Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDL4@MBR


  • This topic is locked This topic is locked
18 replies to this topic

#1 pompous

pompous

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 12 February 2012 - 01:44 AM

Hello, All.

Iíve come across an especially stubborn infection. The hallmark of this infection appears to be a browser redirect via buffpuma.com when I do a google search. Much of the time I canít reach the internet at all on firefox.

I also use the Tor network, which has been less problematic (no redirect).

Here are the steps Iíve taken so far to get rid of the infection:

1) run Combo-Fix. Combo-Fix didnít find anything.

2) I restarted XP in safe mode

3) Opened firefox and made sure that no proxy was selected.

4) Ran rkill.

5) Ran Malwarebytes. It found six files. I deleted them.

6) Rebooted computer.

Unfortunately, on firefox, google still redirects. Sometimes I cannot reach the internet on a browser at all. However, mTorrent still works fine so I have an internet connection. In addition, when starting the Tor network, sometimes it tells me that it cannot find the router, which is a new problem. Eventually the network connects, but sometimes it cuts out.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Michael Kydonieus at 21:23:32 on 2012-02-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2747 [GMT -8:00]
.
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fsearch.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll
BHO: AutorunsDisabled - No File
BHO: Mega Manager IE Click Monitor - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: IplexToALLPlayer: {df925ef3-7a87-44e4-9caf-8d7b280bf616} - c:\progra~1\opensu~1\iplex\IPLEXT~1.DLL
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [Sonic RecordNow!]
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [HDDHealth] c:\program files\hdd health\HDDHealth.exe -wl
uRun: [ALLUpdate] "c:\program files\opensubtitlesplayer\ALLUpdate.exe" "sleep"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [BCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ASUS Ai Charger] c:\program files\asus\asus ai charger\AiChargerAP.exe
mRun: [ASUS AI Suite II Execute] c:\program files\asus\ai suite ii\AsRoutineController.exe -open
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\michael kydonieus\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: skillport.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1E8FFA19-9371-4EC8-8857-3CF0CA6DFE64} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{90D4D6E5-5E28-454C-8BC8-571C8B5AF33D} : DhcpNameServer = 192.168.1.254
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\michael kydonieus\application data\mozilla\firefox\profiles\zlzl3n6p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AiCharger;ASUS Charger Driver;c:\windows\system32\drivers\AiCharger.sys [2011-8-22 13440]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-8-22 41088]
S0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-1-25 56208]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2011-8-22 11832]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
S1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-1-25 71440]
S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-1-25 164112]
S1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
S1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
S2 asComSvc;ASUS Com Service;c:\program files\asus\axsp\1.00.13\atkexComSvc.exe [2011-8-22 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files\asus\aahm\1.00.13\aaHMSvc.exe [2011-8-22 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.11\AsSysCtrlService.exe [2011-8-22 586880]
S2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2010-3-5 235752]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-1-25 931640]
S2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2011-8-22 27424]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]
S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2003-7-16 5120]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-8-22 2656280]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-8-22 1691480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-8-27 101904]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-6-16 79360]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120210.003\naveng.sys [2012-2-10 86136]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120210.003\navex15.sys [2012-2-10 1576312]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-2-11 19056]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2011-8-22 34208]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2011-8-22 17664]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1558000]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-1-2 19677]
S4 Swe8ffar;Swe8ffar;c:\windows\system32\drivers\fips.sys [2003-7-16 44544]
.
=============== File Associations ===============
.
.txt=GetDiz.TextFile
.
=============== Created Last 30 ================
.
2012-02-09 18:18:31 98816 ----a-w- c:\windows\sed.exe
2012-02-09 18:18:31 518144 ----a-w- c:\windows\SWREG.exe
2012-02-09 18:18:31 256000 ----a-w- c:\windows\PEV.exe
2012-02-09 18:18:31 208896 ----a-w- c:\windows\MBR.exe
2012-02-09 18:18:16 -------- d-----w- C:\Combo-Fix23415C
2012-02-09 18:13:26 -------- d-----w- C:\Combo-Fix575C
2012-02-09 18:11:59 -------- d-----w- C:\Combo-Fix4219C
2012-02-06 18:47:31 -------- d-----w- c:\program files\AutoGK
2012-02-05 23:42:11 -------- d-----w- c:\program files\DVD Decrypter
2012-02-02 21:34:36 -------- d-----w- c:\program files\FairUse Wizard 2
2012-01-25 18:16:44 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-01-20 17:46:15 -------- d-----w- C:\Combo-Fix5381C
.
==================== Find3M ====================
.
2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 22:27:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD103SJ rev.1AJ10001 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8B19649F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8b19d738]; MOV EAX, [0x8b19d8ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8B1F4AB8]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000090[0x8B24E9E8]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8B2F0D98]
\Driver\atapi[0x8B231310] -> IRP_MJ_CREATE -> 0x8B19649F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8B1962C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 21:25:39.81 ===============
Attached File  attach.txt   26.72KB   1 downloads
Attached File  ark.txt   24.94KB   0 downloads

