Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome - Google searches redirected - tried everything with no luck.


  • This topic is locked This topic is locked
38 replies to this topic

#1 Matt Leonard

Matt Leonard

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 29 December 2011 - 02:20 AM

Seems like I'm suffering from a fairly common problem - but despite spending many, many hours scouring this board and the web to find a solution, I've had no luck.

SYMPTOMS:

In Chrome, Google searches are being redirected. About 1 out of every 3 links clicked from a search redirect me to random websites. This problem does not happen in Firefox, or IE. I don't recall having any other virus on Malware issues prior. This has been happening about 2 weeks now, and the redirected sites seem to be changing every few days. I run Win 7 (64 bit), and use MS Security Essentials normally.

ATTEMPTED FIXES:

I've studied this forum, and dozens of other sites who try to address this issue. MalwareBytes, ComboFix, HitManPro, Kapersky, FixTDSS, Rkill and likely a few more. None found any malware, and the problem persists. I've checked my Hosts file, and it's clean. I've reset my router at home - but no other computers on that router are having this issue, and I still have the issue on any other network I've used. I've tried flushing my DNS, as well as checking IE internet settings or any proxy issues.

I also noticed that my options with Windows Firewall are being blocked - I get error code 0x80070424 when trying to update Firewall settings. I've tried the fix of using an elevated command prompt to "regsvr32 wuaueng.dll" - but while it says the action was successful, no changes to my Firewall. I've also tried manually starting services related - but there is no Firewall service listed.

Anyone got any more suggestions? I'd prefer to be able to use Chrome - but at my wits end! Thanks in advance!

-Matt

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:20 PM

Posted 03 January 2012 - 12:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/435102 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:20 PM

Posted 03 January 2012 - 12:56 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Note:
If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Thanks and again sorry for the delay.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 Matt Leonard

Matt Leonard
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 03 January 2012 - 01:09 PM

Here is my DDS scan log.

I am running Window 7 64 bit, and do not have the install disks.

DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Matt at 12:02:31 on 2012-01-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.2207 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Stickies\stickies.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Matt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Matt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Stickies.lnk - C:\Program Files (x86)\Stickies\stickies.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{04080E64-A8B1-42C1-920E-47E9A1682278} : DhcpNameServer = 192.168.160.5 192.168.160.10
TCP: Interfaces\{13ED0346-795F-4824-9201-8E47C144AC1D} : DhcpNameServer = 172.18.64.215 172.18.64.215 8.8.8.8
TCP: Interfaces\{50825764-072D-459D-99A6-77C22D3A0E7B} : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{50825764-072D-459D-99A6-77C22D3A0E7B}\2456C6B696E6E233832334 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{50825764-072D-459D-99A6-77C22D3A0E7B}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{50825764-072D-459D-99A6-77C22D3A0E7B}\3547E202A416D656370254370727563737F6 : DhcpNameServer = 10.1.10.1
TCP: Interfaces\{50825764-072D-459D-99A6-77C22D3A0E7B}\C696E6B6379737 : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{50825764-072D-459D-99A6-77C22D3A0E7B}\D4970234570702F66602455616 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C6ED4318-CEEE-4B7A-A735-117E5E7ECBF4} : DhcpNameServer = 10.0.0.1 8.8.8.8
TCP: Interfaces\{EE280897-F919-489F-864E-6FD7E3E0B8E0} : DhcpNameServer = 192.168.0.1 8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zexhvl1f.default\
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Users\Matt\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-12-10 89600]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-29 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-6-29 2375168]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-14 366152]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-29 2656280]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-7-14 8192]
S2 WRSVC;WRSVC;"C:\Program Files\Webroot\WRSA.exe" -service --> C:\Program Files\Webroot\WRSA.exe [?]
S3 AESTAud;AE Audio Service;C:\Windows\system32\drivers\AESTAu64.sys --> C:\Windows\system32\drivers\AESTAu64.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-7-16 1038088]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-01-03 03:37:48 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DFD5F519-05B4-48B7-ABF7-41CFE4904831}\offreg.dll
2012-01-03 03:37:45 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DFD5F519-05B4-48B7-ABF7-41CFE4904831}\mpengine.dll
2011-12-28 19:00:02 -------- d-----w- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
2011-12-28 08:03:07 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-27 07:37:38 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-12-26 22:23:00 -------- d-----w- C:\Windows\pss
2011-12-26 22:16:35 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2011-12-26 05:42:59 -------- d-----w- C:\Program Files (x86)\ESET
2011-12-26 05:33:41 -------- d-----w- C:\Program Files\HitmanPro
2011-12-26 04:46:20 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2011-12-26 04:44:39 -------- d-----w- C:\ProgramData\HitmanPro
2011-12-21 23:07:09 98816 ----a-w- C:\Windows\sed.exe
2011-12-21 23:07:09 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-21 23:07:09 256000 ----a-w- C:\Windows\PEV.exe
2011-12-21 23:07:09 208896 ----a-w- C:\Windows\MBR.exe
2011-12-14 19:58:11 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-14 19:37:37 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-14 19:37:34 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-14 19:37:34 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-14 19:37:24 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-14 19:37:24 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-14 08:04:13 -------- d-----w- C:\Users\Matt\AppData\Roaming\SUPERAntiSpyware.com
2011-12-14 08:04:13 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-14 07:53:21 -------- d-----w- C:\Users\Matt\AppData\Roaming\Malwarebytes
2011-12-14 07:53:14 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-14 07:53:11 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-14 07:53:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-11 02:45:29 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-12-11 00:17:33 -------- d-----w- C:\Users\Matt\AppData\Local\ElevatedDiagnostics
2011-12-10 01:16:17 296448 ----a-w- C:\Windows\System32\stacsv64.exe
2011-12-10 01:15:06 2265088 ----a-w- C:\Windows\System32\drivers\sthda64.sys
2011-12-10 01:15:05 513024 ----a-w- C:\Windows\System32\stapi64x.dll
2011-12-10 01:15:03 146048 ----a-w- C:\Windows\System32\drivers\AESTAu64.sys
2011-12-10 01:14:41 -------- d-----w- C:\Program Files\IDT
.
==================== Find3M ====================
.
2011-12-26 22:15:41 660368 ----a-w- C:\Windows\System32\deployJava1.dll
2011-12-08 17:29:34 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-24 22:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 12:03:27.53 ===============

Attached Files



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:20 PM

Posted 03 January 2012 - 01:30 PM

Hello,


I don't see anything on the surface, but lets have a deeper look. Are you able to burn CD's and have access to a USB Flash Drive. Can you please tell me where it is redirecting you to.


Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.


2.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:20 PM

Posted 05 January 2012 - 11:52 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:20 PM

Posted 10 January 2012 - 10:35 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:20 PM

Posted 15 January 2012 - 07:24 PM

This topic has been re-opened at the request of the person who originally posted.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Matt Leonard

Matt Leonard
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 15 January 2012 - 08:57 PM

The redirects seem to change periodically - there are a couple common redirected sites that often appear, but a new "set" changes every few days it seems.

I happen to have a very slow internet connection today - and was able to watch the search result go to an intermediary site momentarily (part of the hijack), before loading a final hijacked page. The intermediary sites it has been loading include (with the "Search=" string apparently being previously used search terms I've used in that Chrome session)

http://plazmacool.com/index.php?search=
http://allcall.me/index.php?search=
http://intflags.com/index.php?search=
http://schoolroller.com/index.php?search=
http://bettamonk.com/index.php?search=

And some of the sites it ended up loading after the intermediary URL:

http://www.wiinjamod.com/travel.htm
http://216.18.215.24/feed/click_check.php
https://www.nutritionweightcontrol.net
http://www.offthetrails.com/

