Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ping.exe and regenerating virus in local settings


  • This topic is locked This topic is locked
39 replies to this topic

#1 Showme1

Showme1

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 01 January 2012 - 03:28 PM

Hello, my problem started about a week ago with the Windows Internet Security 2012 virus, I didn't click it or use it in any way, it was just a little tricky to get cleaned off. After I finally got rid of it, I started getting mass amounts of JS/redir infected files found by the AVG shield in my local settings\Temporary internet files. I would heal the infections and within 5 minutes I would have 8 more pop up in the resident shield. I used ATF cleaner and those stopped, but I started getting one found in windows\system32\ping.exe. It wasn't really doing much while I was searching for how to remove it, other than occasionally severing my internet connection. I finally couldn't find anything on how to rid myself of this so I started going through the steps to post here at bleepingcomputer and I let the gmer do its thing last night, and when I woke up avg had found a trojan and my tcp/ip was non-functional and firefox was basically non-functional also, I could open the window, but it couldn't connect to any sites and would crash if I tried to open the downloads window, and I tried posting to the site from safe mode w/networking but when I hit post it would tell me the site couldn't be found, even though the other windows showed the internet was working. I also couldn't email this to myself on another computer to post it. I had to save it in a notepad file and move it via usb.

Hope you guys can help and thanks in advance!
Here are the logs
DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Run by Austin at 1:54:11 on 2012-01-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1674 [GMT -6:00]
.
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\V0230Mon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/home.php
uInternet Settings,ProxyOverride = <local>;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\window~4\datamngr\toolbar\searchqudtx.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\window~4\datamngr\BROWSE~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\window~4\datamngr\toolbar\searchqudtx.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [V0230Mon.exe] c:\windows\V0230Mon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [DATAMNGR] c:\progra~1\window~4\datamngr\DATAMN~1.EXE
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\tew-424ub\WlanCU.exe
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
Trusted Zone: ijji.com\gunz
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198903883781
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A67DFEAA-4073-4492-AE47-D9E9D73F6E4B} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\progra~1\window~4\datamngr\datamngr.dll c:\progra~1\window~4\datamngr\IEBHO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\austin\application data\mozilla\firefox\profiles\lkte4da3.overkill\
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\austin\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\austin\application data\mozilla\firefox\profiles\lkte4da3.overkill\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\austin\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-7-11 218592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-18 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-2-23 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-18 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-21 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-7-11 112592]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2011-12-25 8704]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-30 652872]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-12 2253120]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-11 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-30 20464]
S1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys --> c:\windows\system32\drivers\avg7core.sys [?]
S1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys --> c:\windows\system32\drivers\avg7rsw.sys [?]
S1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys --> c:\windows\system32\drivers\avg7rsxp.sys [?]
S1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys --> c:\windows\system32\drivers\avgclean.sys [?]
S2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe --> c:\progra~1\grisoft\avg7\avgamsvr.exe [?]
S2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe --> c:\progra~1\grisoft\avg7\avgemc.exe [?]
S2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys --> c:\windows\system32\drivers\avgtdi.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-9-2 14424]
S3 RTL8187B;TRENDnet TEW-424UB Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-1-4 189312]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-7-11 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-7-11 1142224]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2006-3-24 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2006-9-29 500480]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 XDva248;XDva248;\??\c:\windows\system32\xdva248.sys --> c:\windows\system32\XDva248.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S3 xspirit;xspirit;\??\c:\docume~1\austin\locals~1\temp\xspirit.sys --> c:\docume~1\austin\locals~1\temp\xspirit.sys [?]
.
=============== Created Last 30 ================
.
2011-12-30 17:32:08 -------- d-----w- c:\documents and settings\austin\application data\Malwarebytes
2011-12-30 17:32:00 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-30 17:31:58 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-30 17:31:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-28 21:49:38 -------- d-----w- c:\program files\Atari
2011-12-27 20:52:33 -------- d-----w- C:\tmp
2011-12-27 20:52:33 -------- d-----w- C:\output
2011-12-25 15:36:49 -------- d-----w- c:\documents and settings\austin\local settings\application data\Chromium
2011-12-25 08:31:31 -------- d-----w- c:\documents and settings\all users\application data\Hi-Rez Studios
2011-12-25 08:31:19 -------- d-----w- c:\program files\Hi-Rez Studios
2011-12-19 14:51:36 -------- d-----w- c:\program files\Giants
2011-12-18 07:00:21 245459 ----a-w- c:\program files\Fallen_Earth_20110728.exe
2011-12-18 01:15:00 -------- d-----w- c:\documents and settings\austin\local settings\application data\GamersFirst LIVE!
2011-12-18 01:13:23 -------- d-----w- c:\program files\GamersFirst
2011-12-15 04:39:42 42392 ----a-w- c:\windows\system32\xfcodec.dll
2011-12-05 00:00:56 -------- d-----w- c:\documents and settings\austin\application data\PC Cleaners
2011-12-05 00:00:21 6071056 ----a-w- c:\windows\uninst.exe
2011-12-05 00:00:19 -------- d-----w- c:\documents and settings\all users\application data\PC1Data
2011-12-03 09:07:39 22032 ----a-w- c:\windows\DCEBoot.exe
2011-12-03 06:54:15 -------- d-----w- c:\program files\CCleaner
2011-12-03 05:35:18 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-03 05:35:18 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-12-31 21:47:56 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-31 21:47:56 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-30 11:16:08 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-12-30 11:16:01 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-11 11:56:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 01:38:35 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-10-31 01:38:35 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-10-31 01:38:33 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 08:18:33 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-10-14 23:38:00 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 1:55:35.62 ===============

And gmer

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-01 12:53:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3320620AS rev.3.ADG
Running: gmer.exe; Driver: C:\DOCUME~1\Austin\LOCALS~1\Temp\uxtyapob.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB7EB4112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB7E932D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB7E934C8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB7EB4900]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB7EB4BB4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB7EB2E12]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB7EB5020]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB7EB43D2]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB43F4640]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CA0 8050453C 8 Bytes [D6, 32, E9, B7, C8, 34, E9, ...]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6D76380, 0x8D6CD5, 0xE8000020]
.text netbt.sys B447F000 7 Bytes [89, 01, 81, 7D, 10, 16, 00]
.text netbt.sys B447F008 13 Bytes [C0, 0F, 85, 36, FF, FF, FF, ...]
.text netbt.sys B447F016 45 Bytes [15, 80, 90, 49, B4, E9, 2F, ...]
.text netbt.sys B447F045 37 Bytes [84, C0, 0F, 84, 5B, D2, 00, ...]
.text netbt.sys B447F06C 2 Bytes [8D, 4E]
.text ...
? C:\WINDOWS\system32\DRIVERS\netbt.sys suspicious PE modification
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB3287300, 0x3AE88, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB83B8300, 0x1B7E, 0xE8000020]
? C:\DOCUME~1\Austin\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CE000A
.text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0111000A
.text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CD000C
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2276] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2336] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106ACCFA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2336] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106ACC8C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2336] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1045E78C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2336] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1045ED49 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\Explorer.EXE[2700] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 029C000A
.text C:\WINDOWS\Explorer.EXE[2700] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 029D000A
.text C:\WINDOWS\Explorer.EXE[2700] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 029B000C
.text C:\WINDOWS\System32\ping.exe[2960] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C1000A
.text C:\WINDOWS\System32\ping.exe[2960] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C2000A
.text C:\WINDOWS\System32\ping.exe[2960] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A5000A
.text C:\WINDOWS\System32\ping.exe[2960] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A6000A
.text C:\WINDOWS\System32\ping.exe[2960] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A4000C
.text C:\WINDOWS\System32\ping.exe[2960] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00C5000A
.text C:\WINDOWS\System32\ping.exe[2960] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00C6000A
.text C:\WINDOWS\System32\ping.exe[2960] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00C7000A
.text C:\WINDOWS\System32\ping.exe[2960] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00C4000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3016] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02ED000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3016] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0385000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3016] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 02EC000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) B44E0000-B44F9000 (102400 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 2960