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:16 PM

Posted 12 February 2012 - 03:10 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 pompous

pompous
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 13 February 2012 - 05:18 PM

Hi, Gringo.

I have been on some major adventures since I first posted. Right after I posted, the following things happened:

1) I was unable to run the Task Manager. I got an error message which I didn't think to write down.
2)I then went to check if my firewall was up. I was unable to access that as well with a similar error.
3)My computer bluescreened.
4)My computer failed to reboot, even in safemode.

End result: computer as dead as roadkill.

Fortunately, I make weekly full backups with ddrescue, so I simply swapped out the dead drive with my last backup, which was about a week old.

Assuming that my backup had the virus, I checked to see if it was exhibiting any of the behavior I had noticed from before, i.e. redirecting google searches, turned off firewall, unavailable internet. None of the above. I ran combofix. The log file is below.

Within minutes, the exact same sequence repeated itself (1-4 above), and my computer bluescreened. This time I remembered to at least write down the blue screen message:

"A problem has been detected and Windows has been shut down to prevent damage to your computer.

Bad_Pool_Caller

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.

If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.

Technical Information:

*** STOP: 0x000000C2 (0x000000040,0x00000000,0x80000000,0x00000000)

Beginning dump of physical memory
Physical memory dump complete.
Contact your system administrator or technical support group for further assistance.

Needless to say, the timing of the two system failures is highly suspicious, i.e., they happened right after I used the utilities supplied by bleepingcomputer.com as a prerequisited to posting a virus issue. Also, the week old backup which I installed in place of my hard drive showed no signs of the virus. This leads me to believe that there are HUGE problems with the downloads bleepingcomputer is supplying. I have never seen a virus kill a computer that quickly before.

Fortunately, I was able to recover for now with Last Known Good Configuration.

I will keep you posted if I find anything new that might be of use to you in figuring out this problem.

I am going to give you the logs that I have up to now since I swapped out by week old backup hard drive for ComboFix, ddr.scr, and gmer.exe:

COMBOFIX:

ComboFix 12-02-13.01 - Michael Kydonieus 02/13/2012 8:23.17.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2140 [GMT -8:00]
Running from: c:\documents and settings\Michael Kydonieus\Desktop\Combo-Fix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\GroupPolicy\Machine\Registry.pol
.
.
((((((((((((((((((((((((( Files Created from 2012-01-13 to 2012-02-13 )))))))))))))))))))))))))))))))
.
.
2012-02-13 16:00 . 2012-02-13 16:00 -------- d-----w- C:\Combo-Fix16179C
2012-02-13 15:55 . 2012-02-13 15:55 -------- d-----w- C:\Combo-Fix32761C
2012-02-02 21:34 . 2012-02-02 21:52 -------- d-----w- c:\program files\FairUse Wizard 2
2012-01-25 18:16 . 2012-01-25 18:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-01-20 17:46 . 2012-01-20 17:47 -------- d-----w- C:\Combo-Fix5381C
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-04 22:27 . 2011-05-29 22:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2003-07-16 16:45 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2003-07-16 16:45 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2011-12-09 10:11 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{A2ABB67E-53A2-49C2-AC6F-76C30006C68A}\mpengine.dll
2011-11-21 10:47 . 2006-05-08 04:57 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-11-18 12:35 . 2003-07-16 16:34 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2005-09-13 00:18 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2003-07-16 16:37 152064 ----a-w- c:\windows\system32\schannel.dll
2012-02-02 23:12 . 2011-05-01 21:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-25_22.39.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-13 15:52 . 2012-02-13 15:52 16384 c:\windows\Temp\Perflib_Perfdata_f94.dat
+ 2012-02-13 15:52 . 2012-02-13 15:52 16384 c:\windows\Temp\Perflib_Perfdata_e24.dat
+ 2012-02-13 15:51 . 2012-02-13 15:51 16384 c:\windows\Temp\Perflib_Perfdata_9dc.dat
+ 2012-02-13 15:53 . 2012-02-13 15:53 16384 c:\windows\Temp\Perflib_Perfdata_138.dat
- 2011-02-05 20:33 . 2011-12-25 21:29 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStopShortcut.exe
+ 2011-02-05 20:33 . 2012-01-31 18:04 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStopShortcut.exe
+ 2011-02-05 20:33 . 2012-01-31 18:04 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStartShortcut.exe
- 2011-02-05 20:33 . 2011-12-25 21:29 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStartShortcut.exe
+ 2011-02-05 20:33 . 2012-01-31 18:04 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceConsoleShortcut.exe
- 2011-02-05 20:33 . 2011-12-25 21:29 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceConsoleShortcut.exe
- 2009-10-24 06:00 . 2012-01-21 04:00 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-10-24 06:00 . 2012-02-13 15:51 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2012-01-30 16:27 . 2012-01-30 16:27 3947520 c:\windows\Installer\60f17.msi
+ 2012-01-31 18:04 . 2012-01-31 18:04 1409024 c:\windows\Installer\14280.msi
+ 2012-01-30 16:04 . 2012-01-30 16:04 18024960 c:\windows\Installer\17d68.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" [BU]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-05 399736]
"HDDHealth"="c:\program files\HDD Health\HDDHealth.exe" [2008-06-15 1692672]
"ALLUpdate"="c:\program files\OpenSubtitlesPlayer\ALLUpdate.exe" [2011-02-27 1022464]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"CTHelper"="CTHELPER.EXE" [2010-03-19 19456]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-16 19722344]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-02 142360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-02 182296]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-02 166424]
"ASUS Ai Charger"="c:\program files\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-10-19 465536]