Here is the MBRCheck log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dm4 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 200):
0x02E1E000 \SystemRoot\system32\ntoskrnl.exe
0x03407000 \SystemRoot\system32\hal.dll
0x00B9E000 \SystemRoot\system32\kdcom.dll
0x00C0C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C5B000 \SystemRoot\system32\PSHED.dll
0x00C6F000 \SystemRoot\system32\CLFS.SYS
0x00CCD000 \SystemRoot\system32\CI.dll
0x00E5A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EFE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F0D000 \SystemRoot\system32\drivers\ACPI.sys
0x00F64000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F6D000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F77000 \SystemRoot\system32\drivers\pci.sys
0x00FAA000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FB7000 \SystemRoot\System32\drivers\partmgr.sys
0x00FCC000 \SystemRoot\system32\drivers\compbatt.sys
0x00FD5000 \SystemRoot\system32\drivers\BATTC.SYS
0x00FE1000 \SystemRoot\system32\drivers\volmgr.sys
0x00D8D000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys
0x01088000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011DC000 \SystemRoot\system32\drivers\atapi.sys
0x01000000 \SystemRoot\system32\drivers\ataport.SYS
0x0102A000 \SystemRoot\system32\drivers\msahci.sys
0x01035000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x01045000 \SystemRoot\system32\drivers\amdxata.sys
0x01268000 \SystemRoot\system32\drivers\fltmgr.sys
0x012B4000 \SystemRoot\system32\drivers\fileinfo.sys
0x01405000 \SystemRoot\System32\Drivers\Ntfs.sys
0x012C8000 \SystemRoot\System32\Drivers\msrpc.sys
0x015A8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01326000 \SystemRoot\System32\Drivers\cng.sys
0x015C3000 \SystemRoot\System32\drivers\pcw.sys
0x015D4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01605000 \SystemRoot\system32\drivers\ndis.sys
0x016F8000 \SystemRoot\system32\drivers\NETIO.SYS
0x01758000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018C8000 \SystemRoot\System32\drivers\tcpip.sys
0x01ACC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01B16000 \SystemRoot\system32\drivers\wd.sys
0x01B1E000 \SystemRoot\system32\drivers\volsnap.sys
0x01B6A000 \SystemRoot\System32\Drivers\spldr.sys
0x01B72000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BAC000 \SystemRoot\System32\Drivers\mup.sys
0x01BBE000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01BC7000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0183A000 \SystemRoot\system32\drivers\disk.sys
0x01850000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x02E00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02E2A000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x02E5B000 \SystemRoot\System32\Drivers\Null.SYS
0x02E64000 \SystemRoot\System32\Drivers\Beep.SYS
0x02E6B000 \SystemRoot\System32\drivers\vga.sys
0x0188E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02FEB000 \SystemRoot\System32\drivers\watchdog.sys
0x02E79000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x018B3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x018BC000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01BD1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01BDC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01783000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01BED000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04292000 \SystemRoot\system32\drivers\afd.sys
0x0431B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04360000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04369000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0438F000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x043A5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x043B4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x043CF000 \SystemRoot\system32\drivers\termdd.sys
0x04200000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04251000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0425D000 \SystemRoot\system32\drivers\mssmbios.sys
0x04268000 \SystemRoot\System32\drivers\discache.sys
0x017A5000 \SystemRoot\System32\Drivers\dfsc.sys
0x04277000 \SystemRoot\system32\drivers\blbdrive.sys
0x017C3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04A4A000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x044F5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04400000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04446000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04457000 \SystemRoot\system32\drivers\usbehci.sys
0x04468000 \SystemRoot\system32\drivers\USBPORT.SYS
0x044BE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x05863000 \SystemRoot\system32\DRIVERS\NETwNs64.sys
0x060CF000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x06132000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x06147000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x06165000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x06174000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x061CF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x061DE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x061EB000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x061F8000 \SystemRoot\system32\drivers\CmBatt.sys
0x05800000 \SystemRoot\system32\drivers\wmiacpi.sys
0x05809000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0581F000 \SystemRoot\system32\drivers\CompositeBus.sys
0x0582F000 \SystemRoot\system32\DRIVERS\clwvd.sys
0x04A00000 \SystemRoot\system32\DRIVERS\ks.sys
0x05835000 \SystemRoot\system32\drivers\ksthunk.sys
0x0583B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x01398000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05851000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x013BC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x043E3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x015DE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x01200000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0585D000 \SystemRoot\system32\drivers\swenum.sys
0x044E2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x045E9000 \SystemRoot\system32\DRIVERS\WDKMD.sys
0x0121A000 \SystemRoot\System32\Drivers\fastfat.SYS
0x06218000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x06272000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06287000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x0630A000 \SystemRoot\system32\DRIVERS\portcls.sys
0x06347000 \SystemRoot\system32\DRIVERS\drmk.sys
0x06369000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x063BC000 \SystemRoot\System32\drivers\Dxapi.sys
0x063C8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02E82000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x063D6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x060DC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x063E9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x063EB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x060F9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06200000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06209000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x06112000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x01050000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0611F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00490000 \SystemRoot\System32\TSDDD.dll
0x00630000 \SystemRoot\System32\cdd.dll
0x00840000 \SystemRoot\System32\ATMFD.DLL
0x00E1A000 \SystemRoot\system32\drivers\luafv.sys
0x026FC000 \SystemRoot\system32\drivers\WudfPf.sys
0x0271D000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x0272E000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0275F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02774000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x027C7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x027DA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02600000 \SystemRoot\system32\drivers\HTTP.sys
0x026C9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03ECC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03EEA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03F17000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03F65000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03F89000 \SystemRoot\System32\DRIVERS\srv2.sys
0x03E00000 \SystemRoot\System32\DRIVERS\srv.sys
0x03E98000 \SystemRoot\System32\Drivers\adfs.SYS
0x072C5000 \SystemRoot\system32\drivers\peauth.sys
0x0736B000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07376000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07388000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x07392000 \??\C:\Windows\system32\drivers\mbam.sys
0x073F2000 \SystemRoot\system32\drivers\MSPQM.sys
0x073F4000 \SystemRoot\system32\drivers\MSPCLOCK.sys
0x07200000 \??\C:\Users\Matt\AppData\Local\Temp\aswMBR.sys
0x77240000 \Windows\System32\ntdll.dll
0x47A40000 \Windows\System32\smss.exe
0xFF560000 \Windows\System32\apisetschema.dll
0xFFAA0000 \Windows\System32\autochk.exe
0xFF4B0000 \Windows\System32\msvcrt.dll
0xFF2D0000 \Windows\System32\setupapi.dll
0x77410000 \Windows\System32\normaliz.dll
0xFF250000 \Windows\System32\difxapi.dll
0xFF170000 \Windows\System32\advapi32.dll
0xFF040000 \Windows\System32\rpcrt4.dll
0xFEF30000 \Windows\System32\msctf.dll
0x770E0000 \Windows\System32\wininet.dll
0xFEF20000 \Windows\System32\lpk.dll
0xFED10000 \Windows\System32\ole32.dll
0x76FC0000 \Windows\System32\kernel32.dll
0xFEC70000 \Windows\System32\comdlg32.dll
0xFEB90000 \Windows\System32\oleaut32.dll
0x77400000 \Windows\System32\psapi.dll
0xFEB70000 \Windows\System32\sechost.dll
0xFEAA0000 \Windows\System32\usp10.dll
0xFEA90000 \Windows\System32\nsi.dll
0xFEA10000 \Windows\System32\shlwapi.dll
0xFE9B0000 \Windows\System32\Wldap32.dll
0xFE980000 \Windows\System32\imm32.dll
0x76EC0000 \Windows\System32\user32.dll
0xFE960000 \Windows\System32\imagehlp.dll
0x76D70000 \Windows\System32\urlmon.dll
0xFE910000 \Windows\System32\ws2_32.dll
0xFE8A0000 \Windows\System32\gdi32.dll
0xFE800000 \Windows\System32\clbcatq.dll
0xFDA70000 \Windows\System32\shell32.dll
0x76B60000 \Windows\System32\iertutil.dll
0xFDA50000 \Windows\System32\devobj.dll
0xFD9E0000 \Windows\System32\KernelBase.dll
0xFD9A0000 \Windows\System32\cfgmgr32.dll
0xFD900000 \Windows\System32\comctl32.dll
0xFD790000 \Windows\System32\crypt32.dll
0xFD750000 \Windows\System32\wintrust.dll
0xFD740000 \Windows\System32\msasn1.dll
0x75B80000 \Windows\SysWOW64\normaliz.dll

Processes (total 113):
0 System Idle Process
4 System
328 C:\Windows\System32\smss.exe
456 csrss.exe
536 C:\Windows\System32\wininit.exe
556 csrss.exe
600 C:\Windows\System32\services.exe
616 C:\Windows\System32\lsass.exe
624 C:\Windows\System32\lsm.exe
716 C:\Windows\System32\winlogon.exe
788 C:\Windows\System32\svchost.exe
848 C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
908 C:\Windows\System32\svchost.exe
968 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
476 C:\Windows\System32\svchost.exe
380 C:\Windows\System32\svchost.exe
548 C:\Windows\System32\svchost.exe
692 C:\Program Files\IDT\WDM\stacsv64.exe
1048 C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
1180 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\hpservice.exe
1324 WUDFHost.exe
1568 C:\Windows\System32\svchost.exe
1712 C:\Windows\System32\wlanext.exe
1720 C:\Windows\System32\conhost.exe
1796 C:\Windows\System32\spoolsv.exe
1840 C:\Windows\System32\svchost.exe
2004 C:\Program Files\IDT\WDM\AESTSr64.exe
2032 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1292 C:\Program Files\Bonjour\mDNSResponder.exe
1496 C:\Windows\System32\svchost.exe
1528 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1372 C:\Windows\System32\svchost.exe
1640 C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
1648 C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
1940 C:\Windows\SysWOW64\srvany.exe
2072 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2120 C:\Windows\System32\svchost.exe
2200 C:\Windows\KMService.exe
2364 unsecapp.exe
2432 WmiPrvSE.exe
2492 C:\Windows\System32\conhost.exe
2800 C:\Windows\System32\taskhost.exe
2860 C:\Windows\System32\dwm.exe
2932 C:\Windows\explorer.exe
3036 C:\Windows\System32\wbem\unsecapp.exe
3236 C:\Windows\System32\igfxtray.exe
3256 C:\Windows\System32\hkcmd.exe
3268 C:\Windows\System32\igfxpers.exe
3280 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
3292 C:\Program Files\Apoint2K\Apoint.exe
3340 C:\Program Files\Microsoft Security Client\msseces.exe
3412 C:\Program Files\IDT\WDM\sttray64.exe
3420 C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
3428 C:\Program Files (x86)\Skype\Phone\Skype.exe
3444 C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
3452 C:\Program Files (x86)\Stickies\stickies.exe
3704 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
3712 C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
3720 C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
3848 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
3856 C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
3876 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4080 C:\Program Files\Apoint2K\ApMsgFwd.exe
3108 C:\Windows\System32\SearchIndexer.exe
2892 C:\Program Files\Apoint2K\ApntEx.exe
2780 C:\Windows\System32\conhost.exe
3596 C:\Program Files\Windows Media Player\wmpnetwk.exe
3684 C:\Program Files\iPod\bin\iPodService.exe
4008 C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
4352 C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
4472 C:\Windows\System32\taskeng.exe
4556 C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
4616 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
4968 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
4988 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
5044 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
5072 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
5084 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
5096 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
5112 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
4128 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
4224 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
4936 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
5808 C:\Windows\System32\svchost.exe
1004 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
6064 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
1388 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
1996 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
1160 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
404 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
4756 C:\Windows\SysWOW64\rundll32.exe
4788 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
5944 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
2632 C:\Users\Matt\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
4280 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
4216 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
2324 C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
5744 C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
1464 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
824 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
7052 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
1604 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
6524 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
6468 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
1144 C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
6860 C:\Windows\System32\audiodg.exe
892 C:\Windows\System32\SearchProtocolHost.exe
5620 C:\Windows\System32\SearchFilterHost.exe
4316 dllhost.exe
6232 dllhost.exe
1412 C:\Users\Matt\Desktop\MBRCheck.exe
4868 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000091`8e100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400BPVT-60HXZT1, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