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0VB4X3O8\afr[2].php 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0VB4X3O8\bby-min[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0VB4X3O8\errorPageStrings[1] 1817 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0VB4X3O8\1341260501@x96[1].htm 7479 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\32RIAR38\beyondthedow[1] 19781 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3R1MU95Y\audience;sz=728x90;ord=[timestamp][1] 451 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3R1MU95Y\click[1].htm 1524 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3R1MU95Y\tg=an.93;btg=an.51;btg=dx.13;btg=dx.1;btg=dx.9;btg=dx.22;btg=dx.25;btg=dx.28;btg=dx.31;btg=dx.34;btg=cm.relig_l;btg=cm.tech_l;btg=cm[1].ent_l;ord=1386342309 6051 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3R1MU95Y\viewChannelModule[4].act 56683 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3R1MU95Y\supersubs[1].js 3778 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4PX1QSKX\mydetroitteams_com[1].txt 39339 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4PX1QSKX\PID_1859567_GoogleOffers_MapCityShell_728x90[1].swf 27738 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6CWGC20J\widgets[1].css 3685 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6CWGC20J\adsCACP579L 1264 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6CWGC20J\adsCAR7AAQJ 1264 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6CWGC20J\tech[1] 90136 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6CWGC20J\browser2[1].js 9615 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6CWGC20J\fixed[1].htm 222 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7WX2NTWJ\dk[1].htm 1645 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7WX2NTWJ\defaultCA5A2JNX.jpg 3072 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7WX2NTWJ\st[2] 379 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7WX2NTWJ\ptj[2] 164 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7WX2NTWJ\defaultCAQMT9RM.jpg 3662 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8UWDNO2S\fw-nonplayer-banner[2].htm 1302 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8UWDNO2S\tntwo[1].php 43 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8UWDNO2S\home;wmode=transparent;s1=greatstories;s2=home;s3=pageskin;pid=great-stories;kw=;test=%7Bget_test%7D;pga=ad;dcopt=;tile=1;sz=1x1;ord=2369583964550036[1].5 256 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8UWDNO2S\pixel_adsafeprotected_com[3].gif 43 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B68P288N\fpupdateax[1].xml 2865 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B68P288N\extras.js[1].v441f46b6fcabc989 57072 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B68P288N\home;wmode=transparent;s1=greatstories;s2=home;s3=pageskin;pid=great-stories;kw=;test=%7Bget_test%7D;pga=ad;dcopt=;tile=1;sz=1x1;ord=6234040412470887[1] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BGF4V6X8\index[2].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BGF4V6X8\24903_c_jayxl_com[1].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BGF4V6X8\lgl[2].htm 132 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BGF4V6X8\151069[1].jpg 4318 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BGF4V6X8\feed[1].js 3782 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BGF4V6X8\iframe[2].txt 74 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BTMORYSW\ping[3].js 869 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KQ0AH2HT\box-t[1].png 2960 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KQ0AH2HT\FlatBelly300x250-rev[1].jpg 43510 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U57XAYXN\slideshow-lebron-james-best-dunkers_cover-thumb-400xauto-6441[1].jpg 28494 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U57XAYXN\domready_fix[1].js 1340 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WWB068W7\24903_c_jayxl_com[2].txt 155 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WWB068W7\vh-small[1].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WWB068W7\text_group[1].php 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WWB068W7\player[2].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WWB068W7\ptj[1] 164 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WWB068W7\carousel_right_enabled[1].png 2913 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WWB068W7\13225-pelvic-tilt[1].jpg 24360 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YDE5QCX1\jquery.min[3].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YDE5QCX1\17910-139840-40814-1[1].htm 400 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YDE5QCX1\r[1].js 168 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YDE5QCX1\ILogger[1].gif 52 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YDE5QCX1\ttj[2] 736 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YDE5QCX1\l10n[3].js 307 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef748704f543a8791e23387652d34dfb\System.Data.SqlXml.ni.dll 2510336 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ceadaf3b3d017c7a1ef10a06f8009f6f 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ceadaf3b3d017c7a1ef10a06f8009f6f\System.ServiceModel.ni.dll 17403904 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3a0205acab2215fbad7927d9d483aeb 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3a0205acab2215fbad7927d9d483aeb\System.ServiceModel.ni.dll 17403904 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11C.tmp 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP194.tmp 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP19E.tmp 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1F8.tmp 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP232.tmp 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP278.tmp 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP278.tmp\mscorlib.dll 11073536 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29D.tmp 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP321.tmp 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP321.tmp\System.Data.Entity.Design.dll 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP356.tmp 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP356.tmp\System.Workflow.Activities.dll 2990080 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\431e918aee8da919f5b9e3a5195ccf93 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\431e918aee8da919f5b9e3a5195ccf93\UIAutomationClient.ni.dll 447488 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ba55240b7753047f8d1b03ef473bf74e 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ba55240b7753047f8d1b03ef473bf74e\UIAutomationClient.ni.dll 447488 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\162600dde59fbaa0c048a949158ecba3 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\162600dde59fbaa0c048a949158ecba3\UIAutomationClientsideProviders.ni.dll 1049600 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\55d4813580b1e5d268ff0564942cee9c 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\55d4813580b1e5d268ff0564942cee9c\UIAutomationClientsideProviders.ni.dll 1049600 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\12c424eed7ee0e9c017bf72ff09eb78c\PresentationCFFRasterizer.ni.dll 39424 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5b30652a7b802199984f93b5e414260f\PresentationCFFRasterizer.ni.dll 39424 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\27e1b8dfd5e1ccf2c5b9efc51f674c69 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\27e1b8dfd5e1ccf2c5b9efc51f674c69\System.ServiceModel.Web.ni.dll 1706496 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9ec7da53380a754b4ad97709df0dd7e7 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9ec7da53380a754b4ad97709df0dd7e7\System.ServiceModel.Web.ni.dll 1706496 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\10d7daa3d1e62a0e40587cdc707be93f 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\10d7daa3d1e62a0e40587cdc707be93f\System.Speech.ni.dll 1917952 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\e1208f0d981c420fc59f806bfbaa713b 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\e1208f0d981c420fc59f806bfbaa713b\System.Speech.ni.dll 1917952 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\246110974e3c48733458819b07464b23 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\246110974e3c48733458819b07464b23\System.Web.DynamicData.Design.ni.dll 36864 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a54a122f1070ab71931dd9679ddd8e90 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a54a122f1070ab71931dd9679ddd8e90\System.Web.DynamicData.Design.ni.dll 36864 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ad0851438a18bf730d974c9b2f5f776a 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ad0851438a18bf730d974c9b2f5f776a\System.Web.DynamicData.ni.dll 547328 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c5c96400424b85536443623f96f64581 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c5c96400424b85536443623f96f64581\System.Web.DynamicData.ni.dll 547328 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\2314ff800782dc85224e69e802a073f7 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\2314ff800782dc85224e69e802a073f7\System.Web.Entity.ni.dll 328704 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\93b5d1b77a74b76ac73cbf51ec871c01 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\93b5d1b77a74b76ac73cbf51ec871c01\System.Web.Entity.ni.dll 328704 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d06a7d5872bbe85795f947f6c75d38c6 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d06a7d5872bbe85795f947f6c75d38c6\System.Web.Entity.Design.ni.dll 301056 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f690a8f5d784a5bb20f2cbaa7277eb6c 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f690a8f5d784a5bb20f2cbaa7277eb6c\System.Web.Entity.Design.ni.dll 301056 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\01f4d6aa3299a41b8578b7e96afdcfb1 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\01f4d6aa3299a41b8578b7e96afdcfb1\System.Web.Extensions.ni.dll 2405376 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\ccaf6bdd256a9b5079fedadcc8993327 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\ccaf6bdd256a9b5079fedadcc8993327\System.Web.Extensions.ni.dll 2405376 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d93514a764a83b18f6f3547b59cc8ae9 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d93514a764a83b18f6f3547b59cc8ae9\System.Web.Extensions.Design.ni.dll 859648 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f89fe39468ea6faf71c4257c89cf3c54 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f89fe39468ea6faf71c4257c89cf3c54\System.Web.Extensions.Design.ni.dll 859648 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\3da92a0b9b8ac97e11ca8bf4df671a78 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\3da92a0b9b8ac97e11ca8bf4df671a78\System.Web.Mobile.ni.dll 2209280 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f5dac0448a1dbe2687a5df92904d6274 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f5dac0448a1dbe2687a5df92904d6274\System.Web.Mobile.ni.dll 2209280 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll 202240 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\203c148c913357bfc2ae9d209101f2b3 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\203c148c913357bfc2ae9d209101f2b3\System.Web.RegularExpressions.ni.dll 202240 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\3533d614ebecd4344efbee619dd11a74 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\3533d614ebecd4344efbee619dd11a74\System.Web.Routing.ni.dll 129536 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\a82eef3128b9527dc05b3c8667e713bc 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\a82eef3128b9527dc05b3c8667e713bc\System.Web.Routing.ni.dll 129536 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6303e256d2ac0843c3e4c24172c90544 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6303e256d2ac0843c3e4c24172c90544\System.Web.Services.ni.dll 1840640 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a2392c995b1bb6b63079091259222357 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a2392c995b1bb6b63079091259222357\System.Web.Services.ni.dll 1840640 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll 12430848 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll 12430848 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\343c52b741531ce9ae874ea7508831a7 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\343c52b741531ce9ae874ea7508831a7\System.Windows.Presentation.ni.dll 37888 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c334564da041df8fb75415f2d503224 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c334564da041df8fb75415f2d503224\System.Windows.Presentation.ni.dll 37888 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\921629dc69a5a895101097c88ae67897 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\921629dc69a5a895101097c88ae67897\System.Workflow.Activities.ni.dll 2992640 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\ab4b50c7c789e46a485903365765fde8 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\ab4b50c7c789e46a485903365765fde8\System.Workflow.Activities.ni.dll 2992640 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\0aa4f4174204c93cc5181df4a6b2fb09 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\0aa4f4174204c93cc5181df4a6b2fb09\System.Workflow.ComponentModel.ni.dll 4514304 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\e4c9853af945c9cfede19f3faf18af6e 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\e4c9853af945c9cfede19f3faf18af6e\System.Workflow.ComponentModel.ni.dll 4514304 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\4d6b3cc1fc7a4788612241af7966715a 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\4d6b3cc1fc7a4788612241af7966715a\System.Workflow.Runtime.ni.dll 1908224 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\f72c5f649951b0403e62bfab6c453e6f 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\f72c5f649951b0403e62bfab6c453e6f\System.Workflow.Runtime.ni.dll 1908224 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\17902fdb0e0d3bc8b49bce693415fe7e 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\17902fdb0e0d3bc8b49bce693415fe7e\System.WorkflowServices.ni.dll 1356288 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\22229a30650a9afbac984e1093898b13 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\22229a30650a9afbac984e1093898b13\System.WorkflowServices.ni.dll 1356288 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll 400896 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\946eefb99bc116ee68e0e7c69a5a8a5c 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\946eefb99bc116ee68e0e7c69a5a8a5c\System.Xml.Linq.ni.dll 400896 bytes executable
File C:\WINDOWS\l2schemas\eaptlsconnectionpropertiesv1.xsd 3192 bytes
File C:\WINDOWS\l2schemas\baseeapconnectionpropertiesv1.xsd 1066 bytes
File C:\WINDOWS\l2schemas\baseeapmethodconfig.xsd 612 bytes
File C:\WINDOWS\l2schemas\baseeapmethodusercredentials.xsd 648 bytes
File C:\WINDOWS\l2schemas\baseeapuserpropertiesv1.xsd 1116 bytes
File C:\WINDOWS\l2schemas\eapcommon.xsd 752 bytes
File C:\WINDOWS\l2schemas\eapconnectionpropertiesv1.xsd 1159 bytes
File C:\WINDOWS\l2schemas\eaphostconfig.xsd 1115 bytes
File C:\WINDOWS\l2schemas\eaphostusercredentials.xsd 1193 bytes
File C:\WINDOWS\l2schemas\eaptlsuserpropertiesv1.xsd 1329 bytes
File C:\WINDOWS\l2schemas\eapuserpropertiesv1.xsd 789 bytes
File C:\WINDOWS\l2schemas\lan_policy_v1.xsd 2687 bytes
File C:\WINDOWS\l2schemas\lan_profile_v1.xsd 2241 bytes
File C:\WINDOWS\l2schemas\mschapv2connectionpropertiesv1.xsd 1271 bytes
File C:\WINDOWS\l2schemas\mschapv2userpropertiesv1.xsd 1410 bytes
File C:\WINDOWS\l2schemas\mspeapconnectionpropertiesv1.xsd 2843 bytes
File C:\WINDOWS\l2schemas\mspeapuserpropertiesv1.xsd 1484 bytes
File C:\WINDOWS\l2schemas\onex_v1.xsd 5957 bytes
File C:\WINDOWS\l2schemas\wlan_profile_v1.xsd 15263 bytes
File C:\WINDOWS\Media\chimes.wav 55776 bytes
File C:\WINDOWS\Media\chord.wav 97016 bytes
File C:\WINDOWS\Media\ding.wav 80856 bytes
File C:\WINDOWS\Media\flourish.mid 24253 bytes
File C:\WINDOWS\Media\notify.wav 119384 bytes
File C:\WINDOWS\Media\onestop.mid 40075 bytes
File C:\WINDOWS\Media\recycle.wav 25434 bytes
File C:\WINDOWS\Media\ringin.wav 10026 bytes
File C:\WINDOWS\Media\ringout.wav 5212 bytes
File C:\WINDOWS\Media\start.wav 1192 bytes
File C:\WINDOWS\Media\tada.wav 171100 bytes
File C:\WINDOWS\Media\town.mid 22097 bytes
File C:\WINDOWS\Media\winAquariumAsterisk.wav 8738 bytes
File C:\WINDOWS\Media\winAquariumClose.wav 99280 bytes
File C:\WINDOWS\Media\winAquariumCritStop.wav 135646 bytes
File C:\WINDOWS\Media\winAquariumDefault.wav 67474 bytes
File C:\WINDOWS\Media\Windows XP Minimize.wav 22580 bytes
File C:\WINDOWS\Media\Windows XP Notify.wav 48988 bytes
File C:\WINDOWS\Media\Windows XP Pop-up Blocked.wav 29444 bytes
File C:\WINDOWS\Media\Windows XP Print complete.wav 43762 bytes
File C:\WINDOWS\Media\Windows XP Recycle.wav 22816 bytes
File C:\WINDOWS\Media\Windows XP Restore.wav 19458 bytes
File C:\WINDOWS\Media\Windows XP Ringin.wav 38930 bytes
File C:\WINDOWS\Media\Windows XP Ringout.wav 22070 bytes
File C:\WINDOWS\Media\Windows XP Shutdown.wav 282608 bytes
File C:\WINDOWS\Media\Windows XP Start.wav 2202 bytes
File C:\WINDOWS\Media\Windows XP Startup.wav 424644 bytes
File C:\WINDOWS\Media\windaVinciAsterisk.wav 50700 bytes
File C:\WINDOWS\Media\windaVinciClose.wav 106212 bytes
File C:\WINDOWS\Media\windaVinciCritStop.wav 231964 bytes
File C:\WINDOWS\Media\windaVinciDefault.wav 116912 bytes
File C:\WINDOWS\Media\windaVinciError.wav 57692 bytes
File C:\WINDOWS\Media\windaVinciExclamation.wav 57348 bytes
File C:\WINDOWS\Media\windaVinciMaximize.wav 76520 bytes
File C:\WINDOWS\Media\windaVinciMenuCMD.wav 37116 bytes
File C:\WINDOWS\Media\windaVinciMenuPopUp.wav 46584 bytes
File C:\WINDOWS\Media\windaVinciMinimize.wav 92468 bytes
File C:\WINDOWS\Media\windaVinciOpen.wav 104088 bytes
File C:\WINDOWS\Media\windaVinciQuestion.wav 207008 bytes
File C:\WINDOWS\Media\windaVinciRecycle.wav 35638 bytes
File C:\WINDOWS\Media\windaVinciRestoreDown.wav 115244 bytes
File C:\WINDOWS\Media\windaVinciRestoreUp.wav 120348 bytes
File C:\WINDOWS\Media\windaVinciSysExit.wav 627852 bytes
File C:\WINDOWS\Media\windaVinciSysStart.wav 593760 bytes
File C:\WINDOWS\Media\winAquariumExclamation.wav 17026 bytes
File C:\WINDOWS\Media\winAquariumMaximize.wav 11254 bytes
File C:\WINDOWS\Media\winAquariumMenuCMD.wav 11034 bytes
File C:\WINDOWS\Media\winAquariumMenuPopUp.wav 8282 bytes
File C:\WINDOWS\Media\winAquariumMinimize.wav 7974 bytes
File C:\WINDOWS\Media\winAquariumOpen.wav 50682 bytes
File C:\WINDOWS\Media\winAquariumQuestion.wav 33900 bytes
File C:\WINDOWS\Media\winAquariumRecycle.wav 207404 bytes
File C:\WINDOWS\Media\winAquariumRestoreDown.wav 84856 bytes
File C:\WINDOWS\Media\winAquariumRestoreUp.wav 71412 bytes
File C:\WINDOWS\Media\winAquariumSysExit.wav 312328 bytes
File C:\WINDOWS\Media\winAquariumSysStart.wav 495332 bytes
File C:\WINDOWS\Media\winAquariumError.wav 213016 bytes
File C:\WINDOWS\Media\Windows XP Menu Command.wav 1404 bytes
File C:\WINDOWS\Media\winNatureAsterisk.wav 7820 bytes
File C:\WINDOWS\Media\winNatureSysStart.wav 510944 bytes
File C:\WINDOWS\Media\Windows Feed Discovered.wav 19884 bytes
File C:\WINDOWS\Media\Windows Information Bar.wav 23308 bytes
File C:\WINDOWS\Media\Windows Navigation Start.wav 11340 bytes
File C:\WINDOWS\Media\Windows Pop-up Blocked.wav 85548 bytes
File C:\WINDOWS\Media\Windows XP Balloon.wav 6400 bytes
File C:\WINDOWS\Media\Windows XP Battery Critical.wav 36910 bytes
File C:\WINDOWS\Media\Windows XP Battery Low.wav 53864 bytes
File C:\WINDOWS\Media\Windows XP Critical Stop.wav 39382 bytes
File C:\WINDOWS\Media\Windows XP Default.wav 24530 bytes
File C:\WINDOWS\Media\Windows XP Ding.wav 17132 bytes
File C:\WINDOWS\Media\Windows XP Error.wav 44136 bytes
File C:\WINDOWS\Media\Windows XP Exclamation.wav 42576 bytes
File C:\WINDOWS\Media\Windows XP Hardware Fail.wav 36614 bytes
File C:\WINDOWS\Media\Windows XP Hardware Insert.wav 36636 bytes
File C:\WINDOWS\Media\Windows XP Hardware Remove.wav 36538 bytes
File C:\WINDOWS\Media\Windows XP Information Bar.wav 20336 bytes
File C:\WINDOWS\Media\Windows XP Logoff Sound.wav 179704 bytes
File C:\WINDOWS\Media\Windows XP Logon Sound.wav 190208 bytes
File C:\WINDOWS\Media\winNatureClose.wav 15686 bytes
File C:\WINDOWS\Media\winNatureCritStop.wav 39598 bytes
File C:\WINDOWS\Media\winNatureDefault.wav 33976 bytes
File C:\WINDOWS\Media\winNatureError.wav 14384 bytes
File C:\WINDOWS\Media\winNatureExclamation.wav 8850 bytes
File C:\WINDOWS\Media\winNatureMaximize.wav 6342 bytes
File C:\WINDOWS\Media\winNatureMenuCMD.wav 1486 bytes
File C:\WINDOWS\Media\winNatureMenuPopUp.wav 1518 bytes
File C:\WINDOWS\Media\winNatureMinimize.wav 18492 bytes
File C:\WINDOWS\Media\winNatureOpen.wav 49610 bytes
File C:\WINDOWS\Media\winNatureQuestion.wav 33392 bytes
File C:\WINDOWS\Media\winNatureRecycle.wav 26440 bytes
File C:\WINDOWS\Media\winNatureRestoreDown.wav 4198 bytes
File C:\WINDOWS\Media\winNatureRestoreUp.wav 3656 bytes
File C:\WINDOWS\Media\winNatureSysExit.wav 397352 bytes
File C:\WINDOWS\Media\winSpaceAsterisk.wav 1226 bytes
File C:\WINDOWS\Media\winSpaceClose.wav 11054 bytes
File C:\WINDOWS\Media\winSpaceCritStop.wav 53088 bytes
File C:\WINDOWS\Media\winSpaceDefault.wav 3574 bytes
File C:\WINDOWS\Media\winSpaceError.wav 8630 bytes
File C:\WINDOWS\Media\winSpaceExclamation.wav 10150 bytes
File C:\WINDOWS\Media\winSpaceMaximize.wav 28636 bytes
File C:\WINDOWS\Media\winSpaceMenuCMD.wav 522 bytes
File C:\WINDOWS\Media\winSpaceMenuPopUp.wav 8476 bytes
File C:\WINDOWS\Media\winSpaceMinimize.wav 29184 bytes
File C:\WINDOWS\Media\winSpaceOpen.wav 11054 bytes
File C:\WINDOWS\Media\winSpaceQuestion.wav 5954 bytes
File C:\WINDOWS\Media\winSpaceRecycle.wav 27560 bytes
File C:\WINDOWS\Media\winSpaceRestoreDown.wav 27208 bytes
File C:\WINDOWS\Media\winSpaceRestoreUp.wav 29440 bytes
File C:\WINDOWS\Media\winSpaceSysExit.wav 258104 bytes
File C:\WINDOWS\Media\winSpaceSysStart.wav 1142720 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0 0 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll 159232 bytes executable
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll 53248 bytes executable
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.xml 33914 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll 12800 bytes executable
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.xml 10439 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll 473600 bytes executable
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.xml 849122 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll 2676224 bytes executable
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.xml 1391750 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll 145920 bytes executable
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.xml 755962 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.xml 345509 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll 364544 bytes executable
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.xml 1252798 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll 178176 bytes executable
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.xml 348085 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll 223232 bytes executable
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.xml 265390 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0 0 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll 2846720 bytes executable
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.xml 1413982 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0 0 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll 563712 bytes executable
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.xml 1413060 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0 0 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll 567296 bytes executable
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.xml 1417833 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0 0 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll 576000 bytes executable
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.xml 1437695 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0 0 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll 577024 bytes executable
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.xml 1437695 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0 0 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll 577536 bytes executable
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.xml 1437695 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0 0 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll 577536 bytes executable
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.xml 1437695 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0 0 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll 578560 bytes executable
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.xml 1437695 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0 0 bytes
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll 578560 bytes executable
File C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.xml 1437695 bytes
File C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\1036\alinkui.dll 0 bytes
File C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\1036\cscompui.dll 0 bytes
File C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\1036\vbc7ui.dll 0 bytes
File C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\1036\Vsavb7rtUI.dll 0 bytes

