Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Rootkit.ZeroAccess/Virus.win32.ZAcess.c


  • Please log in to reply
50 replies to this topic

#1 CrazyPimaCrew

CrazyPimaCrew

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 10 February 2012 - 03:18 PM

I get redirects while doing searches on the internet. I have ran Spybot S & D, Malewarebytes Anti-Malware, and ComboFix. So far I haven't been able to remove it.

ComboFix gives me a message that it is Rootkit.Access and that it has inserted itself into the tcp/ip stack and that it is difficult to remove. I've tried running combo fix several times, but get the same message.

When I ran TDSS Killer, I got the message that i had the virus.Win32.ZAccess.c

I am unable to attach the GMER file because the program crashes before it can get through the scanning. The last time it crashe it said that "1etjo2iZ.exe has encountered an error and needs to close. The other error I got was a Microsoft Visual C++ Runtime Library Error for Program C:\Windows\System32\ping.exe - The application has requested the Runtime to terminate in an unusual way.

Below is my DDS. TXT log. I am also attaching the Attach.txt file created by DDS,and the ComboFix file ComboFix.txt and the TDSS Killer Txt file.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by CKC at 11:57:12 on 2012-02-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2473 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OEM13Mon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Palm\Hotsync.exe
svchost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Cummins Inc\UpdateManager\UpdateService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: mswsock.dll
Trusted Zone: samsungsetup.com\www
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5B8E89A1-828E-4A4F-99FD-157FDA0D77A7} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E7DFDCBD-9390-4577-A258-044F9C55177F} : NameServer = 24.116.2.50,24.116.2.34
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ckc\application data\mozilla\firefox\profiles\uw6df8i5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/news?hl=&q=&sourceid=navclient-ff&rlz=1R0MOZA_en&ie=UTF-8
FF - prefs.js: keyword.URL - hxxp://ib.startnow.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z057&partner_id=333&product_id=706&affiliate_id=&channel=DPGL18&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110720&user_guid=5793B500E16E4BFBA1B6BEA825A97D1F&machine_id=8fc0a0f328f91d69b38ab340022ceff3&browser=FF&os=win&os_version=5.1-x86-SP3&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\ckc\application data\mozilla\firefox\profiles\uw6df8i5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\ckc\application data\mozilla\firefox\profiles\uw6df8i5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Tab Control: {39952c40-5197-11da-8cd6-0800200c9a66} - %profile%\extensions\{39952c40-5197-11da-8cd6-0800200c9a66}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WindowShopper: superfish@superfish.com - %profile%\extensions\superfish@superfish.com
.
============= SERVICES / DRIVERS ===============
.
R2 CumminsUpdateService;Cummins Update Service;c:\program files\cummins inc\updatemanager\UpdateService.exe [2010-11-18 10752]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2009-6-11 44800]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-6-11 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-6-11 41760]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2009-6-11 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2009-6-11 235840]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-19 136176]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-6-11 112512]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-19 136176]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-3-1 9216]
S3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2009-6-11 141376]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2010-5-27 54416]
S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\drivers\PTUMWCSP.sys [2010-5-27 160400]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2010-5-27 12048]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2010-5-27 160400]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2010-5-27 114192]
S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\drivers\PTUMWNSP.sys [2010-5-27 160400]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2010-5-27 160400]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
S3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\drivers\ZTEusbgps.sys [2011-3-1 105856]
S3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\drivers\ZTEusbnmeaext.sys [2011-3-1 105856]
.
=============== Created Last 30 ================
.
2012-02-10 17:09:59 -------- d-----w- C:\ComboFix
2012-02-10 16:39:07 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-10 01:05:04 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-10 01:03:18 -------- d-sha-r- C:\cmdcons
2012-02-10 01:00:55 98816 ----a-w- c:\windows\sed.exe
2012-02-10 01:00:55 518144 ----a-w- c:\windows\SWREG.exe
2012-02-10 01:00:55 256000 ----a-w- c:\windows\PEV.exe
2012-02-10 01:00:55 208896 ----a-w- c:\windows\MBR.exe
2012-02-08 23:53:26 -------- d-----w- c:\windows\system32\appmgmt
2012-02-08 19:35:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-08 19:35:27 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-02-08 18:47:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-08 18:27:17 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-08 18:20:49 -------- d-----w- c:\documents and settings\ckc\application data\Malwarebytes
2012-02-08 18:20:40 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-08 18:20:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-08 18:20:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
.
==================== Find3M ====================
.
2012-02-09 21:18:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:29:56 1868544 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xA1C18FC0]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8ACDB770]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x87875408]
\Driver\00002625[0x89BDA830] -> IRP_MJ_CREATE -> 0xA1C18FC0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 11:58:02.28 ===============

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:54 AM

Posted 13 February 2012 - 11:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    i8042prt.sys
    cdrom.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Please post the logs for my review.

#3 CrazyPimaCrew

CrazyPimaCrew
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 13 February 2012 - 12:23 PM

Nasdaq,

Thanks for your help. I've attached the MBR.dat zipped file. Below is the aswMBR Results:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-13 10:13:55
-----------------------------
10:13:55.750 OS Version: Windows 5.1.2600 Service Pack 3
10:13:55.750 Number of processors: 2 586 0x170A
10:13:55.750 ComputerName: CKC_NB UserName: CKC
10:13:59.906 Initialize success
10:14:38.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:14:38.984 Disk 0 Vendor: Size: 0MB BusType: 0
10:14:39.015 Disk 0 MBR read successfully
10:14:39.031 Disk 0 MBR scan
10:14:39.031 Disk 0 Windows VISTA default MBR code
10:14:39.031 Disk 0 MBR hidden
10:14:39.062 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
10:14:39.093 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238434 MB offset 81920
10:14:39.250 Disk 0 scanning C:\WINDOWS\system32\drivers
10:15:11.062 File: C:\WINDOWS\system32\drivers\redbook.sys **SUSPICIOUS**
10:15:24.546 Disk 0 trace - called modules:
10:15:24.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x9c2acfc0]<<
10:15:24.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af9b770]
10:15:24.593 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a025da8]
10:15:24.593 \Driver\00001472[0x89de2340] -> IRP_MJ_CREATE -> 0x9c2acfc0
10:15:24.609 Scan finished successfully
10:16:14.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\CKC\Desktop\MBR.dat"
10:16:14.546 The log file has been saved successfully to "C:\Documents and Settings\CKC\Desktop\aswMBR.txt"

Here are the results from the SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 10:17 on 13/02/2012 by CKC
Administrator - Elevation successful

========== filefind ==========

Searching for "i8042prt.sys"
C:\Documents and Settings\CKC\Application Data\FixTDSS\Archive\i8042prt.sys --a---- 52480 bytes [15:25 13/02/2012] [20:27 10/02/2012] 4A0B06AA8943C1E332520F7440C0AA30
C:\WINDOWS\system32\dllcache\i8042prt.sys --a--c- 52480 bytes [22:01 11/06/2009] [12:48 14/04/2008] 4A0B06AA8943C1E332520F7440C0AA30
C:\WINDOWS\system32\drivers\i8042prt.sys --a---- 52480 bytes [01:05 10/02/2012] [20:27 10/02/2012] 4A0B06AA8943C1E332520F7440C0AA30

Searching for "cdrom.sys"
No files found.

-= EOF =-

Thanks again.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:54 AM

Posted 13 February 2012 - 01:29 PM

The MBR IS Exactly what I was looking for.

Now run the aswMBR.exe tool. Select the Fix button.

Important > you need to wait for the tool to report ... Infection fixed successfully
Do not reboot the machine until it has said so.

When you see the message restart the computer normally.

Run aswBMR.exe normally again and post the log for my review.

#5 CrazyPimaCrew

CrazyPimaCrew
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 13 February 2012 - 01:40 PM

Nasdaq,

Here is the new log after following your instructions.


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-13 11:36:19
-----------------------------
11:36:19.796 OS Version: Windows 5.1.2600 Service Pack 3
11:36:19.796 Number of processors: 2 586 0x170A
11:36:19.796 ComputerName: CKC_NB UserName: CKC
11:36:21.953 Initialize success
11:36:31.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:36:31.406 Disk 0 Vendor: Size: 0MB BusType: 0
11:36:31.437 Disk 0 MBR read successfully
11:36:31.437 Disk 0 MBR scan
11:36:31.437 Disk 0 Windows VISTA default MBR code
11:36:31.437 Disk 0 MBR hidden
11:36:31.437 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:36:31.453 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238434 MB offset 81920
11:36:31.515 Disk 0 scanning C:\WINDOWS\system32\drivers
11:36:39.265 File: C:\WINDOWS\system32\drivers\i8042prt.sys **SUSPICIOUS**
11:36:46.843 Disk 0 trace - called modules:
11:36:46.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xba30bfc0]<<
11:36:46.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b2c1030]
11:36:46.875 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x89fca2d0]
11:36:46.875 \Driver\00002402[0x8a0f7268] -> IRP_MJ_CREATE -> 0xba30bfc0
11:36:46.890 Scan finished successfully
11:37:00.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\CKC\Desktop\MBR.dat"
11:37:00.781 The log file has been saved successfully to "C:\Documents and Settings\CKC\Desktop\aswMBR.txt"

Thanks.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:54 AM

Posted 14 February 2012 - 08:34 AM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

#7 CrazyPimaCrew

CrazyPimaCrew
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 14 February 2012 - 11:30 AM

Here is the Combofix Log. Thanks for your help.