#10 Matt Leonard

Matt Leonard
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 15 January 2012 - 09:15 PM

And the aswMBR check. Once I ran the program, I accepted the request to update definitions from Avast as well.

-Matt

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-15 19:57:24
-----------------------------
19:57:24.894 OS Version: Windows x64 6.1.7601 Service Pack 1
19:57:24.894 Number of processors: 4 586 0x2A07
19:57:24.895 ComputerName: MATT-HP UserName: Matt
19:57:26.069 Initialize success
20:00:46.470 AVAST engine defs: 12011501
20:01:01.112 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:01:01.116 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
20:01:01.134 Disk 0 MBR read successfully
20:01:01.138 Disk 0 MBR scan
20:01:01.146 Disk 0 Windows 7 default MBR code
20:01:01.149 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
20:01:01.156 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595993 MB offset 409600
20:01:01.187 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14183 MB offset 1221003264
20:01:01.198 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
20:01:01.203 Service scanning
20:01:01.648 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:01:02.216 Modules scanning
20:01:02.228 Disk 0 trace - called modules:
20:01:02.243 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
20:01:02.252 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008137060]
20:01:02.258 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8007fafb10]
20:01:02.262 5 hpdskflt.sys[fffff88001bc9189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006280050]
20:01:04.678 AVAST engine scan C:\Windows
20:01:07.222 AVAST engine scan C:\Windows\system32
20:02:18.196 AVAST engine scan C:\Windows\system32\drivers
20:02:28.570 AVAST engine scan C:\Users\Matt
20:04:39.440 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
20:04:39.452 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:20 PM

Posted 16 January 2012 - 09:10 PM

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 Matt Leonard

Matt Leonard
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 17 January 2012 - 12:34 PM

Here's my log from the TDSS scan.