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by Showme1, 01 January 2012 - 03:33 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 PM

Posted 05 January 2012 - 01:33 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Showme1

Showme1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 05 January 2012 - 04:50 AM

Ok, I ran combofix with no problems, it restarted my computer a couple times. I haven't had any of the popups warning of the virus yet, but it seems to be pretty spread out and random, and when they pop up there's a bunch of them.
However, when I try to repair my connection it always stops at restoring NetBT so I think there's still something going on there.
Here's the combofix log

ComboFix 12-01-05.01 - Austin 01/05/2012 1:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2487 [GMT -6:00]
Running from: c:\documents and settings\Austin\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\Austin\Application Data\RIFT
c:\documents and settings\Austin\Application Data\RIFT\rift.cfg
c:\documents and settings\Austin\Application Data\RIFT\riftpatch.cfg
c:\documents and settings\Austin\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Austin\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\Austin\WINDOWS
c:\program files\Fallen_Earth_20110728.exe
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest.alt
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DnsBHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Error404BHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\NewTabBHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\RelatedSearch.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SearchBHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SettingManager.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml.alt
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf.alt
c:\program files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
c:\program files\Windows Searchqu Toolbar\sysid.ini
c:\program files\Windows Searchqu Toolbar\uninstall.exe
c:\windows\$NtUninstallKB32149$\124091120\@
c:\windows\$NtUninstallKB32149$\124091120\bckfg.tmp
c:\windows\$NtUninstallKB32149$\124091120\cfg.ini
c:\windows\$NtUninstallKB32149$\124091120\Desktop.ini
c:\windows\$NtUninstallKB32149$\124091120\keywords
c:\windows\$NtUninstallKB32149$\124091120\kwrd.dll
c:\windows\$NtUninstallKB32149$\124091120\L\mrnevgkm
c:\windows\$NtUninstallKB32149$\124091120\lsflt7.ver
c:\windows\$NtUninstallKB32149$\124091120\U\00000001.@
c:\windows\$NtUninstallKB32149$\124091120\U\00000002.@
c:\windows\$NtUninstallKB32149$\124091120\U\00000004.@
c:\windows\$NtUninstallKB32149$\124091120\U\80000000.@
c:\windows\$NtUninstallKB32149$\124091120\U\80000004.@
c:\windows\$NtUninstallKB32149$\124091120\U\80000032.@
c:\windows\$NtUninstallKB32149$\471290596
c:\windows\kb913800.exe
c:\windows\$NtUninstallKB32149$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IAS
-------\Service_Ias
.
.
((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
.
.
2012-01-05 07:24 . 2012-01-05 07:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-12-30 17:32 . 2011-12-30 17:32 -------- d-----w- c:\documents and settings\Austin\Application Data\Malwarebytes
2011-12-30 17:32 . 2011-12-30 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-30 17:31 . 2011-12-30 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-30 17:31 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-28 21:49 . 2011-12-28 21:49 -------- d-----w- c:\program files\Atari
2011-12-27 20:52 . 2011-12-27 21:00 -------- d-----w- C:\tmp
2011-12-27 20:52 . 2011-12-27 20:58 -------- d-----w- C:\output
2011-12-25 15:36 . 2011-12-25 15:36 -------- d-----w- c:\documents and settings\Austin\Local Settings\Application Data\Chromium
2011-12-25 08:31 . 2011-12-25 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Hi-Rez Studios
2011-12-25 08:31 . 2012-01-04 07:26 -------- d-----w- c:\program files\Hi-Rez Studios
2011-12-19 14:51 . 2011-12-19 17:55 -------- d-----w- c:\program files\Giants
2011-12-18 01:15 . 2011-12-18 01:15 -------- d-----w- c:\documents and settings\Austin\Local Settings\Application Data\GamersFirst LIVE!
2011-12-18 01:13 . 2011-12-19 20:27 -------- d-----w- c:\program files\GamersFirst
2011-12-15 04:39 . 2011-12-15 04:39 42392 ----a-w- c:\windows\system32\xfcodec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-31 21:47 . 2009-02-27 21:58 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-31 21:47 . 2007-12-29 18:27 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-30 11:16 . 2007-12-29 18:27 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-12-30 11:16 . 2007-12-29 18:27 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-12-04 23:59 . 2011-12-05 00:00 6071056 ----a-w- c:\windows\uninst.exe
2011-12-03 09:07 . 2011-12-03 09:07 22032 ----a-w- c:\windows\DCEBoot.exe
2011-11-23 13:25 . 2004-08-10 11:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-11 11:56 . 2011-09-19 08:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-10 11:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-10 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2005-03-30 01:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2005-03-30 01:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 08:18 . 2008-12-25 14:15 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-10-14 23:38 . 2004-08-10 11:00 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2007-12-27 04:11 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-08 04:50 . 2011-01-08 00:56 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-10-08 04:50 . 2011-01-08 00:56 602432 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-10-08 04:50 . 2011-01-08 00:56 298304 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-08 04:50 . 2011-01-08 00:56 220992 ----a-w- c:\windows\system32\nvcolor.exe
2011-10-08 04:50 . 2011-01-08 00:56 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-08 04:50 . 2011-01-08 00:56 16744256 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-08 04:50 . 2010-12-25 17:20 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-08 04:50 . 2010-12-25 17:20 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-08 04:50 . 2010-12-25 17:20 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-08 04:50 . 2010-12-25 17:20 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-08 04:50 . 2010-12-25 17:20 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-08 04:50 . 2010-12-25 17:20 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-08 04:50 . 2007-12-05 07:41 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-08 04:50 . 2007-12-05 07:41 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
2011-10-08 04:50 . 2007-12-05 07:41 2449408 ----a-w- c:\windows\system32\nvapi.dll
2011-10-08 04:50 . 2007-12-05 07:41 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2011-10-08 04:50 . 2007-12-05 07:41 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-11-21 04:04 . 2011-12-09 04:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-20 4616064]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-26 95632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-07 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-17 2042208]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-26 54672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Configuration Utility HW.14.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2006-12-22 598016]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-12-20 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-21 19:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Austin^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Austin\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-12-24 23:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-26 02:42 95632 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-10-21 08:18 3077528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\gPotato.com\\Allods Online\\bin\\Launcher.broken.exe.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Austin\\Local Settings\\Application Data\\Kamuse\\KCSTrayDownloader\\KCSTrayDownloaderEngine.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\fallout new vegas\\FalloutNVLauncher.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base19679\\SC2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOps.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Giants\\Giants.exe"=
"c:\\Program Files\\Hi-Rez Studios\\games\\tribes alpha\\Binaries\\Win32\\TribesAscend.exe"=
"c:\\Program Files\\Atari\\DnDNWNC\\Neverwinter Nights II\\nwn2main.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"56259:TCP"= 56259:TCP:Pando Media Booster
"56259:UDP"= 56259:UDP:Pando Media Booster
"56269:TCP"= 56269:TCP:Pando Media Booster
"56269:UDP"= 56269:UDP:Pando Media Booster
"59000:TCP"= 59000:TCP:Pando Media Booster
"59000:UDP"= 59000:UDP:Pando Media Booster
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/11/2010 1:34 AM 218592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/18/2009 1:41 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/18/2009 1:41 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 12:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 11:48 AM 116608]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/21/2009 1:57 PM 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [7/11/2010 1:34 AM 112592]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\Hi-Rez Studios\HiPatchService.exe [12/25/2011 2:31 AM 8704]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/30/2011 11:32 AM 652872]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8/12/2011 6:14 PM 2253120]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/11/2008 7:38 PM 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/30/2011 11:31 AM 20464]
S2 NetworkLog;NetworkLog;c:\windows\svcs.exe --> c:\windows\svcs.exe [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [9/2/2010 1:27 PM 14424]
S3 RTL8187B;TRENDnet TEW-424UB Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [1/4/2008 5:35 PM 189312]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/11/2010 1:34 AM 366840]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [3/24/2006 1:00 AM 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [9/29/2006 1:01 AM 500480]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 XDva248;XDva248;\??\c:\windows\system32\XDva248.sys --> c:\windows\system32\XDva248.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S3 xspirit;xspirit;\??\c:\docume~1\Austin\LOCALS~1\Temp\xspirit.sys --> c:\docume~1\Austin\LOCALS~1\Temp\xspirit.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php
uInternet Settings,ProxyOverride = <local>;*.local
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: ijji.com\gunz
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Austin\Application Data\Mozilla\Firefox\Profiles\lkte4da3.Overkill\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-DATAMNGR - c:\progra~1\WINDOW~4\Datamngr\DATAMN~1.EXE
HKU-Default-Run-AVG7_Run - c:\progra~1\Grisoft\AVG7\avgw.exe
MSConfigStartUp-bvuxvant - c:\documents and settings\Austin\Local Settings\Application Data\jtgpqlqni\eotaqeatssd.exe
MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
MSConfigStartUp-{B65E3E56-2999-E200-D20B-BD82C4AA9D61} - c:\documents and settings\Austin\Application Data\Qoyv\qyhay.exe
AddRemove-Windows Searchqu Toolbar - c:\program files\Windows Searchqu Toolbar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-05 01:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-790525478-484763869-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4e,42,6a,70,dd,98,83,db,9a,e5,30,74,5c,44,b5,78,7f,ee,10,8a,ed,59,1d,
97,9b,ec,51,5f,4a,a7,94,53,2f,47,19,ba,9a,f3,16,1c,f2,8a,e3,2f,e5,ac,ff,a4,\
"??"=hex:b5,51,b7,44,0f,48,fc,32,4e,b4,82,86,df,98,4b,0d
.
[HKEY_USERS\S-1-5-21-790525478-484763869-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:14,e3,e4,15,b6,bd,2d,8d,ff,86,27,50,39,85,76,05,16,bb,15,76,99,
83,7d,a3,35,7d,0a,b5,b3,58,15,82,27,a7,73,ca,37,f6,f4,71,c9,9b,94,2d,37,08,\
"rkeysecu"=hex:02,d9,ed,d4,e7,c8,89,07,76,e0,2e,93,a9,07,bb,25
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(872)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(928)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\System32\BCMLogon.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(2036)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\stsystra.exe
c:\windows\system32\RunDLL32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-01-05 01:31:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-05 07:31
.
Pre-Run: 49,778,536,448 bytes free
Post-Run: 50,609,467,392 bytes free
.
- - End Of File - - 2EE34901A58FBE4B20D2475696FBFFDF