ComboFix 12-02-13.01 - CKC 02/14/2012 9:08.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2636 [GMT -7:00]
Running from: c:\documents and settings\CKC\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB27692$\1780049217
c:\windows\$NtUninstallKB27692$\181102311\@
c:\windows\$NtUninstallKB27692$\181102311\cfg.ini
c:\windows\$NtUninstallKB27692$\181102311\Desktop.ini
c:\windows\$NtUninstallKB27692$\181102311\L\rohepcid
c:\windows\$NtUninstallKB27692$\181102311\U\00000001.@
c:\windows\$NtUninstallKB27692$\181102311\U\00000002.@
c:\windows\$NtUninstallKB27692$\181102311\U\00000004.@
c:\windows\$NtUninstallKB27692$\181102311\U\80000000.@
c:\windows\$NtUninstallKB27692$\181102311\U\80000004.@
c:\windows\$NtUninstallKB27692$\181102311\U\80000032.@
c:\windows\$NtUninstallKB27692$\181102311\version
.
Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - The cat found it :)
c:\windows\system32\drivers\cdrom.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-01-14 to 2012-02-14 )))))))))))))))))))))))))))))))
.
.
2012-02-14 16:01 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-13 15:25 . 2012-02-13 15:25 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-02-13 15:25 . 2012-02-13 15:25 -------- d-----w- c:\documents and settings\CKC\Application Data\FixTDSS
2012-02-10 20:23 . 2012-02-10 20:23 -------- d-----w- c:\documents and settings\CKC\Local Settings\Application Data\PCHealth
2012-02-10 16:39 . 2012-02-13 19:10 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-10 01:05 . 2012-02-13 19:06 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-10 00:20 . 2012-02-13 17:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-02-08 19:35 . 2012-02-13 21:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-08 19:35 . 2012-02-13 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-02-08 18:47 . 2012-02-13 19:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-08 18:27 . 2012-02-14 15:51 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-08 18:20 . 2012-02-08 18:20 -------- d-----w- c:\documents and settings\CKC\Application Data\Malwarebytes
2012-02-08 18:20 . 2012-02-08 18:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-08 18:20 . 2012-02-08 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-08 18:20 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-13 23:45 . 2008-04-25 09:24 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-02-09 21:18 . 2011-05-26 14:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-02 22:11 . 2012-01-02 22:11 0 ---ha-w- c:\documents and settings\CKC\Local Settings\Application Data\BIT8.tmp
2011-11-25 21:57 . 2008-04-25 16:16 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:29 . 2008-04-25 16:16 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-25 16:16 60416 ----a-w- c:\windows\system32\packager.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-10_15.29.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-14 16:19 . 2012-02-14 16:19 16384 c:\windows\Temp\Perflib_Perfdata_618.dat
- 2008-04-25 16:16 . 2008-04-14 12:00 23040 c:\windows\system32\mciseq.dll
+ 2008-04-25 16:16 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
+ 2003-08-18 21:26 . 2003-08-18 21:26 25872 c:\windows\system32\FM20ENU.DLL
- 2008-04-25 16:16 . 2012-02-10 00:53 75264 c:\windows\system32\drivers\ipsec.sys
+ 2008-04-25 16:16 . 2008-04-14 12:00 75264 c:\windows\system32\drivers\ipsec.sys
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2008-04-25 16:16 . 2008-04-14 12:00 75264 c:\windows\system32\dllcache\ipsec.sys
- 2001-01-22 10:25 . 2001-01-22 10:25 32768 c:\windows\system32\ATHPRXY.DLL
+ 2004-01-29 14:08 . 2004-01-29 14:08 32768 c:\windows\system32\ATHPRXY.DLL
+ 2005-11-14 23:38 . 2005-11-14 23:38 72192 c:\windows\Installer\f734d7.msp
- 2009-06-17 19:55 . 2009-06-17 19:55 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-06-17 19:55 . 2012-02-13 23:42 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2009-06-17 19:55 . 2009-06-17 19:55 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-06-17 19:55 . 2012-02-13 23:42 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-06-17 19:55 . 2012-02-13 23:42 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2009-06-17 19:55 . 2009-06-17 19:55 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2009-06-17 19:55 . 2009-06-17 19:55 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-06-17 19:55 . 2012-02-13 23:42 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2009-06-17 19:55 . 2009-06-17 19:55 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-06-17 19:55 . 2012-02-13 23:42 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-06-17 19:55 . 2012-02-13 23:42 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2009-06-17 19:55 . 2009-06-17 19:55 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-06-17 19:55 . 2012-02-13 23:42 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2009-06-17 19:55 . 2009-06-17 19:55 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-06-17 19:55 . 2012-02-13 23:42 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2009-06-17 19:55 . 2009-06-17 19:55 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2009-06-17 19:55 . 2009-06-17 19:55 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-06-17 19:55 . 2012-02-13 23:42 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2009-06-17 19:55 . 2009-06-17 19:55 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-06-17 19:55 . 2012-02-13 23:42 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-04-25 16:16 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
- 2008-04-25 16:16 . 2008-04-14 12:00 176128 c:\windows\system32\winmm.dll
+ 2008-04-25 16:16 . 2011-11-16 14:21 354816 c:\windows\system32\winhttp.dll
- 2008-04-25 16:16 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2008-04-25 16:16 . 2011-11-16 14:21 152064 c:\windows\system32\schannel.dll
+ 2008-04-25 16:16 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
- 2008-04-25 16:16 . 2008-04-14 12:00 386048 c:\windows\system32\qdvd.dll
+ 2010-12-22 18:35 . 2012-02-14 16:19 224258 c:\windows\system32\inetsrv\MetaBase.bin
- 2010-12-22 18:35 . 2012-02-10 15:27 224258 c:\windows\system32\inetsrv\MetaBase.bin
- 2010-06-18 17:45 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-06-18 17:45 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
- 2009-08-04 15:21 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2009-08-04 15:21 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2009-06-11 15:06 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2011-11-03 15:28 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2008-04-25 16:16 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
- 2009-06-11 15:08 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-07-23 06:20 . 2008-07-23 06:20 110592 c:\windows\Installer\f73524.msp
+ 2009-04-20 21:59 . 2009-04-20 21:59 219648 c:\windows\Installer\f734fd.msp
+ 2009-11-05 21:21 . 2009-11-05 21:21 537600 c:\windows\Installer\f734af.msp
+ 2010-11-16 19:54 . 2010-11-16 19:54 906240 c:\windows\Installer\f7337d.msp
- 2009-06-17 19:55 . 2009-06-17 19:55 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2009-06-17 19:55 . 2012-02-13 23:42 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2009-06-17 19:55 . 2009-06-17 19:55 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-06-17 19:55 . 2012-02-13 23:42 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-04-25 16:16 . 2011-11-03 15:28 1292288 c:\windows\system32\quartz.dll
+ 2009-08-20 22:09 . 2009-08-20 22:09 1193832 c:\windows\system32\FM20.DLL
+ 2009-06-11 15:06 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2008-09-04 22:52 . 2008-09-04 22:52 4337664 c:\windows\Installer\f734ea.msp
+ 2010-08-09 23:44 . 2010-08-09 23:44 3778048 c:\windows\Installer\f734c3.msp
+ 2010-01-11 23:35 . 2010-01-11 23:35 4480000 c:\windows\Installer\f73482.msp
+ 2006-02-27 23:31 . 2006-02-27 23:31 1269248 c:\windows\Installer\f7346e.msp
+ 2010-10-04 20:59 . 2010-10-04 20:59 8300032 c:\windows\Installer\f7345b.msp
+ 2006-03-28 22:37 . 2006-03-28 22:37 6956032 c:\windows\Installer\f73448.msp
+ 2006-08-30 00:50 . 2006-08-30 00:50 3210240 c:\windows\Installer\f73432.msp
+ 2010-08-27 20:36 . 2010-08-27 20:36 2807296 c:\windows\Installer\f7341e.msp
+ 2004-03-10 16:13 . 2004-03-10 16:13 2602496 c:\windows\Installer\f7340b.msp
+ 2010-08-18 17:19 . 2010-08-18 17:19 8400896 c:\windows\Installer\f733f8.msp
+ 2004-09-13 07:35 . 2004-09-13 07:35 1452544 c:\windows\Installer\f733e4.msp
+ 2009-08-20 22:27 . 2009-08-20 22:27 3622400 c:\windows\Installer\f73391.msp
+ 2011-04-28 19:23 . 2011-04-28 19:23 9607680 c:\windows\Installer\f73364.msp
+ 2011-02-25 21:25 . 2011-02-25 21:25 7968256 c:\windows\Installer\f7334f.msp
+ 2010-05-24 20:54 . 2010-05-24 20:54 6704640 c:\windows\Installer\f73325.msp
+ 2009-09-02 15:25 . 2012-02-10 20:23 52128560 c:\windows\system32\MRT.exe
+ 2011-04-28 02:21 . 2011-04-28 02:21 17515520 c:\windows\Installer\f73511.msp
+ 2005-09-25 18:46 . 2005-09-25 18:46 16084480 c:\windows\Installer\f7349b.msp
+ 2009-07-20 19:03 . 2009-07-20 19:03 16465408 c:\windows\Installer\f7333a.msp
+ 2004-01-30 10:19 . 2004-01-30 10:19 56269996 c:\windows\Installer\4e3c05.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2008-12-19 00:12 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2008-12-19 00:12 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-24 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-22 729088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-18 150040]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2009-01-19 36864]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-12 2220032]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-16 417792]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-02-15 520192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeTPMAuth]
2008-12-19 23:58 184320 ----a-w- c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 18:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmbassySecurityCheck]
2009-01-21 01:09 95544 ----a-w- c:\program files\Wave Systems Corp\EMBASSY Security Setup\EmbassySecurityCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2009-01-21 01:12 656696 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Palm\\Hotsync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"62177:TCP"= 62177:TCP:Justin Port
"3395:TCP"= 3395:TCP:RD Port
.
R2 CumminsUpdateService;Cummins Update Service;c:\program files\Cummins Inc\UpdateManager\UpdateService.exe [11/18/2010 10:34 AM 10752]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6/11/2009 10:58 AM 44800]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [6/11/2009 10:58 AM 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [6/11/2009 10:58 AM 41760]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [6/11/2009 10:58 AM 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [6/11/2009 10:58 AM 235840]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/19/2011 6:40 AM 136176]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/11/2009 10:58 AM 112512]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/19/2011 6:40 AM 136176]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [3/1/2011 2:07 PM 9216]
S3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [6/11/2009 10:58 AM 141376]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [5/27/2010 9:52 AM 54416]
S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\drivers\PTUMWCSP.sys [5/27/2010 9:53 AM 160400]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [5/27/2010 9:53 AM 12048]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [5/27/2010 9:53 AM 160400]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [5/27/2010 9:53 AM 114192]
S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\drivers\PTUMWNSP.sys [5/27/2010 9:53 AM 160400]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [5/27/2010 9:53 AM 160400]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [4/14/2010 8:29 PM 32408]
S3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\drivers\ZTEusbgps.sys [3/1/2011 2:07 PM 105856]
S3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\drivers\ZTEusbnmeaext.sys [3/1/2011 2:07 PM 105856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ASFWHide
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-19 13:39]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-19 13:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E7DFDCBD-9390-4577-A258-044F9C55177F}: NameServer = 24.116.2.50,24.116.2.34
FF - ProfilePath - c:\documents and settings\CKC\Application Data\Mozilla\Firefox\Profiles\uw6df8i5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/news?hl=&q=&sourceid=navclient-ff&rlz=1R0MOZA_en&ie=UTF-8
FF - prefs.js: keyword.URL - hxxp://ib.startnow.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z057&partner_id=333&product_id=706&affiliate_id=&channel=DPGL18&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110720&user_guid=5793B500E16E4BFBA1B6BEA825A97D1F&machine_id=8fc0a0f328f91d69b38ab340022ceff3&browser=FF&os=win&os_version=5.1-x86-SP3&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Tab Control: {39952c40-5197-11da-8cd6-0800200c9a66} - %profile%\extensions\{39952c40-5197-11da-8cd6-0800200c9a66}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WindowShopper: superfish@superfish.com - %profile%\extensions\superfish@superfish.com
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-09784844.sys
SafeBoot-80902774.sys
SafeBoot-97948853.sys
SafeBoot-99295813.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-14 09:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB27692$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(632)
c:\windows\system32\wvauth.dll
.
- - - - - - - > 'explorer.exe'(2832)
c:\windows\system32\WININET.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
.
**************************************************************************
.
Completion time: 2012-02-14 09:22:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-14 16:22
ComboFix2.txt 2012-02-10 17:47
ComboFix3.txt 2012-02-10 16:58
ComboFix4.txt 2012-02-10 15:31
.
Pre-Run: 212,247,388,160 bytes free
Post-Run: 212,742,414,336 bytes free
.
- - End Of File - - 25F48405F5FE17C5D2B0C2AEE6B8C082

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:54 AM

Posted 14 February 2012 - 02:17 PM

The Combofix log is clean.