08:56:30.0415 5452 TDSS rootkit removing tool 2.7.3.0 Jan 16 2012 18:53:41
08:56:31.0754 5452 ============================================================
08:56:31.0754 5452 Current date / time: 2012/01/17 08:56:31.0754
08:56:31.0754 5452 SystemInfo:
08:56:31.0754 5452
08:56:31.0754 5452 OS Version: 6.1.7601 ServicePack: 1.0
08:56:31.0754 5452 Product type: Workstation
08:56:31.0755 5452 ComputerName: MATT-HP
08:56:31.0755 5452 UserName: Matt
08:56:31.0755 5452 Windows directory: C:\Windows
08:56:31.0755 5452 System windows directory: C:\Windows
08:56:31.0755 5452 Running under WOW64
08:56:31.0755 5452 Processor architecture: Intel x64
08:56:31.0755 5452 Number of processors: 4
08:56:31.0755 5452 Page size: 0x1000
08:56:31.0755 5452 Boot type: Normal boot
08:56:31.0756 5452 ============================================================
08:56:32.0256 5452 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:56:32.0290 5452 Drive \Device\Harddisk1\DR4 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:56:32.0323 5452 Drive \Device\Harddisk2\DR5 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:56:32.0566 5452 Initialize success
08:56:54.0103 8880 ============================================================
08:56:54.0103 8880 Scan started
08:56:54.0103 8880 Mode: Manual;
08:56:54.0103 8880 ============================================================
08:56:55.0474 8880 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:56:55.0478 8880 1394ohci - ok
08:56:55.0582 8880 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
08:56:55.0585 8880 Accelerometer - ok
08:56:55.0694 8880 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:56:55.0702 8880 ACPI - ok
08:56:55.0808 8880 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:56:55.0810 8880 AcpiPmi - ok
08:56:56.0126 8880 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
08:56:56.0130 8880 adfs - ok
08:56:56.0239 8880 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
08:56:56.0247 8880 adp94xx - ok
08:56:56.0307 8880 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
08:56:56.0313 8880 adpahci - ok
08:56:56.0361 8880 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
08:56:56.0365 8880 adpu320 - ok
08:56:56.0430 8880 AESTAud (2c4676e1b569bbe9d4d50a2b90f10064) C:\Windows\system32\drivers\AESTAu64.sys
08:56:56.0433 8880 AESTAud - ok
08:56:56.0528 8880 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
08:56:56.0535 8880 AFD - ok
08:56:56.0579 8880 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:56:56.0581 8880 agp440 - ok
08:56:56.0603 8880 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:56:56.0605 8880 aliide - ok
08:56:56.0626 8880 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:56:56.0627 8880 amdide - ok
08:56:56.0665 8880 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
08:56:56.0667 8880 AmdK8 - ok
08:56:56.0686 8880 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
08:56:56.0688 8880 AmdPPM - ok
08:56:56.0722 8880 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:56:56.0724 8880 amdsata - ok
08:56:56.0783 8880 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
08:56:56.0786 8880 amdsbs - ok
08:56:56.0806 8880 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:56:56.0807 8880 amdxata - ok
08:56:56.0867 8880 ApfiltrService (5f87e363f83e8a6f5606991c256f703a) C:\Windows\system32\DRIVERS\Apfiltr.sys
08:56:56.0873 8880 ApfiltrService - ok
08:56:56.0925 8880 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:56:56.0927 8880 AppID - ok
08:56:57.0012 8880 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
08:56:57.0014 8880 arc - ok
08:56:57.0031 8880 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
08:56:57.0034 8880 arcsas - ok
08:56:57.0072 8880 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:56:57.0073 8880 AsyncMac - ok
08:56:57.0097 8880 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:56:57.0098 8880 atapi - ok
08:56:57.0146 8880 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
08:56:57.0152 8880 b06bdrv - ok
08:56:57.0180 8880 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:56:57.0184 8880 b57nd60a - ok
08:56:57.0228 8880 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
08:56:57.0259 8880 BCM43XX - ok
08:56:57.0291 8880 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:56:57.0292 8880 Beep - ok
08:56:57.0309 8880 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
08:56:57.0311 8880 blbdrive - ok
08:56:57.0355 8880 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:56:57.0356 8880 bowser - ok
08:56:57.0388 8880 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
08:56:57.0390 8880 BrFiltLo - ok
08:56:57.0410 8880 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
08:56:57.0411 8880 BrFiltUp - ok
08:56:57.0441 8880 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:56:57.0445 8880 Brserid - ok
08:56:57.0483 8880 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:56:57.0485 8880 BrSerWdm - ok
08:56:57.0504 8880 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:56:57.0506 8880 BrUsbMdm - ok
08:56:57.0522 8880 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:56:57.0523 8880 BrUsbSer - ok
08:56:57.0565 8880 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
08:56:57.0567 8880 BTHMODEM - ok
08:56:57.0638 8880 catchme - ok
08:56:57.0661 8880 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:56:57.0663 8880 cdfs - ok
08:56:57.0705 8880 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:56:57.0708 8880 cdrom - ok
08:56:57.0747 8880 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
08:56:57.0748 8880 circlass - ok
08:56:57.0779 8880 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:56:57.0784 8880 CLFS - ok
08:56:57.0865 8880 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
08:56:57.0867 8880 clwvd - ok
08:56:57.0915 8880 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
08:56:57.0917 8880 CmBatt - ok
08:56:57.0941 8880 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:56:57.0943 8880 cmdide - ok
08:56:57.0996 8880 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:56:58.0003 8880 CNG - ok
08:56:58.0021 8880 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
08:56:58.0023 8880 Compbatt - ok
08:56:58.0046 8880 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:56:58.0047 8880 CompositeBus - ok
08:56:58.0066 8880 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
08:56:58.0068 8880 crcdisk - ok
08:56:58.0102 8880 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:56:58.0104 8880 DfsC - ok
08:56:58.0137 8880 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:56:58.0138 8880 discache - ok
08:56:58.0162 8880 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
08:56:58.0164 8880 Disk - ok
08:56:58.0195 8880 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:56:58.0197 8880 drmkaud - ok
08:56:58.0238 8880 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:56:58.0267 8880 DXGKrnl - ok
08:56:58.0363 8880 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
08:56:58.0433 8880 ebdrv - ok
08:56:58.0475 8880 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
08:56:58.0481 8880 elxstor - ok
08:56:58.0502 8880 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:56:58.0503 8880 ErrDev - ok
08:56:58.0542 8880 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:56:58.0545 8880 exfat - ok
08:56:58.0572 8880 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:56:58.0575 8880 fastfat - ok
08:56:58.0594 8880 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
08:56:58.0595 8880 fdc - ok
08:56:58.0632 8880 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:56:58.0633 8880 FileInfo - ok
08:56:58.0649 8880 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:56:58.0650 8880 Filetrace - ok
08:56:58.0676 8880 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
08:56:58.0677 8880 flpydisk - ok
08:56:58.0706 8880 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:56:58.0710 8880 FltMgr - ok
08:56:58.0765 8880 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:56:58.0766 8880 FsDepends - ok
08:56:58.0781 8880 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:56:58.0782 8880 Fs_Rec - ok
08:56:58.0803 8880 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:56:58.0806 8880 fvevol - ok
08:56:58.0841 8880 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
08:56:58.0842 8880 gagp30kx - ok
08:56:58.0893 8880 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:56:58.0895 8880 GEARAspiWDM - ok
08:56:58.0928 8880 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:56:58.0930 8880 hcw85cir - ok
08:56:58.0985 8880 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:56:58.0993 8880 HdAudAddService - ok
08:56:59.0065 8880 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:56:59.0070 8880 HDAudBus - ok
08:56:59.0104 8880 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
08:56:59.0107 8880 HidBatt - ok
08:56:59.0131 8880 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
08:56:59.0135 8880 HidBth - ok
08:56:59.0168 8880 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
08:56:59.0169 8880 HidIr - ok
08:56:59.0224 8880 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:56:59.0226 8880 HidUsb - ok
08:56:59.0278 8880 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
08:56:59.0279 8880 hpdskflt - ok
08:56:59.0322 8880 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:56:59.0324 8880 HpSAMD - ok
08:56:59.0368 8880 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:56:59.0379 8880 HTTP - ok
08:56:59.0416 8880 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:56:59.0417 8880 hwpolicy - ok
08:56:59.0451 8880 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
08:56:59.0454 8880 i8042prt - ok
08:56:59.0527 8880 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
08:56:59.0529 8880 iaStor - ok
08:56:59.0597 8880 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:56:59.0602 8880 iaStorV - ok
08:56:59.0909 8880 igfx (78527e6a4d78b1153925914c55872beb) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:57:00.0192 8880 igfx - ok