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 PM

Posted 05 January 2012 - 04:57 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Showme1

Showme1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 05 January 2012 - 05:48 AM

Alright, put the script in combofix and ran it again. I still can't repair my connection, but still no virus alert. Also, now it keeps removing Firefox as my default browser, and adds a secondary Firefox icon on the start menu.

update: AVG detected another one(new to me) trojan horse agent in system volume information\_restore, process name svchost. Not sure what that means, but I figured that's information that's good to have

Here's the log

ComboFix 12-01-05.01 - Austin 01/05/2012 4:25.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2488 [GMT -6:00]
Running from: c:\documents and settings\Austin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Austin\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
.
.
2011-12-30 17:32 . 2011-12-30 17:32 -------- d-----w- c:\documents and settings\Austin\Application Data\Malwarebytes
2011-12-30 17:32 . 2011-12-30 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-30 17:31 . 2011-12-30 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-30 17:31 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-28 21:49 . 2011-12-28 21:49 -------- d-----w- c:\program files\Atari
2011-12-27 20:52 . 2011-12-27 21:00 -------- d-----w- C:\tmp
2011-12-27 20:52 . 2011-12-27 20:58 -------- d-----w- C:\output
2011-12-25 15:36 . 2011-12-25 15:36 -------- d-----w- c:\documents and settings\Austin\Local Settings\Application Data\Chromium
2011-12-25 08:31 . 2011-12-25 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Hi-Rez Studios
2011-12-25 08:31 . 2012-01-04 07:26 -------- d-----w- c:\program files\Hi-Rez Studios
2011-12-19 14:51 . 2011-12-19 17:55 -------- d-----w- c:\program files\Giants
2011-12-18 01:15 . 2011-12-18 01:15 -------- d-----w- c:\documents and settings\Austin\Local Settings\Application Data\GamersFirst LIVE!
2011-12-18 01:13 . 2011-12-19 20:27 -------- d-----w- c:\program files\GamersFirst
2011-12-15 04:39 . 2011-12-15 04:39 42392 ----a-w- c:\windows\system32\xfcodec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-31 21:47 . 2009-02-27 21:58 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-31 21:47 . 2007-12-29 18:27 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-30 11:16 . 2007-12-29 18:27 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-12-30 11:16 . 2007-12-29 18:27 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-12-04 23:59 . 2011-12-05 00:00 6071056 ----a-w- c:\windows\uninst.exe
2011-12-03 09:07 . 2011-12-03 09:07 22032 ----a-w- c:\windows\DCEBoot.exe
2011-11-23 13:25 . 2004-08-10 11:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-11 11:56 . 2011-09-19 08:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-10 11:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-10 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2005-03-30 01:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2005-03-30 01:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 08:18 . 2008-12-25 14:15 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-10-14 23:38 . 2004-08-10 11:00 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2007-12-27 04:11 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-08 04:50 . 2011-01-08 00:56 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-10-08 04:50 . 2011-01-08 00:56 602432 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-10-08 04:50 . 2011-01-08 00:56 298304 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-08 04:50 . 2011-01-08 00:56 220992 ----a-w- c:\windows\system32\nvcolor.exe
2011-10-08 04:50 . 2011-01-08 00:56 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-08 04:50 . 2011-01-08 00:56 16744256 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-08 04:50 . 2010-12-25 17:20 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-08 04:50 . 2010-12-25 17:20 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-08 04:50 . 2010-12-25 17:20 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-08 04:50 . 2010-12-25 17:20 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-08 04:50 . 2010-12-25 17:20 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-08 04:50 . 2010-12-25 17:20 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-08 04:50 . 2007-12-05 07:41 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-08 04:50 . 2007-12-05 07:41 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
2011-10-08 04:50 . 2007-12-05 07:41 2449408 ----a-w- c:\windows\system32\nvapi.dll
2011-10-08 04:50 . 2007-12-05 07:41 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2011-10-08 04:50 . 2007-12-05 07:41 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-11-21 04:04 . 2011-12-09 04:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-05_07.25.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-05 10:24 . 2012-01-05 10:24 16384 c:\windows\Temp\Perflib_Perfdata_524.dat
+ 2012-01-05 10:24 . 2012-01-05 10:24 16384 c:\windows\Temp\Perflib_Perfdata_444.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-20 4616064]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-26 95632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-07 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-17 2042208]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-26 54672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Configuration Utility HW.14.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2006-12-22 598016]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-12-20 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-21 19:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Austin^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Austin\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-12-24 23:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-26 02:42 95632 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-10-21 08:18 3077528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\gPotato.com\\Allods Online\\bin\\Launcher.broken.exe.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Austin\\Local Settings\\Application Data\\Kamuse\\KCSTrayDownloader\\KCSTrayDownloaderEngine.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\fallout new vegas\\FalloutNVLauncher.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base19679\\SC2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOps.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Giants\\Giants.exe"=
"c:\\Program Files\\Hi-Rez Studios\\games\\tribes alpha\\Binaries\\Win32\\TribesAscend.exe"=
"c:\\Program Files\\Atari\\DnDNWNC\\Neverwinter Nights II\\nwn2main.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"56259:TCP"= 56259:TCP:Pando Media Booster
"56259:UDP"= 56259:UDP:Pando Media Booster
"56269:TCP"= 56269:TCP:Pando Media Booster
"56269:UDP"= 56269:UDP:Pando Media Booster
"59000:TCP"= 59000:TCP:Pando Media Booster
"59000:UDP"= 59000:UDP:Pando Media Booster
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/11/2010 1:34 AM 218592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/18/2009 1:41 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/18/2009 1:41 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 12:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 11:48 AM 116608]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/21/2009 1:57 PM 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [7/11/2010 1:34 AM 112592]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\Hi-Rez Studios\HiPatchService.exe [12/25/2011 2:31 AM 8704]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/30/2011 11:32 AM 652872]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8/12/2011 6:14 PM 2253120]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/11/2008 7:38 PM 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/30/2011 11:31 AM 20464]
S2 NetworkLog;NetworkLog;c:\windows\svcs.exe --> c:\windows\svcs.exe [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [9/2/2010 1:27 PM 14424]
S3 RTL8187B;TRENDnet TEW-424UB Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [1/4/2008 5:35 PM 189312]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/11/2010 1:34 AM 366840]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [3/24/2006 1:00 AM 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [9/29/2006 1:01 AM 500480]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 XDva248;XDva248;\??\c:\windows\system32\XDva248.sys --> c:\windows\system32\XDva248.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S3 xspirit;xspirit;\??\c:\docume~1\Austin\LOCALS~1\Temp\xspirit.sys --> c:\docume~1\Austin\LOCALS~1\Temp\xspirit.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php
uInternet Settings,ProxyOverride = <local>;*.local
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: ijji.com\gunz
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Austin\Application Data\Mozilla\Firefox\Profiles\lkte4da3.Overkill\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-05 04:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-790525478-484763869-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4e,42,6a,70,dd,98,83,db,9a,e5,30,74,5c,44,b5,78,7f,ee,10,8a,ed,59,1d,
97,9b,ec,51,5f,4a,a7,94,53,2f,47,19,ba,9a,f3,16,1c,f2,8a,e3,2f,e5,ac,ff,a4,\
"??"=hex:b5,51,b7,44,0f,48,fc,32,4e,b4,82,86,df,98,4b,0d
.
[HKEY_USERS\S-1-5-21-790525478-484763869-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:14,e3,e4,15,b6,bd,2d,8d,ff,86,27,50,39,85,76,05,16,bb,15,76,99,
83,7d,a3,35,7d,0a,b5,b3,58,15,82,27,a7,73,ca,37,f6,f4,71,c9,9b,94,2d,37,08,\
"rkeysecu"=hex:02,d9,ed,d4,e7,c8,89,07,76,e0,2e,93,a9,07,bb,25
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(924)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\System32\BCMLogon.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2012-01-05 04:44:10
ComboFix-quarantined-files.txt 2012-01-05 10:44
ComboFix2.txt 2012-01-05 07:31
.
Pre-Run: 50,647,752,704 bytes free
Post-Run: 50,707,910,656 bytes free
.
- - End Of File - - 34B588CFCF739323499154B3DD254A78

Edited by Showme1, 05 January 2012 - 10:02 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 PM

Posted 05 January 2012 - 12:02 PM

Hello

Can you connect to the internet?
is it only on some sites?
only in safe mode?

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Showme1

Showme1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 05 January 2012 - 01:15 PM

Yes, I can connect to the internet regularly now, but a few sites will not let me connect, even though the other tabs are connected fine, only being able to connect in safemode seemed to be a temporary thing.
here is the report from tdss


