malware scan and click the Browse button,
  • A window will open, right-click in the File name field and choose Paste.
  • Click the Submit button and let the scan run uninterrupted.
  • At the end right-click the Permalink button and choose "Copy the link". Posted Image
  • Open Notepad (Start => All Programs => Accessories) and click "Edition" => "Paste".
    If more then one file submitted, return to the "Jotti's malware scan" window and click the "Next file" button to continue with the rest.
Please copy and paste these Permalinks in your next reply.
If Jotti is busy, please go to http://www.virustotal.com

#13 spencerg

spencerg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 10 January 2012 - 12:16 PM

Hi, nasdaq,

Here are the two results from Jotti:

http://virusscan.jotti.org/en/scanresult/bee84fe8d27d267ba47b2e823c241255732d4e4a/af0948b2a5ca8dc71b3fcf58ae5a05e57e8e3690

http://virusscan.jotti.org/en/scanresult/d4206ba3892f8cf9bf30e048c4b54bc807f2e8fb/11859cfc2011a90b8106437d6a96457a8f20c7da

sg




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users