"ASUS AI Suite II Execute"="c:\program files\ASUS\AI Suite II\AsRoutineController.exe" [2010-11-27 2931328]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-04 06:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 23:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 14.0]
2008-05-08 00:13 2245984 ----a-w- c:\program files\Norton Ghost\Agent\VProTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-26 05:31 198160 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2010-07-21 07:52 1167296 ----a-w- c:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Michael Kydonieus\\Desktop\\CommonFiles\\Java\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ASUS\\AI Suite II\\AI Suite II.exe"=
.
R0 AiCharger;ASUS Charger Driver;c:\windows\system32\drivers\AiCharger.sys [8/22/2011 5:31 PM 13440]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [1/25/2012 10:16 AM 56208]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [8/22/2011 5:34 PM 11832]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [12/15/2011 9:10 AM 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [1/25/2012 10:16 AM 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [1/25/2012 10:16 AM 164112]
R2 asComSvc;ASUS Com Service;c:\program files\ASUS\AXSP\1.00.13\atkexComSvc.exe [8/22/2011 5:32 PM 918144]
R2 asHmComSvc;ASUS HM Com Service;c:\program files\ASUS\AAHM\1.00.13\aaHMSvc.exe [8/22/2011 5:32 PM 915584]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [8/22/2011 5:33 PM 586880]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [3/5/2010 9:15 AM 235752]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [1/25/2012 10:16 AM 931640]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [8/22/2011 5:29 PM 27424]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [8/22/2011 5:27 PM 2656280]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [8/27/2011 1:20 PM 101904]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [8/22/2011 5:27 PM 41088]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/2/2009 8:33 PM 47360]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 4:13 PM 1558000]
S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [7/16/2003 8:21 AM 5120]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/22/2011 5:22 PM 1691480]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/16/2010 11:20 AM 79360]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [8/22/2011 5:29 PM 34208]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [8/22/2011 5:29 PM 17664]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 12:30 PM 124608]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/2/2001 10:53 PM 19677]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/6/2010 12:47 PM 691696]
S4 Swe8ffar;Swe8ffar;c:\windows\system32\drivers\fips.sys [7/16/2003 8:22 AM 44544]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - EraserUtilDrvI13
*Deregistered* - RapportIaso
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2012-02-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
2012-02-13 c:\windows\Tasks\User_Feed_Synchronization-{22D1F4A4-13E9-4094-8CD3-355F70D8288C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fsearch.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Michael Kydonieus\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: skillport.com
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Michael Kydonieus\Application Data\Mozilla\Firefox\Profiles\zlzl3n6p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
.
------- File Associations -------
.
.txt=GetDiz.TextFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-13 08:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1736)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-02-13 08:30:53
ComboFix-quarantined-files.txt 2012-02-13 16:30
ComboFix2.txt 2012-01-25 22:40
ComboFix3.txt 2012-01-01 06:50
ComboFix4.txt 2011-12-28 17:23
ComboFix5.txt 2012-02-13 16:20
.
Pre-Run: 84,447,141,888 bytes free
Post-Run: 84,454,576,128 bytes free
.
- - End Of File - - 2C97AC3E3704C24A8B33C2924F5D2DA7