By now you know that your cdrom.sys file is missing.

C:\windows\system32\drivers\cdrom.sys . . . is missing!!

You should see about getting a copy from the Manufacturer or your CD rom drive.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know what problem persists.

#9 CrazyPimaCrew

CrazyPimaCrew
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 14 February 2012 - 08:00 PM

Here is the original checkup.txt:

Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 30
Java™ 6 Update 7
Java version out of date!
Adobe Flash Player 10.3.183.11 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (3.6.26) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

Here is an updated checkup.txt after updated some of the outdated programs:


Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 30
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
Mozilla Firefox (10.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


I don't seem to be getting the redirects like I used to be on internet searches, however ComboFix is still telling me I have a rootkit virus as is TDSSKiller. I've attached the latest Combofix log as well as the screenshots from TDSSKiller.

Each time TDSSKiller says I have the Virus.Win32.ZAccess.c Malware when I run it. Whenever it tells me to cure the problem, it tells me it needs to reboot in order to cure it. After rebooting the same Virus.Win32.ZAccess.c shows up, but lists a different service.

Any help would be greatly appreciated, thanks for all you have done so far.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:54 AM

Posted 15 February 2012 - 10:19 AM

Lets check these files.
c:\windows\system32\drivers\cdrom.sys
C:\WINDOWS\system32\drivers\i8042prt.sys
c:\windows\system32\drivers\Afd.sys

>>> Run Jotti's malware scan: Please copy each line from the following (in bold):
c:\windows\system32\drivers\cdrom.sys
C:\WINDOWS\system32\drivers\i8042prt.sys
c:\windows\system32\drivers\Afd.sys

  • Go to Jotti's malware scan and click the Browse button,
  • A window will open, right-click in the File name field and choose Paste.
  • Click the Submit button and let the scan run uninterrupted.
  • At the end right-click the Permalink button and choose "Copy the link". Posted Image
  • Open Notepad (Start => All Programs => Accessories) and click "Edition" => "Paste".
    If more then one file submitted, return to the "Jotti's malware scan" window and click the "Next file" button to continue with the rest.
Please copy and paste these Permalinks in your next reply.
If Jotti is busy, please go to http://www.virustotal.com
===

Whenever it tells me to cure the problem, it tells me it needs to reboot in order to cure it. After rebooting the same Virus.Win32.ZAccess.c shows up, but lists a different service.

The virus may be hidden in a hidden partition.

Will run this tool for now. We may have to run a bigger tool.

Please download MiniToolBox to Desktop and run it.

Checkmark the following boxes:
  • Flush DNS
  • List content of Hosts
  • List IP Configuration
  • List Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size
Click Go and copy/paste the log (Result.txt) into your next post.

#11 CrazyPimaCrew

CrazyPimaCrew
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 15 February 2012 - 11:30 AM

Here are the permalinks:

http://virusscan.jotti.org/en/scanresult/6a842353cfe1ee9a40cecedc839847d105ae9425/f3a0346ed2f5dcf0d8b928ee1992161c08af38a1
http://virusscan.jotti.org/en/scanresult/8ede9a63a3eb54bad1fbe73deaa5a9cbe7e52931/14bd76e6793b89d1ee7a1f5d68ab8ae85d491b3c
http://virusscan.jotti.org/en/scanresult/b4b443e53a14a8fb758597cc7c84d11e2a3d98f7/e7ee94d0f391157f4931f99b9703ca5a2479e131

Here is the results from the mini tool box scan. I have also attached errors that popped up as I was attempting to do the scan.


MiniToolBox by Farbar Version: 18-01-2012
Ran by CKC (administrator) on 15-02-2012 at 09:17:38
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection 2 (Connected)
Dell Wireless 1397 WLAN Mini-Card = Wireless Network Connection (Connected)
Realtek RTL8168D(P)/8111D(P) PCI-E Gigabit Ethernet NIC = Local Area Connection (Media disconnected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.


Windows IP Configuration



Host Name . . . . . . . . . . . . : CKC_NB

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card

Physical Address. . . . . . . . . : 00-25-56-32-0C-1B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.234

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Wednesday, February 15, 2012 9:18:19 AM

Lease Expires . . . . . . . . . . : Wednesday, February 15, 2012 9:28:19 AM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8168D(P)/8111D(P) PCI-E Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-24-E8-AB-E0-3C



Pinging google.com [74.125.224.197] with 32 bytes of data:



Reply from 74.125.224.197: bytes=32 time=27ms TTL=51

Reply from 74.125.224.197: bytes=32 time=25ms TTL=51



Ping statistics for 74.125.224.197:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 25ms, Maximum = 27ms, Average = 26ms



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=339ms TTL=46

Reply from 98.139.183.24: bytes=32 time=370ms TTL=46



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 339ms, Maximum = 370ms, Average = 354ms



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 25 56 32 0c 1b ...... Dell Wireless 1397 WLAN Mini-Card
0x10004 ...00 24 e8 ab e0 3c ...... Realtek RTL8168D(P)/8111D(P) PCI-E Gigabit Ethernet NIC
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.234 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.234 192.168.2.234 25
192.168.2.234 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.2.255 255.255.255.255 192.168.2.234 192.168.2.234 25
224.0.0.0 240.0.0.0 192.168.2.234 192.168.2.234 25
255.255.255.255 255.255.255.255 192.168.2.234 10004 1
255.255.255.255 255.255.255.255 192.168.2.234 192.168.2.234 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/13/2012 11:16:07 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/10/2012 03:16:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt> with error: This network connection does not exist.

Error: (02/10/2012 03:16:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt> with error: This network connection does not exist.

Error: (02/10/2012 03:16:09 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt> with error: This network connection does not exist.

Error: (02/10/2012 03:16:09 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt> with error: This network connection does not exist.

Error: (02/10/2012 03:16:09 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt> with error: This network connection does not exist.

Error: (02/10/2012 03:16:09 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt> with error: The connection with the server was terminated abnormally

Error: (02/10/2012 03:15:42 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt> with error: This network connection does not exist.

Error: (02/10/2012 03:15:42 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt> with error: The connection with the server was terminated abnormally

Error: (02/10/2012 03:15:17 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt> with error: This network connection does not exist.


System errors:
=============
Error: (02/13/2012 08:06:16 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (02/13/2012 08:04:46 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (02/13/2012 08:02:09 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (02/13/2012 08:01:02 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (02/13/2012 07:57:15 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (02/13/2012 07:57:15 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (02/13/2012 07:57:07 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (02/13/2012 07:57:07 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (02/13/2012 07:55:47 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (02/13/2012 07:55:47 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127


Microsoft Office Sessions:
=========================
Error: (02/13/2012 11:16:07 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (02/10/2012 03:16:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crtThis network connection does not exist.

Error: (02/10/2012 03:16:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crtThis network connection does not exist.

Error: (02/10/2012 03:16:09 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crtThis network connection does not exist.

Error: (02/10/2012 03:16:09 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crtThis network connection does not exist.

Error: (02/10/2012 03:16:09 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crtThis network connection does not exist.

Error: (02/10/2012 03:16:09 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crtThe connection with the server was terminated abnormally

Error: (02/10/2012 03:15:42 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crtThis network connection does not exist.

Error: (02/10/2012 03:15:42 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crtThe connection with the server was terminated abnormally

Error: (02/10/2012 03:15:17 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crtThis network connection does not exist.


========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 3032.79 MB
Available physical RAM: 2445.45 MB
Total Pagefile: 4918.08 MB
Available Pagefile: 4399.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.81 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:232.85 GB) (Free:197.79 GB) NTFS

========================= Users: ========================================

User accounts for \\CKC_NB

Administrator ASPNET CKC
Guest HelpAssistant IUSR_CKC_NB
IWAM_CKC_NB SUPPORT_388945a0


**** End of log ****

Again, thanks for all of your help.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:54 AM

Posted 15 February 2012 - 03:55 PM

P.S.
Please run ComboFix and see if your internet service comes back.

===

You may have to download these tools from a good computer.
Save them to a CD or Flash drive and copy the files to the problem computer.

Lets check your partition table.

Execute the following attentively. If at any time you need help please ask.

You will need two new CD to complete the task.

Preferably from a clean computer, I need you to download: gparted-live-0.10.0-3.iso (115.1 MB) and
Windows XP Recovery Console rc.iso

Create a bootable CD, 1 for Gparted and 1 for the Windows XP Recovery Console, from the ISO images. You can use ImgBurn do this.

This may help burning the iso image(s) to a CD.
http://www.imgburn.com/index.php?act=screenshots#isowrite
===


Now boot off of the newly created Gparted CD.

Posted Image
You should be here...
Press ENTER

Posted Image
By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.

Posted Image
Choose your language and press ENTER. English is default [33]

Posted Image
Once again, at this prompt, press ENTER

You will now be taken to the main GUI screen below
Posted Image

I would like to see that last screen.

To do print screen follow these steps:

* Press Alt and Print Screen button on your keyboard
* Open Paint program
* From the menu choose Edit then Paste
* Now save the picture and attach it here for me to review.

Exit all programs.
===

I wish to check further on these files.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    i8042prt.sys
    afd.sys
    WSOCK32.DLL

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
===

#13 CrazyPimaCrew

CrazyPimaCrew
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 15 February 2012 - 05:27 PM

Attached is a picture of the screen from Gparted. I couldn't open paint to capture the screenshot, so I took a picture of it with my phone.

Below it the systemLook txt file. I included a search on another file that TDSSKiller showed as infected after rebooting the computer.