08:57:00.0226 8880 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
08:57:00.0227 8880 iirsp - ok
08:57:00.0268 8880 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
08:57:00.0271 8880 IntcDAud - ok
08:57:00.0293 8880 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:57:00.0294 8880 intelide - ok
08:57:00.0319 8880 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:57:00.0320 8880 intelppm - ok
08:57:00.0349 8880 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:57:00.0351 8880 IpFilterDriver - ok
08:57:00.0372 8880 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:57:00.0374 8880 IPMIDRV - ok
08:57:00.0403 8880 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:57:00.0405 8880 IPNAT - ok
08:57:00.0456 8880 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:57:00.0458 8880 IRENUM - ok
08:57:00.0480 8880 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:57:00.0482 8880 isapnp - ok
08:57:00.0521 8880 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:57:00.0527 8880 iScsiPrt - ok
08:57:00.0550 8880 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:57:00.0552 8880 kbdclass - ok
08:57:00.0588 8880 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
08:57:00.0589 8880 kbdhid - ok
08:57:00.0633 8880 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:57:00.0635 8880 KSecDD - ok
08:57:00.0654 8880 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:57:00.0657 8880 KSecPkg - ok
08:57:00.0689 8880 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:57:00.0690 8880 ksthunk - ok
08:57:00.0741 8880 L1C (6dd5383c9413aae3113faf89e345663d) C:\Windows\system32\DRIVERS\L1C62x64.sys
08:57:00.0744 8880 L1C - ok
08:57:00.0813 8880 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:57:00.0815 8880 lltdio - ok
08:57:00.0860 8880 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
08:57:00.0862 8880 LSI_FC - ok
08:57:00.0888 8880 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
08:57:00.0890 8880 LSI_SAS - ok
08:57:00.0908 8880 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
08:57:00.0910 8880 LSI_SAS2 - ok
08:57:00.0932 8880 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
08:57:00.0934 8880 LSI_SCSI - ok
08:57:00.0966 8880 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:57:00.0969 8880 luafv - ok
08:57:01.0035 8880 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
08:57:01.0038 8880 LVRS64 - ok
08:57:01.0197 8880 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
08:57:01.0226 8880 LVUVC64 - ok
08:57:01.0270 8880 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
08:57:01.0272 8880 MBAMProtector - ok
08:57:01.0338 8880 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
08:57:01.0339 8880 megasas - ok
08:57:01.0362 8880 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
08:57:01.0366 8880 MegaSR - ok
08:57:01.0403 8880 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
08:57:01.0404 8880 MEIx64 - ok
08:57:01.0427 8880 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:57:01.0429 8880 Modem - ok
08:57:01.0454 8880 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:57:01.0455 8880 monitor - ok
08:57:01.0487 8880 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:57:01.0489 8880 mouclass - ok
08:57:01.0514 8880 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:57:01.0515 8880 mouhid - ok
08:57:01.0535 8880 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:57:01.0537 8880 mountmgr - ok
08:57:01.0577 8880 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
08:57:01.0579 8880 MpFilter - ok
08:57:01.0613 8880 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:57:01.0615 8880 mpio - ok
08:57:01.0639 8880 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
08:57:01.0640 8880 MpNWMon - ok
08:57:01.0662 8880 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:57:01.0663 8880 mpsdrv - ok
08:57:01.0686 8880 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:57:01.0688 8880 MRxDAV - ok
08:57:01.0725 8880 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:57:01.0728 8880 mrxsmb - ok
08:57:01.0758 8880 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:57:01.0763 8880 mrxsmb10 - ok
08:57:01.0797 8880 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:57:01.0799 8880 mrxsmb20 - ok
08:57:01.0820 8880 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:57:01.0821 8880 msahci - ok
08:57:01.0843 8880 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:57:01.0846 8880 msdsm - ok
08:57:01.0872 8880 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:57:01.0873 8880 Msfs - ok
08:57:01.0910 8880 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:57:01.0911 8880 mshidkmdf - ok
08:57:01.0933 8880 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:57:01.0934 8880 msisadrv - ok
08:57:01.0963 8880 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:57:01.0964 8880 MSKSSRV - ok
08:57:02.0014 8880 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:57:02.0016 8880 MSPCLOCK - ok
08:57:02.0041 8880 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:57:02.0043 8880 MSPQM - ok
08:57:02.0072 8880 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:57:02.0078 8880 MsRPC - ok
08:57:02.0117 8880 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:57:02.0119 8880 mssmbios - ok
08:57:02.0141 8880 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:57:02.0143 8880 MSTEE - ok
08:57:02.0165 8880 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
08:57:02.0166 8880 MTConfig - ok
08:57:02.0188 8880 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:57:02.0190 8880 Mup - ok
08:57:02.0236 8880 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:57:02.0242 8880 NativeWifiP - ok
08:57:02.0299 8880 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:57:02.0325 8880 NDIS - ok
08:57:02.0346 8880 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:57:02.0348 8880 NdisCap - ok
08:57:02.0385 8880 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:57:02.0386 8880 NdisTapi - ok
08:57:02.0425 8880 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:57:02.0428 8880 Ndisuio - ok
08:57:02.0449 8880 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:57:02.0452 8880 NdisWan - ok
08:57:02.0475 8880 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:57:02.0477 8880 NDProxy - ok
08:57:02.0535 8880 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
08:57:02.0536 8880 Netaapl - ok
08:57:02.0566 8880 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:57:02.0567 8880 NetBIOS - ok
08:57:02.0592 8880 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:57:02.0597 8880 NetBT - ok
08:57:02.0808 8880 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys
08:57:02.0989 8880 NETwNs64 - ok
08:57:03.0037 8880 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
08:57:03.0040 8880 nfrd960 - ok
08:57:03.0069 8880 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:57:03.0072 8880 NisDrv - ok
08:57:03.0113 8880 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:57:03.0115 8880 Npfs - ok
08:57:03.0135 8880 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:57:03.0136 8880 nsiproxy - ok
08:57:03.0218 8880 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:57:03.0257 8880 Ntfs - ok
08:57:03.0277 8880 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:57:03.0278 8880 Null - ok
08:57:03.0308 8880 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
08:57:03.0314 8880 NVENETFD - ok
08:57:03.0351 8880 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:57:03.0354 8880 nvraid - ok
08:57:03.0372 8880 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:57:03.0375 8880 nvstor - ok
08:57:03.0412 8880 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:57:03.0414 8880 nv_agp - ok
08:57:03.0436 8880 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:57:03.0438 8880 ohci1394 - ok
08:57:03.0477 8880 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
08:57:03.0480 8880 Parport - ok
08:57:03.0505 8880 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:57:03.0507 8880 partmgr - ok
08:57:03.0548 8880 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:57:03.0554 8880 pci - ok
08:57:03.0581 8880 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:57:03.0582 8880 pciide - ok
08:57:03.0605 8880 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
08:57:03.0609 8880 pcmcia - ok
08:57:03.0633 8880 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:57:03.0635 8880 pcw - ok
08:57:03.0671 8880 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:57:03.0681 8880 PEAUTH - ok
08:57:03.0736 8880 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:57:03.0738 8880 PptpMiniport - ok
08:57:03.0761 8880 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
08:57:03.0762 8880 Processor - ok
08:57:03.0792 8880 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:57:03.0793 8880 Psched - ok
08:57:03.0845 8880 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
08:57:03.0877 8880 ql2300 - ok
08:57:03.0903 8880 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
08:57:03.0905 8880 ql40xx - ok
08:57:03.0923 8880 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:57:03.0925 8880 QWAVEdrv - ok
08:57:03.0944 8880 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:57:03.0945 8880 RasAcd - ok
08:57:03.0979 8880 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:57:03.0981 8880 RasAgileVpn - ok
08:57:04.0008 8880 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:57:04.0010 8880 Rasl2tp - ok
08:57:04.0030 8880 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:57:04.0032 8880 RasPppoe - ok
08:57:04.0047 8880 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:57:04.0048 8880 RasSstp - ok
08:57:04.0073 8880 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:57:04.0077 8880 rdbss - ok
08:57:04.0098 8880 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
08:57:04.0099 8880 rdpbus - ok
08:57:04.0125 8880 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:57:04.0125 8880 RDPCDD - ok
08:57:04.0161 8880 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:57:04.0162 8880 RDPENCDD - ok
08:57:04.0185 8880 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:57:04.0185 8880 RDPREFMP - ok