12:11:41.0703 3908 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
12:11:42.0250 3908 ============================================================
12:11:42.0250 3908 Current date / time: 2012/01/05 12:11:42.0250
12:11:42.0250 3908 SystemInfo:
12:11:42.0250 3908
12:11:42.0250 3908 OS Version: 5.1.2600 ServicePack: 3.0
12:11:42.0250 3908 Product type: Workstation
12:11:42.0250 3908 ComputerName: OVERKILL
12:11:42.0250 3908 UserName: Austin
12:11:42.0250 3908 Windows directory: C:\WINDOWS
12:11:42.0250 3908 System windows directory: C:\WINDOWS
12:11:42.0250 3908 Processor architecture: Intel x86
12:11:42.0250 3908 Number of processors: 2
12:11:42.0250 3908 Page size: 0x1000
12:11:42.0250 3908 Boot type: Normal boot
12:11:42.0250 3908 ============================================================
12:11:43.0078 3908 Initialize success
12:11:45.0015 3052 ============================================================
12:11:45.0015 3052 Scan started
12:11:45.0015 3052 Mode: Manual;
12:11:45.0015 3052 ============================================================
12:11:46.0843 3052 Abiosdsk - ok
12:11:46.0843 3052 abp480n5 - ok
12:11:46.0890 3052 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:11:46.0890 3052 ACPI - ok
12:11:46.0968 3052 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:11:46.0968 3052 ACPIEC - ok
12:11:47.0078 3052 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
12:11:47.0078 3052 adfs - ok
12:11:47.0125 3052 adpu160m - ok
12:11:47.0140 3052 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:11:47.0140 3052 aec - ok
12:11:47.0218 3052 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:11:47.0250 3052 AegisP - ok
12:11:47.0328 3052 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:11:47.0375 3052 AFD - ok
12:11:47.0453 3052 Aha154x - ok
12:11:47.0453 3052 aic78u2 - ok
12:11:47.0453 3052 aic78xx - ok
12:11:47.0468 3052 AliIde - ok
12:11:47.0468 3052 amsint - ok
12:11:47.0531 3052 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:11:47.0531 3052 Arp1394 - ok
12:11:47.0593 3052 asc - ok
12:11:47.0593 3052 asc3350p - ok
12:11:47.0609 3052 asc3550 - ok
12:11:47.0609 3052 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:11:47.0625 3052 AsyncMac - ok
12:11:47.0718 3052 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:11:47.0718 3052 atapi - ok
12:11:48.0203 3052 Atdisk - ok
12:11:48.0343 3052 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
12:11:48.0359 3052 atksgt - ok
12:11:48.0421 3052 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:11:48.0437 3052 Atmarpc - ok
12:11:48.0531 3052 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:11:48.0531 3052 audstub - ok
12:11:48.0593 3052 Avg7Core - ok
12:11:48.0593 3052 Avg7RsW - ok
12:11:48.0609 3052 Avg7RsXP - ok
12:11:48.0718 3052 AvgClean - ok
12:11:48.0812 3052 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
12:11:48.0828 3052 AvgLdx86 - ok
12:11:48.0859 3052 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
12:11:48.0875 3052 AvgMfx86 - ok
12:11:48.0906 3052 AvgTdi - ok
12:11:49.0000 3052 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
12:11:49.0000 3052 AvgTdiX - ok
12:11:49.0078 3052 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
12:11:49.0093 3052 BCM43XX - ok
12:11:49.0125 3052 BCMWLNPF - ok
12:11:49.0203 3052 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:11:49.0218 3052 Beep - ok
12:11:49.0390 3052 catchme - ok
12:11:49.0453 3052 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:11:49.0468 3052 cbidf2k - ok
12:11:49.0546 3052 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:11:49.0546 3052 CCDECODE - ok
12:11:49.0609 3052 cd20xrnt - ok
12:11:49.0625 3052 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:11:49.0625 3052 Cdaudio - ok
12:11:49.0671 3052 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:11:49.0687 3052 Cdfs - ok
12:11:49.0718 3052 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:11:49.0734 3052 Cdrom - ok
12:11:49.0796 3052 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
12:11:49.0812 3052 cercsr6 - ok
12:11:49.0859 3052 Changer - ok
12:11:49.0875 3052 CmdIde - ok
12:11:49.0875 3052 Cpqarray - ok
12:11:49.0890 3052 dac2w2k - ok
12:11:49.0937 3052 dac960nt - ok
12:11:49.0984 3052 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:11:50.0000 3052 Disk - ok
12:11:50.0046 3052 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:11:50.0062 3052 dmboot - ok
12:11:50.0078 3052 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:11:50.0078 3052 dmio - ok
12:11:50.0093 3052 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:11:50.0093 3052 dmload - ok
12:11:50.0125 3052 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:11:50.0125 3052 DMusic - ok
12:11:50.0125 3052 dpti2o - ok
12:11:50.0140 3052 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:11:50.0156 3052 drmkaud - ok
12:11:50.0187 3052 e1express (17aaca24903e6d5faece3c35de01d3dd) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
12:11:50.0234 3052 e1express - ok
12:11:50.0234 3052 EagleNT - ok
12:11:50.0281 3052 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:11:50.0296 3052 Fastfat - ok
12:11:50.0328 3052 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:11:50.0328 3052 Fdc - ok
12:11:50.0343 3052 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:11:50.0359 3052 Fips - ok
12:11:50.0359 3052 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:11:50.0375 3052 Flpydisk - ok
12:11:50.0406 3052 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:11:50.0421 3052 FltMgr - ok
12:11:50.0453 3052 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:11:50.0453 3052 Fs_Rec - ok
12:11:50.0500 3052 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:11:50.0500 3052 Ftdisk - ok
12:11:50.0578 3052 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:11:50.0578 3052 GEARAspiWDM - ok
12:11:50.0640 3052 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
12:11:50.0781 3052 giveio - ok
12:11:50.0859 3052 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:11:50.0875 3052 Gpc - ok
12:11:50.0937 3052 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:11:50.0937 3052 HDAudBus - ok
12:11:50.0984 3052 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:11:50.0984 3052 hidusb - ok
12:11:51.0031 3052 hpn - ok
12:11:51.0078 3052 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:11:51.0078 3052 HTTP - ok
12:11:51.0125 3052 i2omgmt - ok
12:11:51.0125 3052 i2omp - ok
12:11:51.0140 3052 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
12:11:51.0156 3052 i8042prt - ok
12:11:51.0203 3052 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:11:51.0203 3052 Imapi - ok
12:11:51.0250 3052 ini910u - ok
12:11:51.0250 3052 IntelIde - ok
12:11:51.0296 3052 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:11:51.0312 3052 intelppm - ok
12:11:51.0390 3052 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:11:51.0390 3052 Ip6Fw - ok
12:11:51.0453 3052 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:11:51.0453 3052 IpFilterDriver - ok
12:11:51.0531 3052 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:11:51.0546 3052 IpInIp - ok
12:11:51.0687 3052 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:11:51.0703 3052 IpNat - ok
12:11:51.0750 3052 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:11:51.0750 3052 IPSec - ok
12:11:51.0812 3052 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:11:51.0812 3052 IRENUM - ok
12:11:51.0875 3052 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:11:51.0890 3052 isapnp - ok
12:11:51.0921 3052 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:11:51.0937 3052 Kbdclass - ok
12:11:51.0968 3052 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:11:51.0968 3052 kbdhid - ok
12:11:51.0984 3052 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:11:52.0000 3052 kmixer - ok
12:11:52.0062 3052 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:11:52.0062 3052 KSecDD - ok
12:11:52.0109 3052 lbrtfdc - ok
12:11:52.0156 3052 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
12:11:52.0171 3052 lirsgt - ok
12:11:52.0218 3052 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
12:11:52.0218 3052 MBAMProtector - ok
12:11:52.0312 3052 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:11:52.0312 3052 MHNDRV - ok
12:11:52.0375 3052 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:11:52.0375 3052 mnmdd - ok
12:11:52.0390 3052 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:11:52.0390 3052 Modem - ok
12:11:52.0421 3052 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:11:52.0437 3052 Mouclass - ok
12:11:52.0453 3052 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:11:52.0453 3052 mouhid - ok
12:11:52.0484 3052 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:11:52.0500 3052 MountMgr - ok
12:11:52.0515 3052 mraid35x - ok
12:11:52.0531 3052 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:11:52.0531 3052 MRxDAV - ok
12:11:52.0609 3052 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:11:52.0625 3052 MRxSmb - ok
12:11:52.0625 3052 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:11:52.0640 3052 Msfs - ok
12:11:52.0671 3052 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:11:52.0671 3052 MSKSSRV - ok
12:11:52.0750 3052 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:11:52.0750 3052 MSPCLOCK - ok
12:11:52.0828 3052 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:11:52.0843 3052 MSPQM - ok
12:11:52.0921 3052 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:11:52.0921 3052 mssmbios - ok
12:11:52.0968 3052 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:11:52.0968 3052 MSTEE - ok
12:11:53.0000 3052 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:11:53.0015 3052 Mup - ok
12:11:53.0062 3052 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:11:53.0062 3052 NABTSFEC - ok
12:11:53.0140 3052 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:11:53.0140 3052 NDIS - ok
12:11:53.0187 3052 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:11:53.0187 3052 NdisIP - ok
12:11:53.0265 3052 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:11:53.0265 3052 NdisTapi - ok
12:11:53.0312 3052 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:11:53.0312 3052 Ndisuio - ok
12:11:53.0328 3052 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:11:53.0343 3052 NdisWan - ok
12:11:53.0390 3052 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:11:53.0406 3052 NDProxy - ok
12:11:53.0406 3052 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:11:53.0421 3052 NetBIOS - ok
12:11:53.0468 3052 NetBT (d826e005fb7006521a4c23855cd077ea) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:11:53.0546 3052 NetBT - ok
12:11:53.0687 3052 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:11:53.0750 3052 NIC1394 - ok
12:11:53.0968 3052 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:11:54.0000 3052 Npfs - ok
12:11:54.0234 3052 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:11:54.0421 3052 Ntfs - ok
12:11:54.0671 3052 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:11:54.0687 3052 Null - ok
12:11:56.0437 3052 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:11:57.0343 3052 nv - ok
12:11:57.0453 3052 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\WINDOWS\nvoclock.sys
12:12:03.0531 3052 NVR0Dev - ok
12:12:03.0812 3052 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:12:03.0828 3052 NwlnkFlt - ok
12:12:04.0046 3052 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:12:04.0078 3052 NwlnkFwd - ok
12:12:04.0343 3052 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:12:04.0375 3052 ohci1394 - ok
12:12:04.0546 3052 OMCI - ok
12:12:04.0703 3052 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
12:12:04.0718 3052 Parport - ok
12:12:04.0937 3052 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:12:04.0953 3052 PartMgr - ok
12:12:05.0140 3052 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:12:05.0156 3052 ParVdm - ok
12:12:05.0312 3052 pbfilter (65fb0c4aa30d84849e0e4c97cb5501ce) C:\Program Files\PeerBlock\pbfilter.sys
12:12:05.0343 3052 pbfilter - ok
12:12:05.0500 3052 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:12:05.0531 3052 PCI - ok
12:12:05.0656 3052 PCIDump - ok
12:12:05.0843 3052 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:12:05.0859 3052 PCIIde - ok
12:12:06.0031 3052 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:12:06.0062 3052 Pcmcia - ok
12:12:06.0328 3052 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
12:12:06.0421 3052 PCTCore - ok
12:12:06.0531 3052 PDCOMP - ok
12:12:06.0671 3052 PDFRAME - ok
12:12:06.0812 3052 PDRELI - ok
12:12:06.0984 3052 PDRFRAME - ok
12:12:07.0125 3052 perc2 - ok
12:12:07.0328 3052 perc2hib - ok
12:12:07.0531 3052 PnkBstrK (fbb543ee813688a8fdd8ee6f0e947744) C:\WINDOWS\system32\drivers\PnkBstrK.sys
12:12:07.0765 3052 PnkBstrK - ok
12:12:08.0187 3052 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:12:08.0250 3052 PptpMiniport - ok
12:12:08.0484 3052 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:12:08.0531 3052 PSched - ok
12:12:08.0750 3052 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:12:08.0765 3052 Ptilink - ok
12:12:09.0046 3052 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:12:09.0109 3052 PxHelp20 - ok
12:12:09.0171 3052 ql1080 - ok
12:12:09.0312 3052 Ql10wnt - ok
12:12:09.0484 3052 ql12160 - ok
12:12:09.0687 3052 ql1240 - ok
12:12:10.0062 3052 ql1280 - ok
12:12:10.0562 3052 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:12:10.0609 3052 RasAcd - ok
12:12:10.0953 3052 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:12:11.0015 3052 Rasl2tp - ok
12:12:11.0281 3052 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:12:11.0312 3052 RasPppoe - ok
12:12:11.0625 3052 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:12:11.0671 3052 Raspti - ok
12:12:12.0140 3052 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:12:12.0359 3052 Rdbss - ok
12:12:12.0812 3052 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:12:12.0843 3052 RDPCDD - ok
12:12:13.0437 3052 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:12:13.0687 3052 rdpdr - ok
12:12:14.0140 3052 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:12:14.0234 3052 RDPWD - ok
12:12:14.0718 3052 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:12:14.0781 3052 redbook - ok
12:12:15.0281 3052 RTL8187B (0ad58b970b61112d4637e299e8a19137) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
12:12:15.0328 3052 RTL8187B - ok
12:12:15.0562 3052 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:12:15.0593 3052 SASDIFSV - ok
12:12:15.0750 3052 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:12:15.0812 3052 SASKUTIL - ok
12:12:16.0343 3052 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys
12:12:16.0453 3052 SCDEmu - ok
12:12:17.0031 3052 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:12:17.0062 3052 Secdrv - ok
12:12:17.0281 3052 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
12:12:17.0296 3052 Serial - ok
12:12:17.0578 3052 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
12:12:17.0625 3052 sfdrv01 - ok
12:12:18.0015 3052 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
12:12:18.0046 3052 sfhlp02 - ok
12:12:18.0187 3052 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:12:18.0203 3052 Sfloppy - ok
12:12:18.0375 3052 sfng32 (76bd55922b3179fa7b5bd528839e6fb4) C:\WINDOWS\system32\drivers\sfng32.sys
12:12:18.0406 3052 sfng32 - ok
12:12:18.0500 3052 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) C:\WINDOWS\system32\drivers\sfsync02.sys
12:12:18.0515 3052 sfsync02 - ok
12:12:18.0531 3052 Simbad - ok
12:12:18.0546 3052 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:12:18.0562 3052 SLIP - ok
12:12:18.0671 3052 Sparrow - ok
12:12:18.0734 3052 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:12:18.0734 3052 splitter - ok
12:12:18.0796 3052 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:12:18.0828 3052 sr - ok
12:12:18.0937 3052 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:12:18.0968 3052 Srv - ok
12:12:19.0125 3052 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
12:12:19.0140 3052 STHDA - ok
12:12:19.0187 3052 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:12:19.0187 3052 streamip - ok
12:12:19.0265 3052 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:12:19.0265 3052 swenum - ok
12:12:19.0312 3052 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:12:19.0312 3052 swmidi - ok
12:12:19.0343 3052 symc810 - ok
12:12:19.0359 3052 symc8xx - ok
12:12:19.0359 3052 sym_hi - ok
12:12:19.0375 3052 sym_u3 - ok
12:12:19.0421 3052 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:12:19.0421 3052 sysaudio - ok
12:12:19.0515 3052 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:12:19.0531 3052 Tcpip - ok
12:12:19.0656 3052 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
12:12:19.0718 3052 Tcpip6 - ok
12:12:19.0812 3052 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:12:19.0828 3052 TDPIPE - ok
12:12:19.0875 3052 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:12:19.0890 3052 TDTCP - ok
12:12:19.0953 3052 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:12:19.0968 3052 TermDD - ok
12:12:19.0968 3052 TosIde - ok
12:12:20.0015 3052 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
12:12:20.0015 3052 tunmp - ok
12:12:20.0046 3052 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:12:20.0062 3052 Udfs - ok
12:12:20.0062 3052 ultra - ok
12:12:20.0093 3052 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:12:20.0125 3052 Update - ok
12:12:20.0171 3052 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:12:20.0171 3052 USBAAPL - ok
12:12:20.0203 3052 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:12:20.0218 3052 usbccgp - ok
12:12:20.0218 3052 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:12:20.0234 3052 usbehci - ok
12:12:20.0234 3052 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:12:20.0234 3052 usbhub - ok
12:12:20.0265 3052 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:12:20.0265 3052 usbscan - ok
12:12:20.0296 3052 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:12:20.0312 3052 USBSTOR - ok
12:12:20.0312 3052 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:12:20.0312 3052 usbuhci - ok
12:12:20.0343 3052 V0230Vfx (a0c643d5f8c60f12faa6e3454dfe9c32) C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys
12:12:20.0359 3052 V0230Vfx - ok
12:12:20.0406 3052 V0230VID (4dda6f6d396cb34171aa36ad025fdc76) C:\WINDOWS\system32\DRIVERS\V0230VID.sys
12:12:20.0437 3052 V0230VID - ok
12:12:20.0484 3052 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:12:20.0500 3052 VgaSave - ok
12:12:20.0500 3052 ViaIde - ok
12:12:20.0562 3052 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:12:20.0578 3052 VolSnap - ok
12:12:20.0593 3052 vtany - ok
12:12:20.0687 3052 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:12:20.0703 3052 Wanarp - ok
12:12:20.0734 3052 WDICA - ok
12:12:20.0781 3052 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:12:20.0781 3052 wdmaud - ok
12:12:20.0859 3052 WpdUsb (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys
12:12:20.0875 3052 WpdUsb - ok
12:12:20.0984 3052 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:12:20.0984 3052 WS2IFSL - ok
12:12:21.0046 3052 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:12:21.0046 3052 WSTCODEC - ok
12:12:21.0109 3052 XDva248 - ok
12:12:21.0140 3052 xhunter1 - ok
12:12:21.0328 3052 xspirit - ok
12:12:21.0359 3052 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:12:21.0468 3052 \Device\Harddisk0\DR0 - ok