SystemLook 30.07.11 by jpshortstuff
Log created at 15:25 on 15/02/2012 by CKC
Administrator - Elevation successful

========== filefind ==========

Searching for "i8042prt.sys"
C:\Documents and Settings\CKC\Application Data\FixTDSS\Archive\i8042prt.sys --a---- 52480 bytes [15:25 13/02/2012] [20:27 10/02/2012] 4A0B06AA8943C1E332520F7440C0AA30
C:\WINDOWS\system32\dllcache\i8042prt.sys --a--c- 52480 bytes [22:01 11/06/2009] [12:48 14/04/2008] 4A0B06AA8943C1E332520F7440C0AA30
C:\WINDOWS\system32\drivers\i8042prt.sys --a---- 52480 bytes [01:05 10/02/2012] [23:47 14/02/2012] 4A0B06AA8943C1E332520F7440C0AA30

Searching for "afd.sys"
C:\Documents and Settings\CKC\Application Data\FixTDSS\Archive\afd.sys --a---- 138496 bytes [15:25 13/02/2012] [13:49 17/08/2011] 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys --a---- 138496 bytes [13:27 16/06/2011] [13:25 16/02/2011] 8D499B1276012EB907E7A9E0F4D8FDA4
C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys --a---- 138496 bytes [15:07 16/10/2008] [15:07 16/10/2008] 38D7B715504DA4741DF35E3594FE2099
C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys --a---- 138496 bytes [03:18 13/10/2011] [13:41 17/08/2011] F6B7B1ECD7B41736BDB6FF4B092BCB79
C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys --a---- 138496 bytes [15:23 04/08/2009] [11:48 20/06/2008] D6EE6014241D034E63C49A50CB2B442A
C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys --a---- 138496 bytes [15:07 11/06/2009] [10:34 14/08/2008] 4D43E74F2A1239D53929B82600F1971C
C:\WINDOWS\$NtUninstallKB2503665$\afd.sys -----c- 138496 bytes [10:44 17/06/2011] [14:43 16/10/2008] 7618D5218F2A614672EC61A80D854A37
C:\WINDOWS\$NtUninstallKB2509553$\afd.sys -----c- 138496 bytes [13:30 18/04/2011] [10:04 14/08/2008] 7E775010EF291DA96AD17CA4B17137D7
C:\WINDOWS\$NtUninstallKB2592799$\afd.sys -----c- 138496 bytes [15:46 15/10/2011] [13:22 16/02/2011] 355556D9E580915118CD7EF736653A89
C:\WINDOWS\system32\dllcache\afd.sys -----c- 138496 bytes [15:07 11/06/2009] [13:49 17/08/2011] 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\system32\drivers\afd.sys --a---- 138496 bytes [16:01 14/02/2012] [00:00 15/02/2012] 1E44BC1E83D8FD2305F8D452DB109CF9

Searching for "WSOCK32.DLL"
C:\WINDOWS\system32\wsock32.dll --a---- 22528 bytes [16:16 25/04/2008] [12:00 14/04/2008] 67156D5A9AC356DC99D7BCCB388E3316

Searching for "ipsec.sys"
C:\Documents and Settings\CKC\Application Data\FixTDSS\Archive\ipsec.sys --a---- 75264 bytes [15:25 13/02/2012] [12:00 14/04/2008] 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\ERDNT\cache\ipsec.sys --a---- 75264 bytes [15:31 10/02/2012] [00:53 10/02/2012] 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\system32\dllcache\ipsec.sys --a--c- 75264 bytes [16:16 25/04/2008] [12:00 14/04/2008] 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\system32\drivers\ipsec.sys --a---- 75264 bytes [16:16 25/04/2008] [22:04 15/02/2012] 23C74D75E36E7158768DD63D92789A91

-= EOF =-

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:54 AM

Posted 16 February 2012 - 10:12 AM

Lets use the files from the dllcache.


Open notepad and copy/paste the text in the quote box below into it:

FCOPY::
C:\WINDOWS\system32\dllcache\i8042prt.sys | C:\WINDOWS\system32\drivers\i8042prt.sys
C:\WINDOWS\system32\dllcache\afd.sys | C:\WINDOWS\system32\drivers\afd.sys


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Please run the TDSSKiller and post the log.

Let me know what problem persists.

#15 CrazyPimaCrew

CrazyPimaCrew
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 16 February 2012 - 11:17 AM

Here is the combo fix log:


ComboFix 12-02-13.01 - CKC 02/16/2012 8:35.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2638 [GMT -7:00]
Running from: c:\documents and settings\CKC\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\CKC\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB27692$\181102311\@
c:\windows\$NtUninstallKB27692$\181102311\cfg.ini
c:\windows\$NtUninstallKB27692$\181102311\Desktop.ini
c:\windows\$NtUninstallKB27692$\181102311\L\rohepcid
c:\windows\$NtUninstallKB27692$\3254210653
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\i8042prt.sys --> c:\windows\system32\drivers\i8042prt.sys
c:\windows\system32\dllcache\afd.sys --> c:\windows\system32\drivers\afd.sys
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-16 15:22 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 16:05 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 16:05 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 20:39 . 2012-02-15 20:56 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-14 20:39 . 2008-04-14 07:10 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2012-02-14 20:08 . 2012-02-14 20:08 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-02-14 19:47 . 2012-02-14 19:47 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-02-14 19:47 . 2012-02-14 19:47 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-14 19:47 . 2012-02-14 19:47 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-02-14 19:47 . 2012-02-14 19:47 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-02-14 19:47 . 2012-02-14 19:47 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-02-14 19:47 . 2012-02-14 19:47 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-14 19:47 . 2012-02-14 19:47 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-14 19:47 . 2012-02-14 19:47 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-14 19:47 . 2012-02-14 19:47 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-14 19:47 . 2012-02-14 19:47 437208 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2012-02-14 19:47 . 2012-02-14 19:47 1911768 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2012-02-14 19:47 . 2012-02-14 19:47 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2012-02-13 15:25 . 2012-02-13 15:25 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-02-13 15:25 . 2012-02-13 15:25 -------- d-----w- c:\documents and settings\CKC\Application Data\FixTDSS
2012-02-10 20:23 . 2012-02-10 20:23 -------- d-----w- c:\documents and settings\CKC\Local Settings\Application Data\PCHealth
2012-02-10 16:39 . 2008-04-14 12:00 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-02-10 16:39 . 2008-04-14 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-10 01:05 . 2008-04-14 12:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-10 00:20 . 2012-02-13 17:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-02-08 19:35 . 2012-02-13 21:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-08 19:35 . 2012-02-13 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-02-08 18:47 . 2012-02-15 22:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-08 18:27 . 2012-02-16 15:33 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-08 18:20 . 2012-02-08 18:20 -------- d-----w- c:\documents and settings\CKC\Application Data\Malwarebytes
2012-02-08 18:20 . 2012-02-08 18:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-08 18:20 . 2012-02-08 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-08 18:20 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 15:15 . 2008-04-25 16:16 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-02-15 22:04 . 2008-04-25 16:16 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-02-14 20:03 . 2011-05-26 14:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:54 . 2008-04-25 16:16 1869056 ----a-w- c:\windows\system32\win32k.sys
2012-01-02 22:11 . 2012-01-02 22:11 0 ---ha-w- c:\documents and settings\CKC\Local Settings\Application Data\BIT8.tmp
2011-12-17 19:46 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2011-11-25 21:57 . 2008-04-25 16:16 293376 ----a-w- c:\windows\system32\winsrv.dll
2012-02-14 19:47 . 2012-02-14 19:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-14_16.19.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-16 15:46 . 2012-02-16 15:46 16384 c:\windows\Temp\Perflib_Perfdata_698.dat
+ 2008-04-25 16:16 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll
- 2008-04-25 16:16 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 11:31 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 11:31 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
- 2008-04-25 16:16 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-25 16:16 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-25 09:24 . 2008-04-14 07:10 57600 c:\windows\system32\drivers\redbook.sys
- 2008-04-25 09:24 . 2012-02-13 23:45 57600 c:\windows\system32\drivers\redbook.sys
- 2009-09-02 22:17 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-09-02 22:17 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-03-08 11:31 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 11:31 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2009-09-02 22:17 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-02 22:17 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 11:34 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 11:34 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 11:33 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 11:33 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2012-02-14 20:08 . 2012-02-14 20:08 28160 c:\windows\Installer\84e01.msi
+ 2011-06-06 19:55 . 2011-06-06 19:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2012-02-16 00:02 . 2011-11-04 19:20 12800 c:\windows\ie8updates\KB2647516-IE8\xpshims.dll
+ 2012-02-16 00:02 . 2011-11-04 19:20 66560 c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll
+ 2012-02-16 00:02 . 2011-11-04 19:20 55296 c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll
+ 2012-02-16 00:02 . 2011-11-04 19:20 43520 c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll
+ 2012-02-16 00:02 . 2011-11-04 19:20 25600 c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll
+ 2012-02-16 15:40 . 2012-02-16 15:40 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\0d5eff37b81d2946d79cb694a4886199\WindowsLiveWriter.ni.exe
+ 2012-02-16 15:41 . 2012-02-16 15:41 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9ddcb26d6692d03d2e08d77dd955931c\WindowsLive.Writer.Api.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
+ 2012-02-16 15:42 . 2012-02-16 15:42 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-16 00:08 . 2012-02-16 00:08 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3aa4296d4aa01fe0533de2c15f818d5f\PresentationFontCache.ni.exe
+ 2012-02-16 00:08 . 2012-02-16 00:08 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\820acb71782d9cd006800b3ac7e1ca53\PresentationCFFRasterizer.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-12-30 10:01 . 2011-12-30 10:01 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-04-25 16:16 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll
- 2008-04-25 16:16 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
+ 2008-04-25 16:16 . 2012-02-16 00:07 707254 c:\windows\system32\perfh009.dat
+ 2008-04-25 16:16 . 2012-02-16 00:07 177232 c:\windows\system32\perfc009.dat
+ 2008-04-25 16:16 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll
- 2008-04-25 16:16 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
+ 2008-04-25 16:16 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll
- 2008-04-25 16:16 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
- 2009-03-08 11:32 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
+ 2009-03-08 11:32 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll
+ 2012-02-14 20:03 . 2012-02-14 20:03 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe
+ 2012-02-14 19:54 . 2012-02-14 19:54 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2012-02-14 19:54 . 2012-02-14 19:54 335520 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.dll
+ 2010-12-22 18:35 . 2012-02-16 15:46 224257 c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-04-25 16:16 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll
- 2008-04-25 16:16 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
- 2008-04-25 16:16 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-25 16:16 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-25 16:16 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe
- 2008-04-25 16:16 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
+ 2008-04-25 09:21 . 2012-02-16 15:15 122928 c:\windows\system32\FNTCACHE.DAT
- 2008-04-25 09:21 . 2011-12-15 03:11 122928 c:\windows\system32\FNTCACHE.DAT
- 2009-06-11 15:06 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
+ 2009-06-11 15:06 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 11:34 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll
- 2009-03-08 11:34 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
- 2009-03-08 11:34 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 11:34 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 11:32 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-03-08 11:32 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-09-02 22:17 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-09-02 22:17 . 2011-12-17 19:46 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2009-09-02 22:17 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-09-02 22:17 . 2011-12-17 19:46 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-03-08 11:31 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-03-08 11:31 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-25 16:41 . 2011-12-17 19:46 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-25 16:41 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2009-03-08 21:09 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 21:09 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 11:32 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-08 11:32 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2012-02-16 00:02 . 2011-11-04 19:20 916992 c:\windows\ie8updates\KB2647516-IE8\wininet.dll
+ 2012-02-16 00:02 . 2011-11-04 19:20 105984 c:\windows\ie8updates\KB2647516-IE8\url.dll
+ 2012-02-16 00:02 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2647516-IE8\spuninst\updspapi.dll
+ 2012-02-16 00:02 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2647516-IE8\spuninst\spuninst.exe
+ 2012-02-16 00:02 . 2011-11-04 19:20 206848 c:\windows\ie8updates\KB2647516-IE8\occache.dll
+ 2012-02-16 00:02 . 2011-11-04 19:20 611840 c:\windows\ie8updates\KB2647516-IE8\mstime.dll
+ 2012-02-16 00:02 . 2011-11-04 19:20 602112 c:\windows\ie8updates\KB2647516-IE8\msfeeds.dll
+ 2012-02-16 00:02 . 2011-11-04 19:20 247808 c:\windows\ie8updates\KB2647516-IE8\ieproxy.dll
+ 2012-02-16 00:02 . 2011-11-04 19:20 184320 c:\windows\ie8updates\KB2647516-IE8\iepeers.dll
+ 2012-02-16 00:02 . 2011-11-04 19:20 743424 c:\windows\ie8updates\KB2647516-IE8\iedvtool.dll
+ 2012-02-16 00:02 . 2011-11-04 19:20 387584 c:\windows\ie8updates\KB2647516-IE8\iedkcs32.dll
+ 2012-02-16 00:02 . 2011-11-04 11:24 174080 c:\windows\ie8updates\KB2647516-IE8\ie4uinit.exe
+ 2011-06-19 13:34 . 2011-12-30 10:01 425984 c:\windows\assembly\temp\V5DMU2BIRZ\System.configuration.dll
+ 2011-06-19 13:34 . 2011-12-30 10:01 303104 c:\windows\assembly\temp\2CJQY5DKSZ\System.Runtime.Remoting.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\edc5691acfb65ac37f49de2ec497083a\WsatConfig.ni.exe
+ 2012-02-16 15:41 . 2012-02-16 15:41 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\aaacde714f1de5087b04baf1de9b25d6\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\efb32f59e537d1270e6cee5082ff82da\WindowsLive.Writer.Controls.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d113845cf6ab9525a69b06f4d42bf701\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bcf8f59094bfd181b374451b589ab14b\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bae20eeb6d5cfe795cc9716633526330\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9bf131c7a090d5071c7da2a7c691c52c\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8f0857df3bebb9faf307098f91a25d8f\WindowsLive.Writer.Interop.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8d1379249c5c397c47ab878e201ae4b0\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\74a88d210626a318848899ac03359a82\WindowsLive.Writer.Localization.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\70cad7798fe9f43d07edcf0ac80f860e\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3d7e2643a3bca6a25a8afa3d06ae25ff\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1fa843ec6a20f626e2d64a9007728c53\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\117e01d68de0722fe4846a57954c249b\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\00a335361d06a5d3d0c6b5bd0f9434bc\WindowsLive.Writer.Passport.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\be6e8e35ef573f23d0f802f13c46814b\WindowsLive.Client.ni.dll
+ 2012-02-16 15:17 . 2012-02-16 15:17 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4ad8369d6a60765d7e9b43cdf9023f41\WindowsFormsIntegration.ni.dll
+ 2012-02-16 15:17 . 2012-02-16 15:17 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\68f4157e570c77df653057c0583395bd\UIAutomationClient.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc63b434b2f253cd27625487f7b02ac0\System.Web.Routing.ni.dll
+ 2012-02-16 15:17 . 2012-02-16 15:17 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\86650d4fb220f94f25bb5da42a03d454\System.Web.Extensions.Design.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\654465871e547e131668874de7c60b8c\System.Web.Entity.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f0d6895f6e709d425cb5da6053c603d2\System.Web.Entity.Design.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3f3b7dc7208e302e39a2dfb5b2cb953b\System.Web.DynamicData.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll
+ 2012-02-16 15:16 . 2012-02-16 15:16 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
+ 2012-02-16 15:17 . 2012-02-16 15:17 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
+ 2012-02-16 00:08 . 2012-02-16 00:08 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
+ 2012-02-16 00:08 . 2012-02-16 00:08 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1335dd98ce5ce22ad1f51cc274ca5a1d\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-16 15:16 . 2012-02-16 15:16 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a4b2b1ee81acd843970d9a81b281f1c1\System.Net.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\ab7515dcbeff3f7d9533902e98278283\System.Messaging.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e3436edde657a5111d39d5b2eecf9715\System.Management.Instrumentation.ni.dll
+ 2012-02-16 15:40 . 2012-02-16 15:40 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\974ded7dd3bca225a1b90de778846c78\System.IO.Log.ni.dll
+ 2012-02-16 15:40 . 2012-02-16 15:40 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\01eba24390736a59c39becd825b5756e\System.IdentityModel.Selectors.ni.dll
+ 2012-02-16 15:16 . 2012-02-16 15:16 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 15:16 . 2012-02-16 15:16 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
+ 2012-02-16 15:17 . 2012-02-16 15:17 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e9ae7ae6d1e9edc7aaf819889cd1c692\System.Drawing.Design.ni.dll
+ 2012-02-16 15:17 . 2012-02-16 15:17 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\78a370dc153011708dd9e4cb0e606bfc\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6e644fc7464d9fe23fc9cd6001296f2f\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bac39be66bb9f987c1948b766833f8e6\System.Data.Services.Client.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\2b5ecd231320e57010043c408783d80b\System.Data.Services.Design.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\4ac9ac2326720485aefd4d79d2024945\System.Data.Entity.Design.ni.dll