08:57:04.0210 8880 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
08:57:04.0213 8880 RDPWD - ok
08:57:04.0234 8880 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:57:04.0237 8880 rdyboost - ok
08:57:04.0307 8880 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
08:57:04.0313 8880 RSPCIESTOR - ok
08:57:04.0339 8880 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:57:04.0341 8880 rspndr - ok
08:57:04.0430 8880 SASDIFSV - ok
08:57:04.0464 8880 SASKUTIL - ok
08:57:04.0503 8880 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:57:04.0506 8880 sbp2port - ok
08:57:04.0536 8880 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:57:04.0538 8880 scfilter - ok
08:57:04.0579 8880 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
08:57:04.0582 8880 sdbus - ok
08:57:04.0603 8880 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:57:04.0604 8880 secdrv - ok
08:57:04.0631 8880 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
08:57:04.0632 8880 Serenum - ok
08:57:04.0666 8880 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
08:57:04.0668 8880 Serial - ok
08:57:04.0697 8880 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
08:57:04.0699 8880 sermouse - ok
08:57:04.0739 8880 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:57:04.0740 8880 sffdisk - ok
08:57:04.0762 8880 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:57:04.0763 8880 sffp_mmc - ok
08:57:04.0781 8880 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:57:04.0782 8880 sffp_sd - ok
08:57:04.0808 8880 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
08:57:04.0809 8880 sfloppy - ok
08:57:04.0861 8880 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
08:57:04.0862 8880 SiSRaid2 - ok
08:57:04.0896 8880 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
08:57:04.0898 8880 SiSRaid4 - ok
08:57:04.0977 8880 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:57:04.0979 8880 Smb - ok
08:57:05.0008 8880 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:57:05.0009 8880 spldr - ok
08:57:05.0046 8880 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:57:05.0051 8880 srv - ok
08:57:05.0084 8880 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:57:05.0089 8880 srv2 - ok
08:57:05.0129 8880 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
08:57:05.0133 8880 SrvHsfHDA - ok
08:57:05.0193 8880 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
08:57:05.0222 8880 SrvHsfV92 - ok
08:57:05.0255 8880 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
08:57:05.0263 8880 SrvHsfWinac - ok
08:57:05.0290 8880 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:57:05.0293 8880 srvnet - ok
08:57:05.0367 8880 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
08:57:05.0368 8880 stexstor - ok
08:57:05.0442 8880 STHDA (400ebac444d0622cb0f7fba23b234b82) C:\Windows\system32\DRIVERS\stwrt64.sys
08:57:05.0448 8880 STHDA - ok
08:57:05.0494 8880 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:57:05.0495 8880 swenum - ok
08:57:05.0577 8880 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
08:57:05.0621 8880 Tcpip - ok
08:57:05.0688 8880 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
08:57:05.0698 8880 TCPIP6 - ok
08:57:05.0745 8880 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:57:05.0747 8880 tcpipreg - ok
08:57:05.0770 8880 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:57:05.0771 8880 TDPIPE - ok
08:57:05.0789 8880 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:57:05.0790 8880 TDTCP - ok
08:57:05.0815 8880 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:57:05.0817 8880 tdx - ok
08:57:05.0831 8880 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:57:05.0833 8880 TermDD - ok
08:57:05.0864 8880 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:57:05.0865 8880 tssecsrv - ok
08:57:05.0896 8880 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:57:05.0897 8880 TsUsbFlt - ok
08:57:05.0927 8880 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
08:57:05.0928 8880 TsUsbGD - ok
08:57:05.0970 8880 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:57:05.0972 8880 tunnel - ok
08:57:06.0011 8880 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
08:57:06.0012 8880 uagp35 - ok
08:57:06.0038 8880 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:57:06.0043 8880 udfs - ok
08:57:06.0086 8880 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:57:06.0087 8880 uliagpkx - ok
08:57:06.0111 8880 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:57:06.0112 8880 umbus - ok
08:57:06.0141 8880 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
08:57:06.0142 8880 UmPass - ok
08:57:06.0224 8880 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
08:57:06.0225 8880 USBAAPL64 - ok
08:57:06.0283 8880 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
08:57:06.0284 8880 usbaudio - ok
08:57:06.0314 8880 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:57:06.0316 8880 usbccgp - ok
08:57:06.0342 8880 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:57:06.0343 8880 usbcir - ok
08:57:06.0371 8880 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
08:57:06.0373 8880 usbehci - ok
08:57:06.0394 8880 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:57:06.0399 8880 usbhub - ok
08:57:06.0423 8880 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
08:57:06.0425 8880 usbohci - ok
08:57:06.0452 8880 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:57:06.0453 8880 usbprint - ok
08:57:06.0485 8880 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:57:06.0487 8880 usbscan - ok
08:57:06.0521 8880 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:57:06.0523 8880 USBSTOR - ok
08:57:06.0545 8880 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:57:06.0546 8880 usbuhci - ok
08:57:06.0594 8880 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
08:57:06.0597 8880 usbvideo - ok
08:57:06.0621 8880 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:57:06.0622 8880 vdrvroot - ok
08:57:06.0649 8880 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:57:06.0650 8880 vga - ok
08:57:06.0676 8880 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:57:06.0677 8880 VgaSave - ok
08:57:06.0709 8880 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:57:06.0712 8880 vhdmp - ok
08:57:06.0727 8880 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:57:06.0728 8880 viaide - ok
08:57:06.0767 8880 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:57:06.0769 8880 volmgr - ok
08:57:06.0796 8880 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:57:06.0800 8880 volmgrx - ok
08:57:06.0841 8880 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:57:06.0845 8880 volsnap - ok
08:57:06.0900 8880 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
08:57:06.0903 8880 vsmraid - ok
08:57:06.0921 8880 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:57:06.0923 8880 vwifibus - ok
08:57:06.0959 8880 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:57:06.0961 8880 vwififlt - ok
08:57:06.0990 8880 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
08:57:06.0991 8880 vwifimp - ok
08:57:07.0011 8880 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
08:57:07.0012 8880 WacomPen - ok
08:57:07.0040 8880 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:57:07.0042 8880 WANARP - ok
08:57:07.0045 8880 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:57:07.0045 8880 Wanarpv6 - ok
08:57:07.0102 8880 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
08:57:07.0104 8880 Wd - ok
08:57:07.0169 8880 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:57:07.0185 8880 Wdf01000 - ok
08:57:07.0228 8880 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys
08:57:07.0229 8880 wdkmd - ok
08:57:07.0266 8880 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:57:07.0268 8880 WfpLwf - ok
08:57:07.0290 8880 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:57:07.0291 8880 WIMMount - ok
08:57:07.0345 8880 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
08:57:07.0347 8880 WinUsb - ok
08:57:07.0386 8880 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:57:07.0387 8880 WmiAcpi - ok
08:57:07.0443 8880 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:57:07.0444 8880 ws2ifsl - ok
08:57:07.0488 8880 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:57:07.0490 8880 WudfPf - ok
08:57:07.0513 8880 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:57:07.0515 8880 WUDFRd - ok
08:57:07.0565 8880 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:57:07.0620 8880 \Device\Harddisk0\DR0 - ok
08:57:07.0623 8880 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR4
08:57:07.0626 8880 \Device\Harddisk1\DR4 - ok
08:57:07.0980 8880 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR5
08:57:07.0985 8880 \Device\Harddisk2\DR5 - ok
08:57:07.0992 8880 Boot (0x1200) (485145f0dbd24c98f054546f0f9e7b95) \Device\Harddisk0\DR0\Partition0
08:57:07.0993 8880 \Device\Harddisk0\DR0\Partition0 - ok
08:57:08.0010 8880 Boot (0x1200) (412f093f9b07ec62a77c265816c9fce4) \Device\Harddisk0\DR0\Partition1
08:57:08.0012 8880 \Device\Harddisk0\DR0\Partition1 - ok
08:57:08.0052 8880 Boot (0x1200) (0c8db4800b5d429f779ebcda731cbd7f) \Device\Harddisk0\DR0\Partition2
08:57:08.0053 8880 \Device\Harddisk0\DR0\Partition2 - ok
08:57:08.0075 8880 Boot (0x1200) (58392afcc9a3f2ea2d7b399d8eba6ae9) \Device\Harddisk0\DR0\Partition3
08:57:08.0075 8880 \Device\Harddisk0\DR0\Partition3 - ok
08:57:08.0080 8880 Boot (0x1200) (5be3eba9bec0e3d4913b3a6508b30061) \Device\Harddisk1\DR4\Partition0
08:57:08.0081 8880 \Device\Harddisk1\DR4\Partition0 - ok
08:57:08.0085 8880 Boot (0x1200) (ea64baaaa21f9577cdeaad46e03a4376) \Device\Harddisk2\DR5\Partition0
08:57:08.0086 8880 \Device\Harddisk2\DR5\Partition0 - ok
08:57:08.0087 8880 ============================================================
08:57:08.0087 8880 Scan finished
08:57:08.0088 8880 ============================================================
08:57:08.0100 9336 Detected object count: 0
08:57:08.0100 9336 Actual detected object count: 0
08:57:18.0330 9348 Deinitialize success