12:12:21.0468 3052 Boot (0x1200) (c5fe0db451a16c1439aed6f02e37044c) \Device\Harddisk0\DR0\Partition0
12:12:21.0468 3052 \Device\Harddisk0\DR0\Partition0 - ok
12:12:21.0468 3052 ============================================================
12:12:21.0468 3052 Scan finished
12:12:21.0468 3052 ============================================================
12:12:21.0468 3128 Detected object count: 0
12:12:21.0468 3128 Actual detected object count: 0
12:12:44.0687 1408 ============================================================
12:12:44.0687 1408 Scan started
12:12:44.0687 1408 Mode: Manual;
12:12:44.0687 1408 ============================================================
12:12:45.0078 1408 Abiosdsk - ok
12:12:45.0125 1408 abp480n5 - ok
12:12:45.0234 1408 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:12:45.0234 1408 ACPI - ok
12:12:45.0390 1408 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:12:45.0390 1408 ACPIEC - ok
12:12:45.0500 1408 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
12:12:45.0500 1408 adfs - ok
12:12:45.0531 1408 adpu160m - ok
12:12:45.0562 1408 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:12:45.0562 1408 aec - ok
12:12:45.0609 1408 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:12:45.0609 1408 AegisP - ok
12:12:45.0656 1408 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:12:45.0656 1408 AFD - ok
12:12:45.0687 1408 Aha154x - ok
12:12:45.0703 1408 aic78u2 - ok
12:12:45.0734 1408 aic78xx - ok
12:12:45.0828 1408 AliIde - ok
12:12:45.0859 1408 amsint - ok
12:12:45.0984 1408 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:12:45.0984 1408 Arp1394 - ok
12:12:46.0046 1408 asc - ok
12:12:46.0078 1408 asc3350p - ok
12:12:46.0093 1408 asc3550 - ok
12:12:46.0109 1408 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:12:46.0109 1408 AsyncMac - ok
12:12:46.0125 1408 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:12:46.0125 1408 atapi - ok
12:12:46.0125 1408 Atdisk - ok
12:12:46.0203 1408 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
12:12:46.0203 1408 atksgt - ok
12:12:46.0218 1408 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:12:46.0218 1408 Atmarpc - ok
12:12:46.0265 1408 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:12:46.0265 1408 audstub - ok
12:12:46.0281 1408 Avg7Core - ok
12:12:46.0296 1408 Avg7RsW - ok
12:12:46.0296 1408 Avg7RsXP - ok
12:12:46.0359 1408 AvgClean - ok
12:12:46.0421 1408 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
12:12:46.0421 1408 AvgLdx86 - ok
12:12:46.0453 1408 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
12:12:46.0453 1408 AvgMfx86 - ok
12:12:46.0531 1408 AvgTdi - ok
12:12:46.0625 1408 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
12:12:46.0625 1408 AvgTdiX - ok
12:12:46.0859 1408 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
12:12:46.0875 1408 BCM43XX - ok
12:12:46.0906 1408 BCMWLNPF - ok
12:12:46.0968 1408 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:12:46.0968 1408 Beep - ok
12:12:47.0187 1408 catchme - ok
12:12:47.0359 1408 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:12:47.0359 1408 cbidf2k - ok
12:12:47.0500 1408 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:12:47.0500 1408 CCDECODE - ok
12:12:47.0546 1408 cd20xrnt - ok
12:12:47.0578 1408 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:12:47.0578 1408 Cdaudio - ok
12:12:47.0640 1408 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:12:47.0640 1408 Cdfs - ok
12:12:47.0781 1408 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:12:47.0781 1408 Cdrom - ok
12:12:47.0906 1408 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
12:12:47.0906 1408 cercsr6 - ok
12:12:47.0953 1408 Changer - ok
12:12:47.0984 1408 CmdIde - ok
12:12:48.0000 1408 Cpqarray - ok
12:12:48.0000 1408 dac2w2k - ok
12:12:48.0015 1408 dac960nt - ok
12:12:48.0062 1408 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:12:48.0062 1408 Disk - ok
12:12:48.0140 1408 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:12:48.0140 1408 dmboot - ok
12:12:48.0203 1408 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:12:48.0203 1408 dmio - ok
12:12:48.0234 1408 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:12:48.0234 1408 dmload - ok
12:12:48.0250 1408 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:12:48.0250 1408 DMusic - ok
12:12:48.0296 1408 dpti2o - ok
12:12:48.0312 1408 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:12:48.0312 1408 drmkaud - ok
12:12:48.0406 1408 e1express (17aaca24903e6d5faece3c35de01d3dd) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
12:12:48.0406 1408 e1express - ok
12:12:48.0453 1408 EagleNT - ok
12:12:48.0515 1408 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:12:48.0515 1408 Fastfat - ok
12:12:48.0578 1408 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:12:48.0578 1408 Fdc - ok
12:12:48.0593 1408 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:12:48.0593 1408 Fips - ok
12:12:48.0593 1408 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:12:48.0593 1408 Flpydisk - ok
12:12:48.0656 1408 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:12:48.0656 1408 FltMgr - ok
12:12:48.0656 1408 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:12:48.0656 1408 Fs_Rec - ok
12:12:48.0671 1408 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:12:48.0671 1408 Ftdisk - ok
12:12:48.0718 1408 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:12:48.0718 1408 GEARAspiWDM - ok
12:12:48.0734 1408 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
12:12:48.0734 1408 giveio - ok
12:12:48.0765 1408 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:12:48.0765 1408 Gpc - ok
12:12:48.0781 1408 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:12:48.0781 1408 HDAudBus - ok
12:12:48.0812 1408 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:12:48.0812 1408 hidusb - ok
12:12:48.0828 1408 hpn - ok
12:12:48.0859 1408 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:12:48.0859 1408 HTTP - ok
12:12:48.0875 1408 i2omgmt - ok
12:12:48.0890 1408 i2omp - ok
12:12:48.0890 1408 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
12:12:48.0890 1408 i8042prt - ok
12:12:48.0953 1408 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:12:48.0953 1408 Imapi - ok
12:12:48.0984 1408 ini910u - ok
12:12:48.0984 1408 IntelIde - ok
12:12:49.0015 1408 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:12:49.0015 1408 intelppm - ok
12:12:49.0046 1408 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:12:49.0046 1408 Ip6Fw - ok
12:12:49.0109 1408 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:12:49.0109 1408 IpFilterDriver - ok
12:12:49.0187 1408 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:12:49.0187 1408 IpInIp - ok
12:12:49.0265 1408 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:12:49.0265 1408 IpNat - ok
12:12:49.0296 1408 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:12:49.0296 1408 IPSec - ok
12:12:49.0328 1408 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:12:49.0328 1408 IRENUM - ok
12:12:49.0421 1408 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:12:49.0421 1408 isapnp - ok
12:12:49.0500 1408 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:12:49.0500 1408 Kbdclass - ok
12:12:49.0562 1408 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:12:49.0562 1408 kbdhid - ok
12:12:49.0609 1408 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:12:49.0609 1408 kmixer - ok
12:12:49.0671 1408 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:12:49.0671 1408 KSecDD - ok
12:12:49.0750 1408 lbrtfdc - ok
12:12:49.0906 1408 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
12:12:49.0906 1408 lirsgt - ok
12:12:49.0968 1408 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
12:12:49.0968 1408 MBAMProtector - ok
12:12:50.0015 1408 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:12:50.0015 1408 MHNDRV - ok
12:12:50.0140 1408 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:12:50.0140 1408 mnmdd - ok
12:12:50.0218 1408 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:12:50.0218 1408 Modem - ok
12:12:50.0265 1408 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:12:50.0265 1408 Mouclass - ok
12:12:50.0343 1408 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:12:50.0343 1408 mouhid - ok
12:12:50.0390 1408 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:12:50.0390 1408 MountMgr - ok
12:12:50.0437 1408 mraid35x - ok
12:12:50.0484 1408 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:12:50.0484 1408 MRxDAV - ok
12:12:50.0609 1408 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:12:50.0609 1408 MRxSmb - ok
12:12:50.0640 1408 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:12:50.0640 1408 Msfs - ok
12:12:50.0687 1408 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:12:50.0687 1408 MSKSSRV - ok
12:12:50.0765 1408 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:12:50.0765 1408 MSPCLOCK - ok
12:12:50.0859 1408 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:12:50.0859 1408 MSPQM - ok
12:12:50.0968 1408 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:12:50.0968 1408 mssmbios - ok
12:12:51.0031 1408 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:12:51.0031 1408 MSTEE - ok
12:12:51.0125 1408 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:12:51.0125 1408 Mup - ok
12:12:51.0203 1408 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:12:51.0203 1408 NABTSFEC - ok
12:12:51.0296 1408 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:12:51.0296 1408 NDIS - ok
12:12:51.0343 1408 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:12:51.0343 1408 NdisIP - ok
12:12:51.0437 1408 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:12:51.0437 1408 NdisTapi - ok
12:12:51.0484 1408 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:12:51.0484 1408 Ndisuio - ok
12:12:51.0515 1408 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:12:51.0515 1408 NdisWan - ok
12:12:51.0609 1408 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:12:51.0609 1408 NDProxy - ok
12:12:51.0671 1408 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:12:51.0671 1408 NetBIOS - ok
12:12:51.0687 1408 NetBT (d826e005fb7006521a4c23855cd077ea) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:12:51.0687 1408 NetBT - ok
12:12:51.0781 1408 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:12:51.0781 1408 NIC1394 - ok
12:12:51.0843 1408 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:12:51.0843 1408 Npfs - ok
12:12:51.0859 1408 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:12:51.0859 1408 Ntfs - ok
12:12:51.0937 1408 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:12:51.0937 1408 Null - ok
12:12:52.0906 1408 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:12:52.0968 1408 nv - ok
12:12:53.0031 1408 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\WINDOWS\nvoclock.sys
12:12:53.0031 1408 NVR0Dev - ok
12:12:53.0140 1408 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:12:53.0140 1408 NwlnkFlt - ok
12:12:53.0218 1408 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:12:53.0218 1408 NwlnkFwd - ok
12:12:53.0281 1408 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:12:53.0281 1408 ohci1394 - ok
12:12:53.0375 1408 OMCI - ok
12:12:53.0421 1408 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
12:12:53.0421 1408 Parport - ok
12:12:53.0453 1408 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:12:53.0453 1408 PartMgr - ok
12:12:53.0500 1408 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:12:53.0500 1408 ParVdm - ok
12:12:53.0609 1408 pbfilter (65fb0c4aa30d84849e0e4c97cb5501ce) C:\Program Files\PeerBlock\pbfilter.sys
12:12:53.0609 1408 pbfilter - ok
12:12:53.0687 1408 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:12:53.0687 1408 PCI - ok
12:12:53.0750 1408 PCIDump - ok
12:12:53.0859 1408 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:12:53.0859 1408 PCIIde - ok
12:12:53.0921 1408 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:12:53.0937 1408 Pcmcia - ok
12:12:54.0015 1408 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
12:12:54.0015 1408 PCTCore - ok
12:12:54.0062 1408 PDCOMP - ok
12:12:54.0078 1408 PDFRAME - ok
12:12:54.0109 1408 PDRELI - ok
12:12:54.0109 1408 PDRFRAME - ok
12:12:54.0125 1408 perc2 - ok
12:12:54.0125 1408 perc2hib - ok
12:12:54.0312 1408 PnkBstrK (fbb543ee813688a8fdd8ee6f0e947744) C:\WINDOWS\system32\drivers\PnkBstrK.sys
12:12:54.0312 1408 PnkBstrK - ok
12:12:54.0421 1408 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:12:54.0421 1408 PptpMiniport - ok
12:12:54.0500 1408 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:12:54.0500 1408 PSched - ok
12:12:54.0625 1408 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:12:54.0625 1408 Ptilink - ok
12:12:54.0875 1408 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:12:54.0875 1408 PxHelp20 - ok
12:12:55.0062 1408 ql1080 - ok
12:12:55.0234 1408 Ql10wnt - ok
12:12:55.0390 1408 ql12160 - ok
12:12:55.0562 1408 ql1240 - ok
12:12:55.0703 1408 ql1280 - ok
12:12:55.0921 1408 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:12:55.0921 1408 RasAcd - ok
12:12:56.0171 1408 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:12:56.0171 1408 Rasl2tp - ok
12:12:56.0390 1408 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:12:56.0390 1408 RasPppoe - ok
12:12:56.0593 1408 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:12:56.0593 1408 Raspti - ok
12:12:56.0796 1408 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:12:56.0796 1408 Rdbss - ok
12:12:57.0015 1408 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:12:57.0015 1408 RDPCDD - ok
12:12:57.0281 1408 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:12:57.0281 1408 rdpdr - ok
12:12:57.0609 1408 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:12:57.0609 1408 RDPWD - ok
12:12:57.0875 1408 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:12:57.0875 1408 redbook - ok
12:12:58.0203 1408 RTL8187B (0ad58b970b61112d4637e299e8a19137) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
12:12:58.0203 1408 RTL8187B - ok
12:12:58.0421 1408 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:12:58.0421 1408 SASDIFSV - ok
12:12:58.0484 1408 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:12:58.0484 1408 SASKUTIL - ok
12:12:58.0843 1408 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys
12:12:58.0843 1408 SCDEmu - ok
12:12:59.0125 1408 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:12:59.0125 1408 Secdrv - ok
12:12:59.0375 1408 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
12:12:59.0375 1408 Serial - ok
12:12:59.0640 1408 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
12:12:59.0640 1408 sfdrv01 - ok
12:12:59.0890 1408 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
12:12:59.0890 1408 sfhlp02 - ok
12:13:00.0109 1408 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:13:00.0109 1408 Sfloppy - ok
12:13:00.0406 1408 sfng32 (76bd55922b3179fa7b5bd528839e6fb4) C:\WINDOWS\system32\drivers\sfng32.sys
12:13:00.0406 1408 sfng32 - ok
12:13:00.0671 1408 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) C:\WINDOWS\system32\drivers\sfsync02.sys
12:13:00.0671 1408 sfsync02 - ok
12:13:00.0875 1408 Simbad - ok
12:13:01.0109 1408 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:13:01.0109 1408 SLIP - ok
12:13:01.0312 1408 Sparrow - ok
12:13:01.0500 1408 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:13:01.0500 1408 splitter - ok
12:13:01.0718 1408 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:13:01.0718 1408 sr - ok
12:13:01.0968 1408 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:13:01.0968 1408 Srv - ok
12:13:02.0328 1408 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
12:13:02.0328 1408 STHDA - ok
12:13:02.0578 1408 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:13:02.0578 1408 streamip - ok
12:13:02.0812 1408 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:13:02.0812 1408 swenum - ok
12:13:03.0015 1408 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:13:03.0015 1408 swmidi - ok
12:13:03.0187 1408 symc810 - ok
12:13:03.0312 1408 symc8xx - ok
12:13:03.0468 1408 sym_hi - ok
12:13:03.0625 1408 sym_u3 - ok
12:13:03.0796 1408 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:13:03.0796 1408 sysaudio - ok
12:13:04.0000 1408 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:13:04.0015 1408 Tcpip - ok
12:13:04.0265 1408 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
12:13:04.0265 1408 Tcpip6 - ok
12:13:04.0468 1408 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:13:04.0468 1408 TDPIPE - ok
12:13:04.0687 1408 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:13:04.0687 1408 TDTCP - ok
12:13:04.0890 1408 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:13:04.0890 1408 TermDD - ok
12:13:05.0046 1408 TosIde - ok
12:13:05.0234 1408 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
12:13:05.0234 1408 tunmp - ok
12:13:05.0468 1408 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:13:05.0468 1408 Udfs - ok
12:13:05.0625 1408 ultra - ok
12:13:05.0859 1408 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:13:05.0859 1408 Update - ok
12:13:06.0203 1408 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:13:06.0203 1408 USBAAPL - ok
12:13:06.0437 1408 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:13:06.0437 1408 usbccgp - ok
12:13:06.0687 1408 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:13:06.0687 1408 usbehci - ok
12:13:06.0921 1408 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:13:06.0921 1408 usbhub - ok
12:13:07.0140 1408 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:13:07.0140 1408 usbscan - ok
12:13:07.0421 1408 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:13:07.0421 1408 USBSTOR - ok
12:13:07.0640 1408 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:13:07.0640 1408 usbuhci - ok
12:13:07.0937 1408 V0230Vfx (a0c643d5f8c60f12faa6e3454dfe9c32) C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys
12:13:07.0953 1408 V0230Vfx - ok
12:13:08.0328 1408 V0230VID (4dda6f6d396cb34171aa36ad025fdc76) C:\WINDOWS\system32\DRIVERS\V0230VID.sys
12:13:08.0328 1408 V0230VID - ok
12:13:08.0578 1408 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:13:08.0578 1408 VgaSave - ok
12:13:08.0687 1408 ViaIde - ok
12:13:08.0921 1408 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:13:08.0921 1408 VolSnap - ok
12:13:08.0984 1408 vtany - ok
12:13:09.0171 1408 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:13:09.0171 1408 Wanarp - ok
12:13:09.0343 1408 WDICA - ok
12:13:09.0531 1408 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:13:09.0531 1408 wdmaud - ok
12:13:09.0765 1408 WpdUsb (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys
12:13:09.0765 1408 WpdUsb - ok
12:13:10.0046 1408 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:13:10.0046 1408 WS2IFSL - ok
12:13:10.0234 1408 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:13:10.0234 1408 WSTCODEC - ok
12:13:10.0375 1408 XDva248 - ok
12:13:10.0406 1408 xhunter1 - ok
12:13:10.0718 1408 xspirit - ok
12:13:10.0765 1408 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:13:15.0015 1408 \Device\Harddisk0\DR0 - ok
12:13:15.0046 1408 Boot (0x1200) (c5fe0db451a16c1439aed6f02e37044c) \Device\Harddisk0\DR0\Partition0
12:13:15.0078 1408 \Device\Harddisk0\DR0\Partition0 - ok
12:13:15.0078 1408 ============================================================
12:13:15.0078 1408 Scan finished
12:13:15.0078 1408 ============================================================
12:13:15.0078 0532 Detected object count: 0
12:13:15.0078 0532 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 PM