+ 2012-02-16 15:42 . 2012-02-16 15:42 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\d504d550fd0a6994fcb1466ea7be92af\System.Data.DataSetExtensions.ni.dll
+ 2012-02-16 00:08 . 2012-02-16 00:08 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
+ 2012-02-16 15:17 . 2012-02-16 15:17 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\28637135c6939e74450bbbf110b12643\System.Configuration.Install.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\958b5c0114d664ab5ba72575c301e2ea\System.AddIn.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4dcff3b0e79fc27e31549bb2af00efb5\SMSvcHost.ni.exe
+ 2012-02-16 15:41 . 2012-02-16 15:41 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\edec83be646eb52204c991371751a428\ServiceModelReg.ni.exe
+ 2012-02-16 15:17 . 2012-02-16 15:17 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\52015457bc28e7a9a563d9eab8ab0015\PresentationFramework.Royale.ni.dll
+ 2012-02-16 15:17 . 2012-02-16 15:17 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\46a680814559114706a33282e9df4b7a\PresentationFramework.Classic.ni.dll
+ 2012-02-16 15:17 . 2012-02-16 15:17 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2713754549b1114c9152d33efe5f72c7\PresentationFramework.Aero.ni.dll
+ 2012-02-16 15:17 . 2012-02-16 15:17 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7c51497b188c82e2ccbe6315549ce023\MSBuild.ni.exe
+ 2012-02-16 15:41 . 2012-02-16 15:41 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f0f6dd614d294295c5d8386cc4192034\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-16 00:08 . 2012-02-16 00:08 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fd1338828beec8737fed8f50f4fcc567\Microsoft.Build.Utilities.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\0d5f999c4b7e51151548c37c676c1b8e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\792168ce8fe03a3db43e12cf736cf91e\Microsoft.Build.Engine.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0a5277c34ddc1f55df1defb4231e814f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a8df37aadb089f1f34d3d2f103966fbc\ComSvcConfig.ni.exe
+ 2012-02-16 15:40 . 2012-02-16 15:40 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\25ce400b547f517258c8afb0480390ea\AspNetMMCExt.ni.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-06-19 13:34 . 2012-02-16 00:07 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-06-19 13:34 . 2011-12-30 10:01 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-12-30 10:02 . 2011-12-30 10:02 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-06-19 13:34 . 2012-02-16 00:07 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-06-19 13:34 . 2011-12-30 10:01 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-04-25 16:16 . 2011-12-17 19:46 1212416 c:\windows\system32\urlmon.dll
- 2008-04-25 16:16 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
+ 2008-04-25 16:16 . 2011-12-17 19:46 5979136 c:\windows\system32\mshtml.dll
+ 2009-10-28 03:40 . 2012-02-14 20:03 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2009-03-08 11:32 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
+ 2009-03-08 11:32 . 2011-12-17 19:46 2000384 c:\windows\system32\iertutil.dll
+ 2009-06-11 15:06 . 2012-01-12 16:54 1869056 c:\windows\system32\dllcache\win32k.sys
+ 2009-06-11 15:06 . 2011-12-17 19:46 1212416 c:\windows\system32\dllcache\urlmon.dll
- 2009-06-11 15:06 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2009-06-11 15:06 . 2011-12-17 19:46 5979136 c:\windows\system32\dllcache\mshtml.dll
+ 2009-09-02 22:17 . 2011-12-17 19:46 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2009-09-02 22:17 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-10-26 10:39 . 2011-10-26 10:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-02-14 20:16 . 2012-02-14 20:16 2295808 c:\windows\Installer\84ecd.msi
+ 2011-10-31 05:54 . 2011-10-31 05:54 2748416 c:\windows\Installer\6f811f.msp
+ 2011-06-06 19:55 . 2011-06-06 19:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 19:55 . 2011-06-06 19:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-02-16 00:02 . 2011-11-04 19:20 1212416 c:\windows\ie8updates\KB2647516-IE8\urlmon.dll
+ 2012-02-16 00:02 . 2011-11-04 19:20 5978112 c:\windows\ie8updates\KB2647516-IE8\mshtml.dll
+ 2012-02-16 00:02 . 2011-11-04 19:20 2000384 c:\windows\ie8updates\KB2647516-IE8\iertutil.dll
+ 2011-06-19 13:34 . 2011-12-30 10:01 2048000 c:\windows\assembly\temp\ENU19GOV28\System.XML.dll
+ 2011-06-19 13:34 . 2011-12-30 10:02 3182592 c:\windows\assembly\temp\CLU2AJR08H\System.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\cbadfb62a99a95e9bf0696aea2b292de\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 2002944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\25dbb73562ca9378b17062ea2ef68353\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\047240d114e19ad4100369d837ca8101\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-02-16 00:08 . 2012-02-16 00:08 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
+ 2012-02-16 15:17 . 2012-02-16 15:17 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\94f5164ff4f664c5e4e7fb4c3af1abad\UIAutomationClientsideProviders.ni.dll
+ 2012-02-16 00:08 . 2012-02-16 00:08 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
+ 2012-02-16 00:08 . 2012-02-16 00:08 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c4c671c737b553db8e07664816475333\System.WorkflowServices.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\248ea47105ff4af6ee75e6fdd5b450a1\System.Workflow.Runtime.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\80a288b6611668160334668cc2608e4a\System.Workflow.ComponentModel.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4c27548df5897320840ee0d65db38742\System.Workflow.Activities.ni.dll
+ 2012-02-16 15:17 . 2012-02-16 15:17 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\030cde14924eefebc06c240dbfe093a4\System.Web.Mobile.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6379c8ca8ae11effb415139990923ff1\System.Web.Extensions.ni.dll
+ 2012-02-16 15:17 . 2012-02-16 15:17 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e456140d5d6c43d7383bd36d3f9e12c6\System.Speech.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\285dfbf2380436e187cb624bd1cd4683\System.ServiceModel.Web.ni.dll
+ 2012-02-16 15:40 . 2012-02-16 15:40 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
+ 2012-02-16 15:16 . 2012-02-16 15:16 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d51e6bb07124a1d780d1e024858e0dc1\System.Printing.ni.dll
+ 2012-02-16 15:40 . 2012-02-16 15:40 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\8ef05061cd205c4f2a8583d97f32a603\System.IdentityModel.ni.dll
+ 2012-02-16 00:08 . 2012-02-16 00:08 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
+ 2012-02-16 15:16 . 2012-02-16 15:16 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77d0e93f024055d04c07cc2700b4c590\System.DirectoryServices.ni.dll
+ 2012-02-16 00:08 . 2012-02-16 00:08 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\707a05a7d5a8d99dd56d1d50311a60d2\System.Deployment.ni.dll
+ 2012-02-16 15:16 . 2012-02-16 15:16 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
+ 2012-02-16 00:08 . 2012-02-16 00:08 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\857300fa64d09c69125451fd8894f3da\System.Data.SqlXml.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e9d4a1fb13572c769ddd9b86e55baab4\System.Data.Services.ni.dll
+ 2012-02-16 15:17 . 2012-02-16 15:17 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\3f2e74586111fb32d5edc059f709fa94\System.Data.OracleClient.ni.dll
+ 2012-02-16 15:17 . 2012-02-16 15:17 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3d9c33f71d15a3e2e240092a244eba3\System.Data.Linq.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\424160369b301ccd1b6fd86265611955\System.Data.Entity.ni.dll
+ 2012-02-16 15:17 . 2012-02-16 15:17 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
+ 2012-02-16 15:16 . 2012-02-16 15:16 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\33cdfb4c322a528260016ac759230501\ReachFramework.ni.dll
+ 2012-02-16 15:16 . 2012-02-16 15:16 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a6def83aee1aaf3336675ce58ac09013\PresentationUI.ni.dll
+ 2012-02-16 00:08 . 2012-02-16 00:08 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\59cd6ce5a254006179eee92952cd2272\PresentationBuildTasks.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f7071f9a1c0523540f6aa7f11c302fb6\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-16 15:30 . 2012-02-16 15:30 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\806b1d127ed3e906db972751e87585c4\Microsoft.JScript.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\912789fd859e0887e10a935cade08e72\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6c1d3eec78906cc2a2ecffb013114c50\Microsoft.Build.Tasks.ni.dll
+ 2012-02-16 15:41 . 2012-02-16 15:41 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d6edd4b4619a9052d3dfe50c3067d5e0\Microsoft.Build.Engine.ni.dll
+ 2011-06-19 13:34 . 2012-02-16 00:07 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-06-19 13:34 . 2011-12-30 10:01 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-06-19 13:34 . 2012-02-16 00:07 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-02-16 00:07 . 2012-02-16 00:07 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-12-30 10:01 . 2011-12-30 10:01 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-06-19 13:34 . 2011-12-30 10:01 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-06-19 13:34 . 2012-02-16 00:07 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-09-02 15:25 . 2012-02-16 00:02 52550552 c:\windows\system32\MRT.exe
+ 2009-03-08 11:39 . 2011-12-18 21:46 11082240 c:\windows\system32\ieframe.dll
+ 2009-09-02 22:17 . 2011-12-18 21:46 11082240 c:\windows\system32\dllcache\ieframe.dll
+ 2012-01-03 17:44 . 2012-01-03 17:44 15929344 c:\windows\Installer\84ece.msp
+ 2011-06-06 19:55 . 2011-06-06 19:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
+ 2012-02-16 00:02 . 2011-11-04 19:20 11081728 c:\windows\ie8updates\KB2647516-IE8\ieframe.dll
+ 2012-02-16 00:08 . 2012-02-16 00:08 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
+ 2012-02-16 15:16 . 2012-02-16 15:16 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
+ 2012-02-16 15:40 . 2012-02-16 15:40 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll
+ 2012-02-16 15:17 . 2012-02-16 15:17 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c8f8fb506c32500acc1b6190d054f26\System.Design.ni.dll
+ 2012-02-16 15:16 . 2012-02-16 15:16 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll
+ 2012-02-16 00:08 . 2012-02-16 00:08 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
- 2011-10-15 15:54 . 2011-10-15 15:54 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
+ 2012-02-16 15:40 . 2012-02-16 15:40 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2008-12-19 00:12 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2008-12-19 00:12 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-24 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-22 729088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-18 150040]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2009-01-19 36864]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-12 2220032]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-16 417792]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-02-15 520192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeTPMAuth]
2008-12-19 23:58 184320 ----a-w- c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 18:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmbassySecurityCheck]
2009-01-21 01:09 95544 ----a-w- c:\program files\Wave Systems Corp\EMBASSY Security Setup\EmbassySecurityCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2009-01-21 01:12 656696 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Palm\\Hotsync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"62177:TCP"= 62177:TCP:Justin Port
"3395:TCP"= 3395:TCP:RD Port
.
R2 CumminsUpdateService;Cummins Update Service;c:\program files\Cummins Inc\UpdateManager\UpdateService.exe [11/18/2010 10:34 AM 10752]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6/11/2009 10:58 AM 44800]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [6/11/2009 10:58 AM 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [6/11/2009 10:58 AM 41760]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [6/11/2009 10:58 AM 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [6/11/2009 10:58 AM 235840]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/19/2011 6:40 AM 136176]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/11/2009 10:58 AM 112512]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/19/2011 6:40 AM 136176]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [3/1/2011 2:07 PM 9216]
S3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [6/11/2009 10:58 AM 141376]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [5/27/2010 9:52 AM 54416]
S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\drivers\PTUMWCSP.sys [5/27/2010 9:53 AM 160400]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [5/27/2010 9:53 AM 12048]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [5/27/2010 9:53 AM 160400]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [5/27/2010 9:53 AM 114192]
S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\drivers\PTUMWNSP.sys [5/27/2010 9:53 AM 160400]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [5/27/2010 9:53 AM 160400]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [4/14/2010 8:29 PM 32408]
S3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\drivers\ZTEusbgps.sys [3/1/2011 2:07 PM 105856]
S3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\drivers\ZTEusbnmeaext.sys [3/1/2011 2:07 PM 105856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ASFWHide
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-19 13:39]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-19 13:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E7DFDCBD-9390-4577-A258-044F9C55177F}: NameServer = 24.116.2.50,24.116.2.34
FF - ProfilePath - c:\documents and settings\CKC\Application Data\Mozilla\Firefox\Profiles\uw6df8i5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/news?hl=&q=&sourceid=navclient-ff&rlz=1R0MOZA_en&ie=UTF-8
FF - prefs.js: keyword.URL - hxxp://ib.startnow.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z057&partner_id=333&product_id=706&affiliate_id=&channel=DPGL18&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110720&user_guid=5793B500E16E4BFBA1B6BEA825A97D1F&machine_id=8fc0a0f328f91d69b38ab340022ceff3&browser=FF&os=win&os_version=5.1-x86-SP3&q=
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-14674204.sys
SafeBoot-44221654.sys
SafeBoot-86786189.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-16 08:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB27692$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\wvauth.dll
.
- - - - - - - > 'explorer.exe'(3720)
c:\windows\system32\WININET.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
.
**************************************************************************
.
Completion time: 2012-02-16 08:49:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-16 15:49
ComboFix2.txt 2012-02-15 00:45
ComboFix3.txt 2012-02-14 16:22
ComboFix4.txt 2012-02-10 17:47
ComboFix5.txt 2012-02-16 15:21
.
Pre-Run: 211,492,151,296 bytes free
Post-Run: 211,803,144,192 bytes free
.
- - End Of File - - E91D0D180650ED748E81F8289AD3520A