#13 Matt Leonard

Matt Leonard
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 17 January 2012 - 12:38 PM

And my ComboFix log. Despite be disabling MSSE - it did warn me that it was still running. I both disabled real-time scanning in the MSSE interface, as well as manually shut down the process via Task Manager - but ComboFix still said it was running. I ran the scan anyway - here's the results.


ComboFix 12-01-17.01 - Matt 01/17/2012 9:06.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3925 [GMT -8:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-17 17:15 . 2012-01-17 17:15 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBC8E9D1-D578-43F0-94AC-21D0F4B54C35}\offreg.dll
2012-01-17 17:13 . 2012-01-17 17:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-17 16:22 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBC8E9D1-D578-43F0-94AC-21D0F4B54C35}\mpengine.dll
2012-01-17 03:24 . 2012-01-17 03:24 151552 ----a-w- c:\windows\KMSEmulator.exe
2012-01-14 14:57 . 2012-01-14 14:56 151552 ----a-w- c:\windows\KMService.exe
2012-01-13 15:34 . 2012-01-13 16:10 -------- d-----w- c:\users\Matt\AppData\Roaming\Downloadr
2012-01-12 19:43 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-12 19:43 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 19:43 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-12 19:43 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-12 19:42 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 19:42 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-12 19:42 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-12 19:42 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-12-28 19:01 . 2011-12-28 19:36 -------- d-----w- c:\users\Matt\AppData\Roaming\Audacity
2011-12-28 19:00 . 2011-12-28 19:00 -------- d-----w- c:\program files (x86)\Audacity 1.3 Beta (Unicode)
2011-12-27 07:37 . 2011-12-27 07:37 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-26 22:16 . 2011-12-26 22:15 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-26 05:42 . 2011-12-26 05:42 -------- d-----w- c:\program files (x86)\ESET
2011-12-26 05:33 . 2011-12-26 05:33 -------- d-----w- c:\program files\HitmanPro
2011-12-26 04:46 . 2011-12-26 05:56 25160 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2011-12-26 04:44 . 2011-12-26 04:46 -------- d-----w- c:\programdata\HitmanPro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-14 14:56 . 2011-07-14 19:40 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2011-12-26 22:15 . 2011-04-03 18:25 660368 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-08 17:29 . 2011-08-11 16:26 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-14 19:37 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-07-15 15:03 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-05 05:32 . 2011-12-14 19:37 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 19:37 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-15 11:02 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-15 11:02 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-15 11:02 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-15 11:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-15 11:02 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-15 11:02 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 11:02 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-15 11:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-14 19:58 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-28_07.45.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-13 04:47 . 2011-11-17 05:28 96768 c:\windows\SysWOW64\sspicli.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 96768 c:\windows\SysWOW64\sspicli.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 22016 c:\windows\SysWOW64\secur32.dll
+ 2012-01-13 04:47 . 2011-11-17 05:34 22016 c:\windows\SysWOW64\secur32.dll
+ 2010-11-21 03:09 . 2011-12-28 08:25 39816 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-15 18:56 37250 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-13 04:47 . 2011-11-17 06:35 29184 c:\windows\system32\sspisrv.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 29184 c:\windows\system32\sspisrv.dll
+ 2012-01-13 04:47 . 2011-11-17 06:35 28160 c:\windows\system32\secur32.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 28160 c:\windows\system32\secur32.dll
- 2009-07-13 23:20 . 2009-07-14 01:39 31232 c:\windows\system32\lsass.exe
+ 2012-01-13 04:47 . 2011-11-17 06:33 31232 c:\windows\system32\lsass.exe
+ 2012-01-13 04:47 . 2011-11-17 06:49 95600 c:\windows\system32\drivers\ksecdd.sys
+ 2011-07-14 00:46 . 2012-01-14 13:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-14 00:46 . 2011-12-27 07:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-14 00:46 . 2012-01-14 13:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-14 00:46 . 2011-12-27 07:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-14 13:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-27 07:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:46 . 2011-12-28 07:39 94744 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-01-15 19:01 94744 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-01-01 16:04 . 2011-12-25 20:40 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2012-01-01 16:04 . 2011-12-25 20:42 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2011-10-12 10:04 . 2011-10-12 10:04 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-12 10:04 . 2011-10-12 10:04 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-03 12:55 . 2012-01-03 12:55 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-12 10:03 . 2011-10-12 10:03 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-03 12:55 . 2012-01-03 12:55 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-12 10:03 . 2011-10-12 10:03 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-07-14 19:43 . 2011-12-15 11:06 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-07-14 19:43 . 2012-01-14 09:05 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-07-14 19:43 . 2011-12-15 11:06 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2011-07-14 19:43 . 2012-01-14 09:05 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
- 2011-07-14 19:43 . 2011-12-15 11:06 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-07-14 19:43 . 2012-01-14 09:05 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-09-05 17:05 . 2011-09-05 17:05 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\wow_helper.exe
+ 2012-01-02 14:07 . 2012-01-02 14:07 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\6c13d7fb161ed4d7da730a70375b07c9\System.Web.DynamicData.Design.ni.dll
+ 2012-01-02 14:09 . 2012-01-02 14:09 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94787ab3efcc074396a60ff3d83edf78\System.Web.DynamicData.Design.ni.dll
+ 2011-08-11 16:12 . 2012-01-17 17:14 6868 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-08-11 16:12 . 2011-12-28 07:31 6868 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-07-14 00:46 . 2012-01-15 18:56 6204 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3278785495-3850903405-2944343719-1000_UserData.bin
+ 2012-01-12 19:40 . 2012-01-12 19:40 9560 c:\windows\system32\NetworkList\Icons\{B4C132EA-D83F-4AC9-9BD9-10700F577C75}_48.bin
+ 2012-01-12 19:40 . 2012-01-12 19:40 4280 c:\windows\system32\NetworkList\Icons\{B4C132EA-D83F-4AC9-9BD9-10700F577C75}_32.bin
+ 2012-01-12 19:40 . 2012-01-12 19:40 2456 c:\windows\system32\NetworkList\Icons\{B4C132EA-D83F-4AC9-9BD9-10700F577C75}_24.bin
+ 2012-01-16 17:27 . 2012-01-16 17:27 9560 c:\windows\system32\NetworkList\Icons\{ABF89309-D49F-4D0B-BA64-604B8647987B}_48.bin
+ 2012-01-16 17:27 . 2012-01-16 17:27 4280 c:\windows\system32\NetworkList\Icons\{ABF89309-D49F-4D0B-BA64-604B8647987B}_32.bin
+ 2012-01-16 17:27 . 2012-01-16 17:27 2456 c:\windows\system32\NetworkList\Icons\{ABF89309-D49F-4D0B-BA64-604B8647987B}_24.bin
+ 2012-01-12 00:05 . 2012-01-12 00:05 9560 c:\windows\system32\NetworkList\Icons\{8B7F99FB-8322-481E-9B25-E70F0494063E}_48.bin
+ 2012-01-12 00:05 . 2012-01-12 00:05 4280 c:\windows\system32\NetworkList\Icons\{8B7F99FB-8322-481E-9B25-E70F0494063E}_32.bin
+ 2012-01-12 00:05 . 2012-01-12 00:05 2456 c:\windows\system32\NetworkList\Icons\{8B7F99FB-8322-481E-9B25-E70F0494063E}_24.bin
+ 2011-12-30 01:50 . 2011-12-30 01:50 9560 c:\windows\system32\NetworkList\Icons\{6E4E9B13-E71F-4AFA-A8B7-3E72B911707D}_48.bin
+ 2011-12-30 01:50 . 2011-12-30 01:50 4280 c:\windows\system32\NetworkList\Icons\{6E4E9B13-E71F-4AFA-A8B7-3E72B911707D}_32.bin
+ 2011-12-30 01:50 . 2011-12-30 01:50 2456 c:\windows\system32\NetworkList\Icons\{6E4E9B13-E71F-4AFA-A8B7-3E72B911707D}_24.bin
+ 2012-01-13 04:23 . 2012-01-13 04:23 9560 c:\windows\system32\NetworkList\Icons\{5FC022B6-EE5D-4959-B861-B1A10A65AECA}_48.bin
+ 2012-01-13 04:23 . 2012-01-13 04:23 4280 c:\windows\system32\NetworkList\Icons\{5FC022B6-EE5D-4959-B861-B1A10A65AECA}_32.bin
+ 2012-01-13 04:23 . 2012-01-13 04:23 2456 c:\windows\system32\NetworkList\Icons\{5FC022B6-EE5D-4959-B861-B1A10A65AECA}_24.bin
+ 2011-12-30 01:53 . 2011-12-30 01:53 9560 c:\windows\system32\NetworkList\Icons\{5FA5A477-B440-47E3-82A0-920916D4F05A}_48.bin
+ 2011-12-30 01:53 . 2011-12-30 01:53 4280 c:\windows\system32\NetworkList\Icons\{5FA5A477-B440-47E3-82A0-920916D4F05A}_32.bin
+ 2011-12-30 01:53 . 2011-12-30 01:53 2456 c:\windows\system32\NetworkList\Icons\{5FA5A477-B440-47E3-82A0-920916D4F05A}_24.bin
+ 2011-12-29 06:11 . 2011-12-29 06:11 9560 c:\windows\system32\NetworkList\Icons\{4FDB2464-B62A-40A0-923A-9F62901E371D}_48.bin
+ 2011-12-29 06:11 . 2011-12-29 06:11 4280 c:\windows\system32\NetworkList\Icons\{4FDB2464-B62A-40A0-923A-9F62901E371D}_32.bin
+ 2011-12-29 06:11 . 2011-12-29 06:11 2456 c:\windows\system32\NetworkList\Icons\{4FDB2464-B62A-40A0-923A-9F62901E371D}_24.bin
- 2011-12-28 07:45 . 2011-12-28 07:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-17 17:15 . 2012-01-17 17:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-17 17:15 . 2012-01-17 17:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-28 07:45 . 2011-12-28 07:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-11-21 03:23 . 2010-11-21 03:23 314880 c:\windows\SysWOW64\webio.dll
+ 2012-01-13 04:47 . 2011-11-17 05:35 314880 c:\windows\SysWOW64\webio.dll
+ 2012-01-13 04:47 . 2011-11-17 05:34 224768 c:\windows\SysWOW64\schannel.dll
+ 2012-01-13 04:47 . 2011-11-17 06:35 395776 c:\windows\system32\webio.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 395776 c:\windows\system32\webio.dll
+ 2011-07-24 02:23 . 2012-01-13 15:21 239374 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-07-14 01:51 . 2012-01-17 16:06 395888 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-01-13 04:47 . 2011-11-17 06:35 136192 c:\windows\system32\sspicli.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 136192 c:\windows\system32\sspicli.dll
+ 2012-01-13 04:47 . 2011-11-17 06:35 340992 c:\windows\system32\schannel.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 340992 c:\windows\system32\schannel.dll
- 2009-07-14 02:36 . 2011-12-28 07:37 626278 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-17 16:09 626278 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-28 07:37 107522 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-17 16:09 107522 c:\windows\system32\perfc009.dat
+ 2012-01-13 04:47 . 2011-11-17 06:49 152432 c:\windows\system32\drivers\ksecpkg.sys
+ 2012-01-13 04:47 . 2011-11-17 06:44 459232 c:\windows\system32\drivers\cng.sys
+ 2009-07-14 05:01 . 2012-01-17 17:14 454528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-28 07:44 454528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-26 13:47 . 2011-12-26 13:47 261912 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe
+ 2012-01-01 16:04 . 2011-12-25 20:40 746256 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
+ 2011-12-26 12:39 . 2011-12-26 12:39 192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2012-01-01 16:04 . 2011-12-25 20:42 437520 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-03 12:55 . 2012-01-03 12:55 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-12 10:03 . 2011-10-12 10:03 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-12 10:03 . 2011-10-12 10:03 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-03 12:55 . 2012-01-03 12:55 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-07-17 00:40 . 2011-09-24 21:05 335872 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000005}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2011-07-17 00:40 . 2012-01-15 00:26 335872 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000005}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2011-07-14 19:43 . 2012-01-14 09:05 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2011-07-14 19:43 . 2011-12-15 11:06 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2011-07-14 19:43 . 2011-12-15 11:06 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-07-14 19:43 . 2012-01-14 09:05 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-07-14 19:43 . 2012-01-14 09:05 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2011-07-14 19:43 . 2011-12-15 11:06 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2011-07-14 19:43 . 2011-12-15 11:06 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-07-14 19:43 . 2012-01-14 09:05 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-07-14 19:43 . 2012-01-14 09:05 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2011-07-14 19:43 . 2011-12-15 11:06 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2011-07-14 19:43 . 2011-12-15 11:06 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2011-07-14 19:43 . 2012-01-14 09:05 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2011-09-05 17:04 . 2011-09-05 17:04 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\html2pdfwrapfor64bit.exe