Posted 05 January 2012 - 09:57 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Showme1

Showme1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 05 January 2012 - 11:04 PM

Ok, ran that script again, it found the same rootkit infection that it found the first time, so I'm not sure if it fixed it or not, nothing seems to have changed as far as I can tell. I Haven't had a virus alert in a while, but I still can't repair my connection completely. And the websites that wouldn't connect before are still not connecting.

Here's the combofix log

ComboFix 12-01-05.04 - Austin 01/05/2012 21:41:46.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2489 [GMT -6:00]
Running from: c:\documents and settings\Austin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Austin\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 )))))))))))))))))))))))))))))))
.
.
2011-12-30 17:32 . 2011-12-30 17:32 -------- d-----w- c:\documents and settings\Austin\Application Data\Malwarebytes
2011-12-30 17:32 . 2011-12-30 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-30 17:31 . 2011-12-30 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-30 17:31 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-28 21:49 . 2011-12-28 21:49 -------- d-----w- c:\program files\Atari
2011-12-27 20:52 . 2011-12-27 21:00 -------- d-----w- C:\tmp
2011-12-27 20:52 . 2011-12-27 20:58 -------- d-----w- C:\output
2011-12-25 15:36 . 2011-12-25 15:36 -------- d-----w- c:\documents and settings\Austin\Local Settings\Application Data\Chromium
2011-12-25 08:31 . 2011-12-25 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Hi-Rez Studios
2011-12-25 08:31 . 2012-01-04 07:26 -------- d-----w- c:\program files\Hi-Rez Studios
2011-12-19 14:51 . 2011-12-19 17:55 -------- d-----w- c:\program files\Giants
2011-12-18 01:15 . 2011-12-18 01:15 -------- d-----w- c:\documents and settings\Austin\Local Settings\Application Data\GamersFirst LIVE!
2011-12-18 01:13 . 2011-12-19 20:27 -------- d-----w- c:\program files\GamersFirst
2011-12-15 04:39 . 2011-12-15 04:39 42392 ----a-w- c:\windows\system32\xfcodec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-05 21:11 . 2007-12-29 18:27 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-01-05 21:11 . 2009-02-27 21:58 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-01-05 21:11 . 2007-12-29 18:27 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-01-05 15:04 . 2007-12-29 18:27 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-12-04 23:59 . 2011-12-05 00:00 6071056 ----a-w- c:\windows\uninst.exe
2011-12-03 09:07 . 2011-12-03 09:07 22032 ----a-w- c:\windows\DCEBoot.exe
2011-11-23 13:25 . 2004-08-10 11:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-11 11:56 . 2011-09-19 08:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-10 11:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-10 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2005-03-30 01:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2005-03-30 01:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 08:18 . 2008-12-25 14:15 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-10-14 23:38 . 2004-08-10 11:00 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2007-12-27 04:11 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-08 04:50 . 2011-01-08 00:56 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-10-08 04:50 . 2011-01-08 00:56 602432 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-10-08 04:50 . 2011-01-08 00:56 298304 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-08 04:50 . 2011-01-08 00:56 220992 ----a-w- c:\windows\system32\nvcolor.exe
2011-10-08 04:50 . 2011-01-08 00:56 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-08 04:50 . 2011-01-08 00:56 16744256 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-08 04:50 . 2010-12-25 17:20 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-08 04:50 . 2010-12-25 17:20 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-08 04:50 . 2010-12-25 17:20 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-08 04:50 . 2010-12-25 17:20 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-08 04:50 . 2010-12-25 17:20 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-08 04:50 . 2010-12-25 17:20 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-08 04:50 . 2007-12-05 07:41 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-08 04:50 . 2007-12-05 07:41 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
2011-10-08 04:50 . 2007-12-05 07:41 2449408 ----a-w- c:\windows\system32\nvapi.dll
2011-10-08 04:50 . 2007-12-05 07:41 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2011-10-08 04:50 . 2007-12-05 07:41 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-11-21 04:04 . 2011-12-09 04:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-05_07.25.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-06 03:40 . 2012-01-06 03:40 16384 c:\windows\Temp\Perflib_Perfdata_4d0.dat
+ 2012-01-06 03:40 . 2012-01-06 03:40 16384 c:\windows\Temp\Perflib_Perfdata_440.dat
+ 2004-08-10 11:00 . 2012-01-05 11:51 72370 c:\windows\system32\perfc009.dat
- 2004-08-10 11:00 . 2011-12-31 04:56 72370 c:\windows\system32\perfc009.dat
+ 2011-12-25 09:49 . 2011-12-25 09:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2011-12-25 17:07 . 2011-12-25 17:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2011-07-08 19:00 . 2011-07-08 19:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2011-07-07 17:04 . 2011-07-07 17:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2011-12-25 04:55 . 2011-12-25 04:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2011-12-25 04:55 . 2011-12-25 04:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2011-07-07 17:04 . 2011-07-07 17:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2011-07-07 17:03 . 2011-07-07 17:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2011-12-25 04:55 . 2011-12-25 04:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2011-07-07 18:09 . 2011-07-07 18:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-12-25 05:49 . 2011-12-25 05:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2011-07-07 18:09 . 2011-07-07 18:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2011-12-25 05:49 . 2011-12-25 05:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2012-01-05 11:52 . 2012-01-05 11:52 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_3950e2fd\System.Drawing.Design.dll
+ 2012-01-05 11:52 . 2012-01-05 11:52 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_c3e085c2\CustomMarshalers.dll
+ 2012-01-05 12:17 . 2012-01-05 12:17 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-13 07:00 . 2011-10-13 07:00 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-05 11:52 . 2012-01-05 11:52 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-13 07:07 . 2011-10-13 07:07 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-13 07:07 . 2011-10-13 07:07 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2004-08-10 11:00 . 2012-01-05 11:51 444494 c:\windows\system32\perfh009.dat
- 2004-08-10 11:00 . 2011-12-31 04:56 444494 c:\windows\system32\perfh009.dat
+ 2011-12-25 09:49 . 2011-12-25 09:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2011-12-25 04:55 . 2011-12-25 04:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2011-07-07 17:04 . 2011-07-07 17:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2011-07-07 17:01 . 2011-07-07 17:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2011-12-25 04:53 . 2011-12-25 04:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2011-07-07 18:09 . 2011-07-07 18:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2011-12-25 05:49 . 2011-12-25 05:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2011-12-25 11:40 . 2011-12-25 11:40 819200 c:\windows\Installer\4e7f1f.msp
+ 2012-01-05 11:52 . 2012-01-05 11:52 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_af186d8e\System.Drawing.dll
+ 2012-01-05 11:52 . 2012-01-05 11:52 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b898fb8a\System.Drawing.Design.dll
+ 2012-01-05 11:52 . 2012-01-05 11:52 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_2423ff64\CustomMarshalers.dll
+ 2012-01-05 12:17 . 2012-01-05 12:17 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0bda7bdfaf440d5dd4bc6a1dea7ffa39\System.Web.Routing.ni.dll
+ 2012-01-05 12:17 . 2012-01-05 12:17 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll
+ 2012-01-05 12:17 . 2012-01-05 12:17 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll
+ 2012-01-05 12:17 . 2012-01-05 12:17 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll
+ 2012-01-05 12:17 . 2012-01-05 12:17 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\09c6a41f187ba483486cdb92dad714a1\System.Web.DynamicData.ni.dll
+ 2012-01-05 12:17 . 2012-01-05 12:17 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5efb726d424b9712632eff749411fa89\System.Web.Abstractions.ni.dll
+ 2012-01-05 11:51 . 2012-01-05 11:51 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3c272cad7afb127e2a2bdb8a5a808512\System.Runtime.Remoting.ni.dll
+ 2012-01-05 12:17 . 2012-01-05 12:17 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f374e8e7849a72d1470b4a6a0771a137\System.Data.Entity.Design.ni.dll
+ 2012-01-05 12:17 . 2012-01-05 12:17 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\439732479756e0f6df88d29e50a402bf\ServiceModelReg.ni.exe
+ 2012-01-05 12:17 . 2012-01-05 12:17 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bfcea15c95909860c4f4ac19bd7a2d6c\AspNetMMCExt.ni.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-05 11:51 . 2012-01-05 11:51 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-05 11:51 . 2012-01-05 11:51 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-12-25 09:50 . 2011-12-25 09:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-12-25 17:07 . 2011-12-25 17:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2011-12-25 17:06 . 2011-12-25 17:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2011-12-25 17:06 . 2011-12-25 17:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2011-07-08 18:59 . 2011-07-08 18:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2011-07-07 17:02 . 2011-07-07 17:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-12-25 04:54 . 2011-12-25 04:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2011-07-07 17:02 . 2011-07-07 17:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2011-12-25 04:53 . 2011-12-25 04:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2011-07-08 18:59 . 2011-07-08 18:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2011-12-25 17:06 . 2011-12-25 17:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2011-12-26 15:59 . 2011-12-26 15:59 4368896 c:\windows\Installer\4e7f00.msp
+ 2012-01-05 11:52 . 2012-01-05 11:52 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_7d938749\System.dll
+ 2012-01-05 11:52 . 2012-01-05 11:52 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_02f6cfe0\System.dll
+ 2012-01-05 11:53 . 2012-01-05 11:53 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_b48260e9\System.Xml.dll
+ 2012-01-05 11:52 . 2012-01-05 11:52 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_3f95316d\System.Xml.dll
+ 2012-01-05 11:52 . 2012-01-05 11:52 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_c3bf7b16\System.Windows.Forms.dll
+ 2012-01-05 11:53 . 2012-01-05 11:53 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_7df006c8\System.Windows.Forms.dll
+ 2012-01-05 11:53 . 2012-01-05 11:53 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_051ce07b\System.Drawing.dll
+ 2012-01-05 11:53 . 2012-01-05 11:53 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_69d36885\System.Design.dll
+ 2012-01-05 11:52 . 2012-01-05 11:52 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_4d5c3dad\System.Design.dll
+ 2012-01-05 11:53 . 2012-01-05 11:53 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ec2ab789\mscorlib.dll
+ 2012-01-05 11:52 . 2012-01-05 11:52 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_675ae8a8\mscorlib.dll
+ 2012-01-05 12:18 . 2012-01-05 12:18 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll
+ 2012-01-05 12:18 . 2012-01-05 12:18 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll
+ 2012-01-05 12:17 . 2012-01-05 12:17 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll
+ 2012-01-05 12:17 . 2012-01-05 12:17 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll
+ 2012-01-05 11:52 . 2012-01-05 11:52 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
+ 2012-01-05 12:17 . 2012-01-05 12:17 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll
+ 2012-01-05 12:17 . 2012-01-05 12:17 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c8f78b9e94857fdf6c2a378dd1629ee0\System.Web.Extensions.ni.dll
+ 2012-01-05 12:17 . 2012-01-05 12:17 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b024162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll
+ 2012-01-05 12:17 . 2012-01-05 12:17 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll
+ 2012-01-05 12:17 . 2012-01-05 12:17 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f35064c125799df650c1a959d8fa450b\System.Data.Services.ni.dll
+ 2012-01-05 12:17 . 2012-01-05 12:17 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll
+ 2012-01-05 11:51 . 2012-01-05 11:51 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-08 07:02 . 2010-10-08 07:02 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-05 11:52 . 2012-01-05 11:52 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-10-13 07:07 . 2011-10-13 07:07 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-01-05 11:50 . 2012-01-05 11:50 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-05 11:51 . 2012-01-05 11:51 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-08-11 07:09 . 2011-10-13 07:07 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-08-11 07:09 . 2011-10-13 07:07 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-08-11 07:09 . 2012-01-05 11:50 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-05 11:52 . 2012-01-05 11:52 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2011-10-13 07:00 . 2011-10-13 07:00 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-01-05 11:52 . 2012-01-05 11:52 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-05 11:52 . 2012-01-05 11:52 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-12-26 23:02 . 2011-12-26 23:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp
+ 2011-12-26 15:02 . 2011-12-26 15:02 19677184 c:\windows\Installer\4e7f19.msp
+ 2012-01-05 11:52 . 2012-01-05 11:52 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
+ 2012-01-05 12:17 . 2012-01-05 12:17 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll
+ 2012-01-05 11:52 . 2012-01-05 11:52 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9e15d80ffb037e9171fa4bd2e0233497\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-20 4616064]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-26 95632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-07 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-17 2042208]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-26 54672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Configuration Utility HW.14.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2006-12-22 598016]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-12-20 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-21 19:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Austin^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Austin\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-12-24 23:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-26 02:42 95632 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-10-21 08:18 3077528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\gPotato.com\\Allods Online\\bin\\Launcher.broken.exe.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Austin\\Local Settings\\Application Data\\Kamuse\\KCSTrayDownloader\\KCSTrayDownloaderEngine.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\fallout new vegas\\FalloutNVLauncher.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base19679\\SC2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOps.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Giants\\Giants.exe"=
"c:\\Program Files\\Hi-Rez Studios\\games\\tribes alpha\\Binaries\\Win32\\TribesAscend.exe"=
"c:\\Program Files\\Atari\\DnDNWNC\\Neverwinter Nights II\\nwn2main.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"56259:TCP"= 56259:TCP:Pando Media Booster
"56259:UDP"= 56259:UDP:Pando Media Booster
"56269:TCP"= 56269:TCP:Pando Media Booster
"56269:UDP"= 56269:UDP:Pando Media Booster
"59000:TCP"= 59000:TCP:Pando Media Booster
"59000:UDP"= 59000:UDP:Pando Media Booster
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/11/2010 1:34 AM 218592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/18/2009 1:41 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/18/2009 1:41 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 12:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 11:48 AM 116608]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/21/2009 1:57 PM 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [7/11/2010 1:34 AM 112592]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\Hi-Rez Studios\HiPatchService.exe [12/25/2011 2:31 AM 8704]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/30/2011 11:32 AM 652872]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8/12/2011 6:14 PM 2253120]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/11/2008 7:38 PM 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/30/2011 11:31 AM 20464]
S2 NetworkLog;NetworkLog;c:\windows\svcs.exe --> c:\windows\svcs.exe [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [9/2/2010 1:27 PM 14424]
S3 RTL8187B;TRENDnet TEW-424UB Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [1/4/2008 5:35 PM 189312]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/11/2010 1:34 AM 366840]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [3/24/2006 1:00 AM 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [9/29/2006 1:01 AM 500480]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 XDva248;XDva248;\??\c:\windows\system32\XDva248.sys --> c:\windows\system32\XDva248.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S3 xspirit;xspirit;\??\c:\docume~1\Austin\LOCALS~1\Temp\xspirit.sys --> c:\docume~1\Austin\LOCALS~1\Temp\xspirit.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php
uInternet Settings,ProxyOverride = <local>;*.local
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: ijji.com\gunz
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Austin\Application Data\Mozilla\Firefox\Profiles\lkte4da3.Overkill\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-05 21:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-790525478-484763869-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4e,42,6a,70,dd,98,83,db,9a,e5,30,74,5c,44,b5,78,7f,ee,10,8a,ed,59,1d,
97,9b,ec,51,5f,4a,a7,94,53,2f,47,19,ba,9a,f3,16,1c,f2,8a,e3,2f,e5,ac,ff,a4,\
"??"=hex:b5,51,b7,44,0f,48,fc,32,4e,b4,82,86,df,98,4b,0d
.
[HKEY_USERS\S-1-5-21-790525478-484763869-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:14,e3,e4,15,b6,bd,2d,8d,ff,86,27,50,39,85,76,05,16,bb,15,76,99,
83,7d,a3,35,7d,0a,b5,b3,58,15,82,27,a7,73,ca,37,f6,f4,71,c9,9b,94,2d,37,08,\
"rkeysecu"=hex:02,d9,ed,d4,e7,c8,89,07,76,e0,2e,93,a9,07,bb,25
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(924)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\System32\BCMLogon.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2012-01-05 21:58:47
ComboFix-quarantined-files.txt 2012-01-06 03:58
ComboFix2.txt 2012-01-05 10:44
ComboFix3.txt 2012-01-05 07:31
.
Pre-Run: 50,510,159,872 bytes free
Post-Run: 50,525,667,328 bytes free
.
- - End Of File - - 78CAD0634A655E5E91D9A2AA5EA4CC98