Here is the TDSS Killer Log:

09:14:00.0031 0412 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
09:14:00.0796 0412 ============================================================
09:14:00.0796 0412 Current date / time: 2012/02/16 09:14:00.0796
09:14:00.0796 0412 SystemInfo:
09:14:00.0796 0412
09:14:00.0796 0412 OS Version: 5.1.2600 ServicePack: 3.0
09:14:00.0796 0412 Product type: Workstation
09:14:00.0796 0412 ComputerName: CKC_NB
09:14:00.0796 0412 UserName: CKC
09:14:00.0796 0412 Windows directory: C:\WINDOWS
09:14:00.0796 0412 System windows directory: C:\WINDOWS
09:14:00.0796 0412 Processor architecture: Intel x86
09:14:00.0796 0412 Number of processors: 2
09:14:00.0796 0412 Page size: 0x1000
09:14:00.0796 0412 Boot type: Normal boot
09:14:00.0796 0412 ============================================================
09:14:01.0312 0412 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:14:01.0312 0412 \Device\Harddisk0\DR0:
09:14:01.0312 0412 MBR used
09:14:01.0312 0412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D1B1170
09:14:01.0375 0412 Initialize success
09:14:01.0375 0412 ============================================================
09:14:03.0203 1300 ============================================================
09:14:03.0203 1300 Scan started
09:14:03.0203 1300 Mode: Manual;
09:14:03.0203 1300 ============================================================
09:14:03.0984 1300 Abiosdsk - ok
09:14:04.0250 1300 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:14:04.0250 1300 abp480n5 - ok
09:14:04.0296 1300 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:14:04.0296 1300 ACPI - ok
09:14:04.0312 1300 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:14:04.0328 1300 ACPIEC - ok
09:14:04.0359 1300 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:14:04.0375 1300 adpu160m - ok
09:14:04.0421 1300 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:14:04.0421 1300 aec - ok
09:14:04.0484 1300 AESTAud (f21d5e93a94514be9f5b6ebf74a696b2) C:\WINDOWS\system32\drivers\AESTAud.sys
09:14:04.0484 1300 AESTAud - ok
09:14:04.0531 1300 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:14:04.0531 1300 AFD - ok
09:14:04.0546 1300 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:14:04.0546 1300 agp440 - ok
09:14:04.0562 1300 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:14:04.0562 1300 agpCPQ - ok
09:14:04.0578 1300 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:14:04.0593 1300 Aha154x - ok
09:14:04.0609 1300 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:14:04.0609 1300 aic78u2 - ok
09:14:04.0625 1300 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:14:04.0625 1300 aic78xx - ok
09:14:04.0640 1300 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:14:04.0640 1300 AliIde - ok
09:14:04.0671 1300 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:14:04.0671 1300 alim1541 - ok
09:14:04.0687 1300 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:14:04.0687 1300 amdagp - ok
09:14:04.0718 1300 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:14:04.0718 1300 amsint - ok
09:14:04.0765 1300 ApfiltrService (fb7c669774ffcacd77b5969ee5d9a19b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
09:14:04.0765 1300 ApfiltrService - ok
09:14:04.0812 1300 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:14:04.0812 1300 Arp1394 - ok
09:14:04.0828 1300 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:14:04.0828 1300 asc - ok
09:14:04.0843 1300 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:14:04.0843 1300 asc3350p - ok
09:14:04.0859 1300 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:14:04.0859 1300 asc3550 - ok
09:14:04.0890 1300 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:14:04.0890 1300 AsyncMac - ok
09:14:04.0921 1300 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:14:04.0921 1300 atapi - ok
09:14:04.0937 1300 Atdisk - ok
09:14:04.0953 1300 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:14:04.0953 1300 Atmarpc - ok
09:14:04.0984 1300 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:14:04.0984 1300 audstub - ok
09:14:05.0093 1300 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
09:14:05.0109 1300 BCM43XX - ok
09:14:05.0140 1300 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:14:05.0140 1300 Beep - ok
09:14:05.0203 1300 btaudio (ecdc40cc54603c711e1a7a1c9255184a) C:\WINDOWS\system32\drivers\btaudio.sys
09:14:05.0218 1300 btaudio - ok
09:14:05.0234 1300 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
09:14:05.0234 1300 BTDriver - ok
09:14:05.0312 1300 BTKRNL (885b6d0f826a216eee4c3ad883809012) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
09:14:05.0312 1300 BTKRNL - ok
09:14:05.0328 1300 BTWDNDIS - ok
09:14:05.0359 1300 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINDOWS\system32\DRIVERS\btwhid.sys
09:14:05.0359 1300 btwhid - ok
09:14:05.0390 1300 btwmodem (8bcd7bfe9c70a8ff7444263435b18aa1) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
09:14:05.0390 1300 btwmodem - ok
09:14:05.0406 1300 BTWUSB - ok
09:14:05.0406 1300 catchme - ok
09:14:05.0453 1300 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:14:05.0453 1300 cbidf - ok
09:14:05.0484 1300 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:14:05.0484 1300 cbidf2k - ok
09:14:05.0531 1300 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:14:05.0531 1300 CCDECODE - ok
09:14:05.0546 1300 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:14:05.0546 1300 cd20xrnt - ok
09:14:05.0593 1300 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:14:05.0593 1300 Cdaudio - ok
09:14:05.0625 1300 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:14:05.0625 1300 Cdfs - ok
09:14:05.0671 1300 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:14:05.0671 1300 Cdrom - ok
09:14:05.0687 1300 Changer - ok
09:14:05.0734 1300 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:14:05.0734 1300 CmBatt - ok
09:14:05.0750 1300 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:14:05.0750 1300 CmdIde - ok
09:14:05.0781 1300 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:14:05.0781 1300 Compbatt - ok
09:14:05.0796 1300 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:14:05.0796 1300 Cpqarray - ok
09:14:05.0828 1300 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:14:05.0828 1300 dac2w2k - ok
09:14:05.0843 1300 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:14:05.0843 1300 dac960nt - ok
09:14:05.0921 1300 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
09:14:05.0921 1300 DgiVecp - ok
09:14:05.0968 1300 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:14:05.0968 1300 Disk - ok
09:14:06.0000 1300 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
09:14:06.0000 1300 DLABMFSM - ok
09:14:06.0015 1300 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
09:14:06.0015 1300 DLABOIOM - ok
09:14:06.0046 1300 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
09:14:06.0046 1300 DLACDBHM - ok
09:14:06.0078 1300 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
09:14:06.0078 1300 DLADResM - ok
09:14:06.0093 1300 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
09:14:06.0093 1300 DLAIFS_M - ok
09:14:06.0125 1300 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
09:14:06.0125 1300 DLAOPIOM - ok
09:14:06.0140 1300 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
09:14:06.0140 1300 DLAPoolM - ok
09:14:06.0156 1300 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
09:14:06.0156 1300 DLARTL_M - ok
09:14:06.0171 1300 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
09:14:06.0187 1300 DLAUDFAM - ok
09:14:06.0203 1300 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
09:14:06.0203 1300 DLAUDF_M - ok
09:14:06.0250 1300 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:14:06.0265 1300 dmboot - ok
09:14:06.0281 1300 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:14:06.0281 1300 dmio - ok
09:14:06.0312 1300 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:14:06.0312 1300 dmload - ok
09:14:06.0359 1300 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:14:06.0359 1300 DMusic - ok
09:14:06.0421 1300 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:14:06.0421 1300 dpti2o - ok
09:14:06.0453 1300 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:14:06.0453 1300 drmkaud - ok
09:14:06.0468 1300 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
09:14:06.0468 1300 DRVMCDB - ok
09:14:06.0500 1300 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
09:14:06.0500 1300 DRVNDDM - ok
09:14:06.0578 1300 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:14:06.0578 1300 Fastfat - ok
09:14:06.0609 1300 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:14:06.0609 1300 Fdc - ok
09:14:06.0640 1300 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:14:06.0640 1300 Fips - ok
09:14:06.0656 1300 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:14:06.0656 1300 Flpydisk - ok
09:14:06.0671 1300 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:14:06.0671 1300 FltMgr - ok
09:14:06.0687 1300 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:14:06.0687 1300 Fs_Rec - ok
09:14:06.0765 1300 FTDIBUS (a36e8beedb3aaca09bf55a1d17904bc8) C:\WINDOWS\system32\drivers\ftdibus.sys
09:14:06.0765 1300 FTDIBUS - ok
09:14:06.0812 1300 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:14:06.0812 1300 Ftdisk - ok
09:14:06.0828 1300 FTSER2K (a14a1f4bb391df9c233cb5dbd05feb70) C:\WINDOWS\system32\drivers\ftser2k.sys
09:14:06.0828 1300 FTSER2K - ok
09:14:06.0843 1300 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:14:06.0843 1300 Gpc - ok
09:14:06.0906 1300 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:14:06.0906 1300 HDAudBus - ok
09:14:06.0921 1300 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:14:06.0921 1300 hidusb - ok
09:14:06.0968 1300 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:14:06.0968 1300 hpn - ok
09:14:07.0031 1300 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:14:07.0031 1300 HTTP - ok
09:14:07.0062 1300 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:14:07.0062 1300 i2omgmt - ok
09:14:07.0078 1300 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:14:07.0093 1300 i2omp - ok
09:14:07.0140 1300 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:14:07.0140 1300 i8042prt - ok
09:14:07.0328 1300 ialm (66a685b05066683621920bc14a45cfe8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:14:07.0375 1300 ialm - ok
09:14:07.0421 1300 iaStor (baabb0301949774a66b955c65319635a) C:\WINDOWS\system32\drivers\iaStor.sys
09:14:07.0421 1300 iaStor - ok
09:14:07.0453 1300 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
09:14:07.0453 1300 IFXTPM - ok
09:14:07.0500 1300 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:14:07.0500 1300 Imapi - ok
09:14:07.0546 1300 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:14:07.0546 1300 ini910u - ok
09:14:07.0562 1300 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:14:07.0562 1300 IntelIde - ok
09:14:07.0578 1300 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:14:07.0578 1300 intelppm - ok
09:14:07.0593 1300 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:14:07.0593 1300 Ip6Fw - ok
09:14:07.0609 1300 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:14:07.0609 1300 IpFilterDriver - ok
09:14:07.0625 1300 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:14:07.0625 1300 IpInIp - ok
09:14:07.0671 1300 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:14:07.0671 1300 IpNat - ok
09:14:07.0687 1300 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:14:07.0687 1300 IPSec - ok
09:14:07.0703 1300 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:14:07.0703 1300 IRENUM - ok
09:14:07.0750 1300 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:14:07.0750 1300 isapnp - ok
09:14:07.0781 1300 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:14:07.0781 1300 Kbdclass - ok
09:14:07.0781 1300 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:14:07.0796 1300 kbdhid - ok
09:14:07.0812 1300 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:14:07.0812 1300 kmixer - ok
09:14:07.0843 1300 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:14:07.0843 1300 KSecDD - ok
09:14:07.0859 1300 lbrtfdc - ok
09:14:07.0921 1300 massfilter (082ea07b461d1d184a82fdcb8b38a753) C:\WINDOWS\system32\drivers\massfilter.sys
09:14:07.0921 1300 massfilter - ok
09:14:07.0937 1300 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:14:07.0937 1300 mnmdd - ok
09:14:07.0953 1300 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:14:07.0953 1300 Modem - ok
09:14:08.0031 1300 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:14:08.0031 1300 Mouclass - ok
09:14:08.0062 1300 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:14:08.0062 1300 mouhid - ok
09:14:08.0078 1300 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:14:08.0078 1300 MountMgr - ok
09:14:08.0125 1300 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:14:08.0125 1300 mraid35x - ok
09:14:08.0140 1300 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:14:08.0140 1300 MRxDAV - ok
09:14:08.0203 1300 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:14:08.0203 1300 MRxSmb - ok