- 2010-11-21 03:24 . 2010-11-21 03:24 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-12 19:43 . 2011-10-29 05:23 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-02 14:07 . 2012-01-02 14:07 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\f715b47c2f0440ea23a71f1076b0af2b\System.Web.Routing.ni.dll
+ 2012-01-02 14:07 . 2012-01-02 14:07 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\d258f45340e6e538a19a56d1165b750f\System.Web.Entity.ni.dll
+ 2012-01-02 14:07 . 2012-01-02 14:07 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\6f6d11e33e2f3f6bddd4c33809340a48\System.Web.Entity.Design.ni.dll
+ 2012-01-02 14:07 . 2012-01-02 14:07 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\bca38e802e2b45f80f8fbde2b54ce0a2\System.Web.DynamicData.ni.dll
+ 2012-01-02 14:07 . 2012-01-02 14:07 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\0e411c30fc2caebb55813b8fa0689d42\System.Web.Abstractions.ni.dll
+ 2012-01-02 14:09 . 2012-01-02 14:09 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8e576ae7d946a5440bddfdbe06818a8b\System.Web.Routing.ni.dll
+ 2012-01-02 14:09 . 2012-01-02 14:09 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\5bd4f855a0b0386cb4baf093216ad2d3\System.Web.Extensions.Design.ni.dll
+ 2012-01-02 14:09 . 2012-01-02 14:09 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\8d56e2f2a05dbde707d87cb3bdf0dffc\System.Web.Entity.ni.dll
+ 2012-01-02 14:09 . 2012-01-02 14:09 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f560658d9ee6d2786cab976e775758d6\System.Web.Entity.Design.ni.dll
+ 2012-01-02 14:09 . 2012-01-02 14:09 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e94f08faeb08a8ee9d51a3480083bd07\System.Web.DynamicData.ni.dll
+ 2012-01-02 14:09 . 2012-01-02 14:09 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2dc7ec41005f6e6fe45e0cc0a20a12bc\System.Web.Abstractions.ni.dll
+ 2012-01-02 14:01 . 2012-01-02 14:01 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
+ 2012-01-02 14:09 . 2012-01-02 14:09 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\e6fa2be533d9e540ccafe51980ae0103\System.Data.Entity.Design.ni.dll
+ 2012-01-13 04:47 . 2011-11-17 06:35 1447936 c:\windows\system32\lsasrv.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 1447936 c:\windows\system32\lsasrv.dll
- 2009-07-14 04:45 . 2011-12-26 18:16 7204521 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-01-14 09:25 7204521 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-01-01 16:04 . 2011-12-25 20:40 5263360 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
+ 2012-01-01 16:04 . 2011-12-25 20:42 5255168 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-12 10:03 . 2011-10-12 10:03 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-03 12:55 . 2012-01-03 12:55 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-12 10:03 . 2011-10-12 10:03 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-03 12:56 . 2012-01-03 12:56 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-10-12 10:04 . 2011-10-12 10:04 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-12-26 14:24 . 2011-12-26 14:24 8835072 c:\windows\Installer\1fdf2099.msp
+ 2011-12-12 22:13 . 2011-12-12 22:13 3461120 c:\windows\Installer\11d25afe.msp
+ 2011-07-14 19:43 . 2012-01-14 09:05 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-07-14 19:43 . 2011-12-15 11:06 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-07-14 19:43 . 2012-01-14 09:05 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-07-14 19:43 . 2011-12-15 11:06 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-07-14 19:43 . 2012-01-14 09:05 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2011-07-14 19:43 . 2011-12-15 11:06 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2011-07-14 19:43 . 2011-12-15 11:06 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-07-14 19:43 . 2012-01-14 09:05 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-09-05 17:05 . 2011-09-05 17:05 4480920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\cooltype.dll
+ 2011-09-05 17:05 . 2011-09-05 17:05 1489304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\acrord32.exe
+ 2012-01-02 14:07 . 2012-01-02 14:07 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\455567dae39910d806447b77ee657a85\System.WorkflowServices.ni.dll
+ 2012-01-02 14:01 . 2012-01-02 14:01 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\45339e741d73e8f1f9393df8163c8c00\System.Workflow.Runtime.ni.dll
+ 2012-01-02 14:01 . 2012-01-02 14:01 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\48ef2f59740ad3d438d0514b335dd334\System.Workflow.ComponentModel.ni.dll
+ 2012-01-02 14:01 . 2012-01-02 14:01 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\7972e04df268430da009e63e90ff4ca9\System.Workflow.Activities.ni.dll
+ 2012-01-02 14:01 . 2012-01-02 14:01 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\8d374a0a9c49f485a7ce6e89ec354b4c\System.Web.Services.ni.dll
+ 2012-01-02 14:07 . 2012-01-02 14:07 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\91ecefc70d74ed44e5139ea2929adbb8\System.Web.Mobile.ni.dll
+ 2012-01-02 14:07 . 2012-01-02 14:07 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\71da5a6d09e12eb94be32935e4a8d5a2\System.Web.Extensions.ni.dll
+ 2012-01-02 14:07 . 2012-01-02 14:07 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2bb91a2edcc92d2bb79007e7d2ddc2ae\System.Web.Extensions.Design.ni.dll
+ 2012-01-02 14:07 . 2012-01-02 14:07 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\3a6ac85c04453976c0f3a7c6a64ec43a\System.ServiceModel.Web.ni.dll
+ 2012-01-02 14:00 . 2012-01-02 14:00 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\d12c2299179cb05591cf08c8712a6495\System.Runtime.Remoting.ni.dll
+ 2012-01-02 14:06 . 2012-01-02 14:06 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\1f90d38a42906a776be313d9720e350d\System.IdentityModel.ni.dll
+ 2012-01-02 14:07 . 2012-01-02 14:07 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\1d2c369d8e2d6f95c99ca90aca273418\System.Data.Services.ni.dll
+ 2012-01-02 14:07 . 2012-01-02 14:07 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\b7bd7d91dc9abd73f2506bb7a0292373\System.Data.Entity.Design.ni.dll
+ 2012-01-02 14:07 . 2012-01-02 14:07 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\53fcf7f34708a9482d3e4059ce29608c\MIGUIControls.ni.dll
+ 2012-01-02 14:07 . 2012-01-02 14:07 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\486ff8cee09c8c63aa9c60ff4f5feafa\Microsoft.VisualBasic.ni.dll
+ 2012-01-02 14:07 . 2012-01-02 14:07 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b68f19bf3f3d545547d2b680eb54a660\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-02 14:06 . 2012-01-02 14:06 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7e81f50c34dec17b90bfebec5929853a\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-02 14:06 . 2012-01-02 14:06 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\65a892a923b49b062bd8fc97254940d3\Microsoft.MediaCenter.ni.dll
+ 2012-01-02 14:07 . 2012-01-02 14:07 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\33fd1381f221898a53253303cb7e5380\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-01-02 14:09 . 2012-01-02 14:09 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a612958eaf641f0ba83b0daae44cb7b1\System.WorkflowServices.ni.dll
+ 2012-01-02 14:02 . 2012-01-02 14:02 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\ad68aa9e6fa1ec8005e1f604579a76be\System.Workflow.Runtime.ni.dll
+ 2012-01-02 14:02 . 2012-01-02 14:02 4515840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\00b0a14ef5cb0154db7989da39a7f1e5\System.Workflow.ComponentModel.ni.dll
+ 2012-01-02 14:01 . 2012-01-02 14:01 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\54873f241a4ad6d2a13e48d2da444538\System.Workflow.Activities.ni.dll
+ 2012-01-02 14:01 . 2012-01-02 14:01 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\be4f1d78d06979df7fd08dedf0d8c804\System.Web.Services.ni.dll
+ 2012-01-02 14:09 . 2012-01-02 14:09 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d957ec1fb12ff02282a7f73d6318b66b\System.Web.Mobile.ni.dll
+ 2012-01-02 14:09 . 2012-01-02 14:09 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a90f033a5a062ff29f7df8f9edc1a80c\System.Web.Extensions.ni.dll
+ 2012-01-02 14:09 . 2012-01-02 14:09 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\828e31a37bfd9d432083be6307845630\System.ServiceModel.Web.ni.dll
+ 2012-01-02 14:09 . 2012-01-02 14:09 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c0d9df88f2b37d14cf416281364c5b7f\System.IdentityModel.ni.dll
+ 2012-01-02 14:09 . 2012-01-02 14:09 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\76e676a9b6387aad5544d61a4ac12a78\System.Data.Services.ni.dll
+ 2012-01-02 14:09 . 2012-01-02 14:09 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\20d18697deb8413c01119531c6b987ad\MIGUIControls.ni.dll
+ 2012-01-02 14:09 . 2012-01-02 14:09 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
+ 2012-01-02 14:09 . 2012-01-02 14:09 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\695508ea67706e5f66208cabe5363099\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-02 14:09 . 2012-01-02 14:09 3238400 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\ce4585c5d5730daacd0d1e709a21efd2\Microsoft.Office.BusinessData.ni.dll
+ 2012-01-02 14:09 . 2012-01-02 14:09 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5662462cfa995c71817791af93686db2\Microsoft.MediaCenter.ni.dll
+ 2012-01-02 14:09 . 2012-01-02 14:09 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4676e3f99469bd1120f8aed9cf37e4d2\Microsoft.MediaCenter.UI.ni.dll
- 2010-11-21 03:25 . 2010-11-21 03:25 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-01 16:04 . 2011-12-25 20:42 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-01 16:04 . 2011-12-25 20:40 5263360 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-01 16:04 . 2011-12-25 20:42 5255168 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-07-14 02:34 . 2011-12-26 18:13 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-01-14 09:21 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-07-15 06:33 . 2012-01-14 09:01 54008112 c:\windows\system32\MRT.exe
+ 2011-07-15 15:11 . 2012-01-17 17:14 11173716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3278785495-3850903405-2944343719-1000-8192.dat
- 2011-07-15 15:11 . 2011-12-28 07:31 10250816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3278785495-3850903405-2944343719-1000-4096.dat
+ 2011-07-15 15:11 . 2012-01-14 09:21 10250816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3278785495-3850903405-2944343719-1000-4096.dat
+ 2012-01-03 17:57 . 2012-01-03 17:57 98586624 c:\windows\Installer\33a7270.msp
+ 2011-09-05 17:05 . 2011-09-05 17:05 24824728 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\acrord32.dll
+ 2012-01-02 14:01 . 2012-01-02 14:01 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\ab920a032a9b63aa07f26c5592d7c72c\System.Web.ni.dll
+ 2012-01-02 14:06 . 2012-01-02 14:06 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\4bf05a9a1aebde89033c40b9e51af495\System.ServiceModel.ni.dll
+ 2012-01-02 14:01 . 2012-01-02 14:01 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\665178c1ccfd538896eaa0fff283b6ef\System.Design.ni.dll
+ 2012-01-02 14:07 . 2012-01-02 14:07 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\897b2e70eb1754bf8c557fadd93faf98\ehshell.ni.dll
+ 2012-01-02 14:01 . 2012-01-02 14:01 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
+ 2012-01-02 14:09 . 2012-01-02 14:09 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7bc7e33d4568a214f226cdb6a161a37a\System.ServiceModel.ni.dll
+ 2012-01-02 14:01 . 2012-01-02 14:01 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\70f9f6de6dc9611157ed563bdb4e79a4\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2011-11-11 12210176]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-03-11 1502776]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
Stickies.lnk - c:\program files (x86)\Stickies\stickies.exe [2011-7-14 1122304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 SASDIFSV;SASDIFSV;c:\users\Matt\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Matt\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAu64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-16 1038088]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-04 2375168]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3278785495-3850903405-2944343719-1000Core.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 00:47]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3278785495-3850903405-2944343719-1000UA.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 00:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-11-11 08:36 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-11-11 08:36 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-11-11 08:36 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-11-11 08:36 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-21 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-21 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-21 418328]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\zexhvl1f.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\srvany.exe
c:\windows\KMService.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-01-17 09:20:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-17 17:20
ComboFix2.txt 2011-12-28 07:50
ComboFix3.txt 2011-12-26 05:30
ComboFix4.txt 2011-12-25 19:25
ComboFix5.txt 2012-01-17 17:01
.
Pre-Run: 310,183,735,296 bytes free
Post-Run: 310,552,842,240 bytes free
.
- - End Of File - - EFE7DEF049E6574623DD169C9E0AB5D8

#14 Matt Leonard

Matt Leonard
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 17 January 2012 - 12:41 PM

And sadly, no change to my computer status. Still getting hijacks via Chrome when doing Google searches.

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:20 PM

Posted 17 January 2012 - 12:44 PM

How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users