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 PM

Posted 05 January 2012 - 11:20 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Showme1

Showme1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 05 January 2012 - 11:33 PM

Ok, here's the log from that

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-05 22:31:42
-----------------------------
22:31:42.609 OS Version: Windows 5.1.2600 Service Pack 3
22:31:42.609 Number of processors: 2 586 0xF0B
22:31:42.609 ComputerName: OVERKILL UserName: Austin
22:31:43.765 Initialize success
22:31:54.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:31:54.875 Disk 0 Vendor: ST3320620AS 3.ADG Size: 305245MB BusType: 3
22:31:54.890 Disk 0 MBR read successfully
22:31:54.890 Disk 0 MBR scan
22:31:54.890 Disk 0 Windows XP default MBR code
22:31:54.890 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
22:31:54.890 Disk 0 scanning sectors +625121280
22:31:54.953 Disk 0 scanning C:\WINDOWS\system32\drivers
22:32:01.406 Service scanning
22:32:02.421 Modules scanning
22:32:06.812 Disk 0 trace - called modules:
22:32:06.828 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys PCTCore.sys sfsync02.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:32:06.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b1f6ab8]
22:32:06.828 3 CLASSPNP.SYS[b8118fd7] -> nt!IofCallDriver -> [0x8b237920]
22:32:06.828 5 PCTCore.sys[b7e95eae] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b1fbb00]
22:32:06.828 \Driver\atapi[0x8b245f38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xb80e98b4]
22:32:06.828 Scan finished successfully
22:32:22.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Austin\Desktop\MBR.dat"
22:32:22.671 The log file has been saved successfully to "C:\Documents and Settings\Austin\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 PM

Posted 05 January 2012 - 11:47 PM

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Showme1

Showme1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 06 January 2012 - 12:06 AM

MiniToolBox by Farbar
Ran by Austin (administrator) on 05-01-2012 at 23:04:09
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Disconnected)
ASUS 802.11g Network Adapter = Wireless Network Connection 5 (Disconnected)
Intel® 82566DC-2 Gigabit Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : overkill

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® 82566DC-2 Gigabit Network Connection

Physical Address. . . . . . . . . : 00-1D-09-1B-E6-E4

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::21d:9ff:fe1b:e6e4%4

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled

Lease Obtained. . . . . . . . . . : Thursday, January 05, 2012 10:00:05 PM

Lease Expires . . . . . . . . . . : Friday, January 06, 2012 10:00:05 PM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-FB-E7-52-62-7A-B7

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 2001:0:4137:9e76:0:fbe7:5262:7ab7

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

Default Gateway . . . . . . . . . : ::

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-01-65

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.101%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.116, 74.125.225.114, 74.125.225.115, 74.125.225.112
74.125.225.113



Pinging google.com [74.125.225.116] with 32 bytes of data:



Reply from 74.125.225.116: bytes=32 time=74ms TTL=53

Reply from 74.125.225.116: bytes=32 time=104ms TTL=53



Ping statistics for 74.125.225.116:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 74ms, Maximum = 104ms, Average = 89ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.137.149.56, 98.139.180.149, 209.191.122.70, 72.30.2.43



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=194ms TTL=46

Reply from 209.191.122.70: bytes=32 time=132ms TTL=46



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 132ms, Maximum = 194ms, Average = 163ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 09 1b e6 e4 ...... Intel® 82566DC-2 Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.101 192.168.1.101 20
192.168.1.0 255.255.255.0 192.168.1.101 192.168.1.101 20
192.168.1.101 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.101 192.168.1.101 20
224.0.0.0 240.0.0.0 192.168.1.101 192.168.1.101 20
255.255.255.255 255.255.255.255 192.168.1.101 192.168.1.101 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [321464] (PC Tools Research Pty Ltd.)
Catalog9 02 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [321464] (PC Tools Research Pty Ltd.)
Catalog9 03 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [321464] (PC Tools Research Pty Ltd.)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [321464] (PC Tools Research Pty Ltd.)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/05/2012 09:37:50 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/05/2012 09:37:50 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/05/2012 09:37:50 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/05/2012 09:37:50 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/05/2012 09:37:49 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/05/2012 09:37:48 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/05/2012 09:37:48 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/05/2012 09:37:47 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally

Error: (01/05/2012 04:22:50 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/05/2012 04:22:50 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (01/05/2012 09:40:32 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avg7Core
Avg7RsW
Avg7RsXP
AvgClean

Error: (01/05/2012 09:40:32 PM) (Source: Service Control Manager) (User: )
Description: The Broadcom Netgroup Packet Filter service failed to start due to the following error:
%%2

Error: (01/05/2012 09:40:32 PM) (Source: Service Control Manager) (User: )
Description: The AVG Network Redirector service failed to start due to the following error:
%%2

Error: (01/05/2012 09:40:32 PM) (Source: Service Control Manager) (User: )
Description: The AVG E-mail Scanner service failed to start due to the following error:
%%2

Error: (01/05/2012 09:40:32 PM) (Source: Service Control Manager) (User: )
Description: The AVG7 Alert Manager Server service failed to start due to the following error:
%%2

Error: (01/05/2012 01:00:38 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avg7Core
Avg7RsW
Avg7RsXP
AvgClean

Error: (01/05/2012 01:00:38 AM) (Source: Service Control Manager) (User: )
Description: The MicroSoft Team Engine service terminated with the following error:
%%126

Error: (01/05/2012 01:00:38 AM) (Source: Service Control Manager) (User: )
Description: The Broadcom Netgroup Packet Filter service failed to start due to the following error:
%%2

Error: (01/05/2012 01:00:38 AM) (Source: Service Control Manager) (User: )
Description: The AVG Network Redirector service failed to start due to the following error:
%%2

Error: (01/05/2012 01:00:38 AM) (Source: Service Control Manager) (User: )
Description: The AVG E-mail Scanner service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

**** End of log ****

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 PM

Posted 06 January 2012 - 12:10 AM

After you have run these steps - you need to let me know how the computer is doing

Resetting Router


  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you donít know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Showme1

Showme1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 06 January 2012 - 12:40 AM

Ok, I followed all the steps provided, connection seems slightly faster, but it still stops at NetBT when trying to repair via the icon on the bar, and due to me being a fool, the website that I was using as a gauge to see if it was still blocking websites is apparently down. I checked it with another computer and it did exactly the same thing, so I think the site is just.. not functioning at the moment.

Here is the log
Windows IP Configuration



Host Name . . . . . . . . . . . . : overkill

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® 82566DC-2 Gigabit Network Connection

Physical Address. . . . . . . . . : 00-1D-09-1B-E6-E4

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::21d:9ff:fe1b:e6e4%4

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled

Lease Obtained. . . . . . . . . . : Thursday, January 05, 2012 10:00:05 PM

Lease Expires . . . . . . . . . . : Friday, January 06, 2012 10:00:05 PM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-00

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-01-65

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.101%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.113, 74.125.225.116, 74.125.225.114, 74.125.225.112
74.125.225.115

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 98.139.180.149, 209.191.122.70



Pinging google.com [74.125.225.113] with 32 bytes of data:



Reply from 74.125.225.113: bytes=32 time=92ms TTL=52

Reply from 74.125.225.113: bytes=32 time=81ms TTL=52



Ping statistics for 74.125.225.113:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 81ms, Maximum = 92ms, Average = 86ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=98ms TTL=46

Reply from 209.191.122.70: bytes=32 time=112ms TTL=46



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 98ms, Maximum = 112ms, Average = 105ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 09 1b e6 e4 ...... Intel® 82566DC-2 Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.101 192.168.1.101 20
192.168.1.0 255.255.255.0 192.168.1.101 192.168.1.101 20
192.168.1.101 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.101 192.168.1.101 20
224.0.0.0 240.0.0.0 192.168.1.101 192.168.1.101 20
255.255.255.255 255.255.255.255 192.168.1.101 192.168.1.101 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users