09:14:08.0250 1300 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:14:08.0250 1300 Msfs - ok
09:14:08.0281 1300 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:14:08.0281 1300 MSKSSRV - ok
09:14:08.0296 1300 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:14:08.0296 1300 MSPCLOCK - ok
09:14:08.0343 1300 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:14:08.0343 1300 MSPQM - ok
09:14:08.0406 1300 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:14:08.0406 1300 mssmbios - ok
09:14:08.0437 1300 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:14:08.0437 1300 MSTEE - ok
09:14:08.0468 1300 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:14:08.0468 1300 Mup - ok
09:14:08.0484 1300 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:14:08.0484 1300 NABTSFEC - ok
09:14:08.0531 1300 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:14:08.0546 1300 NDIS - ok
09:14:08.0562 1300 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:14:08.0562 1300 NdisIP - ok
09:14:08.0593 1300 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:14:08.0593 1300 NdisTapi - ok
09:14:08.0625 1300 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:14:08.0625 1300 Ndisuio - ok
09:14:08.0640 1300 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:14:08.0640 1300 NdisWan - ok
09:14:08.0687 1300 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:14:08.0687 1300 NDProxy - ok
09:14:08.0718 1300 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:14:08.0718 1300 NetBIOS - ok
09:14:08.0781 1300 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:14:08.0781 1300 NetBT - ok
09:14:08.0843 1300 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:14:08.0843 1300 NIC1394 - ok
09:14:08.0859 1300 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:14:08.0859 1300 Npfs - ok
09:14:08.0921 1300 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
09:14:08.0921 1300 NSNDIS5 - ok
09:14:09.0000 1300 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:14:09.0000 1300 Ntfs - ok
09:14:09.0031 1300 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:14:09.0031 1300 Null - ok
09:14:09.0062 1300 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:14:09.0062 1300 NwlnkFlt - ok
09:14:09.0078 1300 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:14:09.0078 1300 NwlnkFwd - ok
09:14:09.0125 1300 O2MDGRDR (1cd60d5fb54ab1a1fdf6fb8e0abb20b8) C:\WINDOWS\system32\DRIVERS\o2mdg.sys
09:14:09.0125 1300 O2MDGRDR - ok
09:14:09.0187 1300 O2SDGRDR (5890635f36eebbf3dc00d5b07269d4e1) C:\WINDOWS\system32\DRIVERS\o2sdg.sys
09:14:09.0187 1300 O2SDGRDR - ok
09:14:09.0250 1300 OEM13Afx (58f478fd0115012ceec75fb73628901c) C:\WINDOWS\system32\Drivers\OEM13Afx.sys
09:14:09.0265 1300 OEM13Afx - ok
09:14:09.0281 1300 OEM13Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM13Vfx.sys
09:14:09.0281 1300 OEM13Vfx - ok
09:14:09.0343 1300 OEM13Vid (12539b57ed05de7552403a12b3e0161c) C:\WINDOWS\system32\DRIVERS\OEM13Vid.sys
09:14:09.0343 1300 OEM13Vid - ok
09:14:09.0375 1300 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:14:09.0375 1300 ohci1394 - ok
09:14:09.0390 1300 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
09:14:09.0406 1300 Parport - ok
09:14:09.0421 1300 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:14:09.0421 1300 PartMgr - ok
09:14:09.0437 1300 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:14:09.0437 1300 ParVdm - ok
09:14:09.0468 1300 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:14:09.0484 1300 PCI - ok
09:14:09.0484 1300 PCIDump - ok
09:14:09.0515 1300 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:14:09.0515 1300 PCIIde - ok
09:14:09.0531 1300 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:14:09.0531 1300 Pcmcia - ok
09:14:09.0546 1300 PDCOMP - ok
09:14:09.0562 1300 PDFRAME - ok
09:14:09.0578 1300 PDRELI - ok
09:14:09.0593 1300 PDRFRAME - ok
09:14:09.0609 1300 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:14:09.0609 1300 perc2 - ok
09:14:09.0625 1300 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:14:09.0625 1300 perc2hib - ok
09:14:09.0687 1300 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:14:09.0687 1300 PptpMiniport - ok
09:14:09.0703 1300 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:14:09.0703 1300 Ptilink - ok
09:14:09.0750 1300 PTUMWBus (31152d655189703dec05d7d585281ab3) C:\WINDOWS\system32\DRIVERS\PTUMWBus.sys
09:14:09.0765 1300 PTUMWBus - ok
09:14:09.0796 1300 PTUMWCSP (800e9d0e8628b99191d4e6811237b166) C:\WINDOWS\system32\DRIVERS\PTUMWCSP.sys
09:14:09.0796 1300 PTUMWCSP - ok
09:14:09.0828 1300 PTUMWFLT (154abe6f191c1a235ffb8dcc305f7955) C:\WINDOWS\system32\DRIVERS\PTUMWFLT.sys
09:14:09.0828 1300 PTUMWFLT - ok
09:14:09.0843 1300 PTUMWMdm (3f3f7a22242d179146237cdda5023b31) C:\WINDOWS\system32\DRIVERS\PTUMWMdm.sys
09:14:09.0859 1300 PTUMWMdm - ok
09:14:09.0875 1300 PTUMWNET (caed59c03a6eaf40d9a8bfeed537800c) C:\WINDOWS\system32\DRIVERS\PTUMWNET.sys
09:14:09.0875 1300 PTUMWNET - ok
09:14:09.0921 1300 PTUMWNSP (c21601f8a0302e4f07faa080afd8e639) C:\WINDOWS\system32\DRIVERS\PTUMWNSP.sys
09:14:09.0921 1300 PTUMWNSP - ok
09:14:09.0953 1300 PTUMWVsp (9236328954fcaa0a1c895297bd1efe3a) C:\WINDOWS\system32\DRIVERS\PTUMWVsp.sys
09:14:09.0953 1300 PTUMWVsp - ok
09:14:09.0984 1300 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:14:10.0000 1300 PxHelp20 - ok
09:14:10.0046 1300 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:14:10.0046 1300 ql1080 - ok
09:14:10.0062 1300 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:14:10.0062 1300 Ql10wnt - ok
09:14:10.0109 1300 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:14:10.0109 1300 ql12160 - ok
09:14:10.0125 1300 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:14:10.0125 1300 ql1240 - ok
09:14:10.0140 1300 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:14:10.0140 1300 ql1280 - ok
09:14:10.0187 1300 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:14:10.0187 1300 RasAcd - ok
09:14:10.0218 1300 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:14:10.0218 1300 Rasl2tp - ok
09:14:10.0234 1300 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:14:10.0234 1300 RasPppoe - ok
09:14:10.0250 1300 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:14:10.0250 1300 Raspti - ok
09:14:10.0281 1300 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:14:10.0281 1300 Rdbss - ok
09:14:10.0296 1300 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:14:10.0296 1300 RDPCDD - ok
09:14:10.0328 1300 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:14:10.0328 1300 rdpdr - ok
09:14:10.0406 1300 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:14:10.0406 1300 RDPWD - ok
09:14:10.0468 1300 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:14:10.0468 1300 redbook - ok
09:14:10.0546 1300 RTLE8023xp (6e7470477d08f6e47e91016d6a1c5a5f) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
09:14:10.0546 1300 RTLE8023xp - ok
09:14:10.0593 1300 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
09:14:10.0609 1300 sdbus - ok
09:14:10.0625 1300 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:14:10.0625 1300 Secdrv - ok
09:14:10.0671 1300 Ser2pl (b72e991d35d9ebe17e485497ab8cf002) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
09:14:10.0671 1300 Ser2pl - ok
09:14:10.0703 1300 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:14:10.0703 1300 Serenum - ok
09:14:10.0734 1300 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
09:14:10.0734 1300 Serial - ok
09:14:10.0765 1300 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:14:10.0765 1300 Sfloppy - ok
09:14:10.0781 1300 Simbad - ok
09:14:10.0812 1300 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:14:10.0812 1300 sisagp - ok
09:14:10.0875 1300 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:14:10.0875 1300 SLIP - ok
09:14:10.0968 1300 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
09:14:10.0968 1300 SMSIVZAM5 - ok
09:14:11.0031 1300 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:14:11.0031 1300 Sparrow - ok
09:14:11.0093 1300 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:14:11.0093 1300 splitter - ok
09:14:11.0125 1300 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:14:11.0125 1300 sr - ok
09:14:11.0171 1300 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:14:11.0171 1300 Srv - ok
09:14:11.0187 1300 STHDA - ok
09:14:11.0218 1300 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:14:11.0218 1300 streamip - ok
09:14:11.0250 1300 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:14:11.0250 1300 swenum - ok
09:14:11.0265 1300 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:14:11.0265 1300 swmidi - ok
09:14:11.0296 1300 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:14:11.0296 1300 symc810 - ok
09:14:11.0312 1300 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:14:11.0312 1300 symc8xx - ok
09:14:11.0343 1300 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:14:11.0343 1300 sym_hi - ok
09:14:11.0359 1300 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:14:11.0359 1300 sym_u3 - ok
09:14:11.0375 1300 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:14:11.0375 1300 sysaudio - ok
09:14:11.0453 1300 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:14:11.0453 1300 Tcpip - ok
09:14:11.0484 1300 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:14:11.0484 1300 TDPIPE - ok
09:14:11.0500 1300 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:14:11.0500 1300 TDTCP - ok
09:14:11.0531 1300 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:14:11.0531 1300 TermDD - ok
09:14:11.0562 1300 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:14:11.0562 1300 TosIde - ok
09:14:11.0609 1300 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:14:11.0609 1300 Udfs - ok
09:14:11.0625 1300 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:14:11.0625 1300 ultra - ok
09:14:11.0656 1300 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:14:11.0656 1300 Update - ok
09:14:11.0687 1300 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:14:11.0687 1300 usbccgp - ok
09:14:11.0718 1300 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:14:11.0718 1300 usbehci - ok
09:14:11.0765 1300 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:14:11.0765 1300 usbhub - ok
09:14:11.0828 1300 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:14:11.0828 1300 usbscan - ok
09:14:11.0890 1300 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:14:11.0890 1300 USBSTOR - ok
09:14:11.0906 1300 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:14:11.0906 1300 usbuhci - ok
09:14:11.0968 1300 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
09:14:11.0968 1300 usbvideo - ok
09:14:11.0984 1300 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:14:11.0984 1300 VgaSave - ok
09:14:12.0031 1300 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:14:12.0031 1300 viaagp - ok
09:14:12.0046 1300 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:14:12.0046 1300 ViaIde - ok
09:14:12.0093 1300 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:14:12.0093 1300 VolSnap - ok
09:14:12.0125 1300 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:14:12.0125 1300 Wanarp - ok
09:14:12.0218 1300 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
09:14:12.0218 1300 Wdf01000 - ok
09:14:12.0234 1300 WDICA - ok
09:14:12.0250 1300 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:14:12.0250 1300 wdmaud - ok
09:14:12.0312 1300 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:14:12.0312 1300 WS2IFSL - ok
09:14:12.0375 1300 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:14:12.0375 1300 WSTCODEC - ok
09:14:12.0437 1300 ZTEusbgps (28fb86ad7cc64ae5639e6e87f3b017d9) C:\WINDOWS\system32\DRIVERS\ZTEusbgps.sys
09:14:12.0437 1300 ZTEusbgps - ok
09:14:12.0453 1300 ZTEusbmdm6k (28fb86ad7cc64ae5639e6e87f3b017d9) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
09:14:12.0453 1300 ZTEusbmdm6k - ok
09:14:12.0500 1300 ZTEusbnmea (28fb86ad7cc64ae5639e6e87f3b017d9) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
09:14:12.0500 1300 ZTEusbnmea - ok
09:14:12.0515 1300 ZTEusbnmeaext (28fb86ad7cc64ae5639e6e87f3b017d9) C:\WINDOWS\system32\DRIVERS\ZTEusbnmeaext.sys
09:14:12.0531 1300 ZTEusbnmeaext - ok
09:14:12.0546 1300 ZTEusbser6k (28fb86ad7cc64ae5639e6e87f3b017d9) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
09:14:12.0546 1300 ZTEusbser6k - ok
09:14:12.0593 1300 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
09:14:12.0656 1300 \Device\Harddisk0\DR0 - ok
09:14:12.0671 1300 Boot (0x1200) (6a36f98230ea4f54b66604aeea8e36ae) \Device\Harddisk0\DR0\Partition0
09:14:12.0671 1300 \Device\Harddisk0\DR0\Partition0 - ok
09:14:12.0671 1300 ============================================================
09:14:12.0671 1300 Scan finished
09:14:12.0671 1300 ============================================================
09:14:12.0687 0908 Detected object count: 0
09:14:12.0687 0908 Actual detected object count: 0

It looks like everything is back to normal on my computer. Is there anything else I should do to further protect from future attacks?

Thanks for all your help. I really appreciate it!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users