Attached File  Attach.txt   22.3KB   0 downloads

Attached File  DDS.txt   16.57KB   0 downloads

Attached File  gmer.log   25.65KB   1 downloads

Edited by pompous, 13 February 2012 - 05:45 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:16 PM

Posted 13 February 2012 - 09:20 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 pompous

pompous
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 14 February 2012 - 02:50 PM

Hi, Gringo.

While I was running aswMBR, my antivirus software (Symantec AntiVirus 10.0.0.359) quarantined Trojan.Gen.2.

Here are the reports you requested:

TDSSKiller.2.7.12.0_2.14.12_11.27_log.txt:

11:25:41.0109 5568 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
11:25:41.0593 5568 ============================================================
11:25:41.0593 5568 Current date / time: 2012/02/14 11:25:41.0593
11:25:41.0593 5568 SystemInfo:
11:25:41.0593 5568
11:25:41.0593 5568 OS Version: 5.1.2600 ServicePack: 3.0
11:25:41.0593 5568 Product type: Workstation
11:25:41.0593 5568 ComputerName: MK-9JVLJ5IT3WEO
11:25:41.0593 5568 UserName: Michael Kydonieus
11:25:41.0593 5568 Windows directory: C:\WINDOWS
11:25:41.0593 5568 System windows directory: C:\WINDOWS
11:25:41.0593 5568 Processor architecture: Intel x86
11:25:41.0593 5568 Number of processors: 2
11:25:41.0593 5568 Page size: 0x1000
11:25:41.0593 5568 Boot type: Normal boot
11:25:41.0593 5568 ============================================================
11:25:43.0453 5568 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:25:43.0484 5568 \Device\Harddisk0\DR0:
11:25:43.0484 5568 MBR used
11:25:43.0484 5568 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
11:25:43.0546 5568 Initialize success
11:25:43.0546 5568 ============================================================
11:25:45.0421 5808 ============================================================
11:25:45.0421 5808 Scan started
11:25:45.0421 5808 Mode: Manual;
11:25:45.0421 5808 ============================================================
11:25:46.0281 5808 Abiosdsk - ok
11:25:46.0312 5808 abp480n5 - ok
11:25:46.0359 5808 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:25:46.0359 5808 ACPI - ok
11:25:46.0421 5808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:25:46.0421 5808 ACPIEC - ok
11:25:46.0421 5808 adpu160m - ok
11:25:46.0468 5808 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
11:25:46.0468 5808 aeaudio - ok
11:25:46.0515 5808 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:25:46.0531 5808 aec - ok
11:25:46.0578 5808 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:25:46.0578 5808 AFD - ok
11:25:46.0578 5808 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:25:46.0578 5808 agp440 - ok
11:25:46.0593 5808 Aha154x - ok
11:25:46.0593 5808 aic78u2 - ok
11:25:46.0593 5808 aic78xx - ok
11:25:46.0625 5808 AiCharger (ebdf2640d1c644a68e9b43e89b623f64) C:\WINDOWS\system32\DRIVERS\AiCharger.sys
11:25:46.0625 5808 AiCharger - ok
11:25:46.0640 5808 AliIde - ok
11:25:46.0687 5808 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
11:25:46.0718 5808 Ambfilt - ok
11:25:46.0718 5808 amsint - ok
11:25:46.0765 5808 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:25:46.0765 5808 Arp1394 - ok
11:25:46.0781 5808 asc - ok
11:25:46.0781 5808 asc3350p - ok
11:25:46.0781 5808 asc3550 - ok
11:25:46.0828 5808 AsIO (419f3128e01b5ac038efd500314f62b8) C:\WINDOWS\system32\drivers\AsIO.sys
11:25:46.0828 5808 AsIO - ok
11:25:46.0859 5808 AsUpIO (a9a565c669786c402752f609afdd0dd5) C:\WINDOWS\system32\drivers\AsUpIO.sys
11:25:46.0859 5808 AsUpIO - ok
11:25:46.0906 5808 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:25:46.0906 5808 AsyncMac - ok
11:25:46.0921 5808 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:25:46.0921 5808 atapi - ok
11:25:46.0921 5808 Atdisk - ok
11:25:47.0078 5808 ati2mtag (011388ddc5b83ef4a0b2b829735c646f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:25:47.0125 5808 ati2mtag - ok
11:25:47.0140 5808 AtiHDAudioService (b2a236dc65e90170a369164384efb460) C:\WINDOWS\system32\drivers\AtihdXP3.sys
11:25:47.0156 5808 AtiHDAudioService - ok
11:25:47.0187 5808 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:25:47.0187 5808 Atmarpc - ok
11:25:47.0187 5808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:25:47.0187 5808 audstub - ok
11:25:47.0234 5808 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
11:25:47.0234 5808 BCMModem - ok
11:25:47.0281 5808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:25:47.0296 5808 Beep - ok
11:25:47.0312 5808 bvrp_pci (c915a416f265149471d74e0815c928b2) C:\WINDOWS\System32\drivers\bvrp_pci.sys
11:25:47.0312 5808 bvrp_pci - ok
11:25:47.0468 5808 catchme - ok
11:25:47.0484 5808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:25:47.0484 5808 cbidf2k - ok
11:25:47.0500 5808 cd20xrnt - ok
11:25:47.0500 5808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:25:47.0500 5808 Cdaudio - ok
11:25:47.0531 5808 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:25:47.0531 5808 Cdfs - ok
11:25:47.0562 5808 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:25:47.0562 5808 Cdrom - ok
11:25:47.0578 5808 Changer - ok
11:25:47.0578 5808 CmdIde - ok
11:25:47.0609 5808 COMMONFX (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\system32\drivers\COMMONFX.SYS
11:25:47.0609 5808 COMMONFX - ok
11:25:47.0625 5808 COMMONFX.SYS (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\System32\drivers\COMMONFX.SYS
11:25:47.0625 5808 COMMONFX.SYS - ok
11:25:47.0625 5808 Cpqarray - ok
11:25:47.0656 5808 ctac32k (357c534b38019b597f51c8bf7186c118) C:\WINDOWS\system32\drivers\ctac32k.sys
11:25:47.0671 5808 ctac32k - ok
11:25:47.0687 5808 ctaud2k (691f8259a1f9c983356d8db2cde8043c) C:\WINDOWS\system32\drivers\ctaud2k.sys
11:25:47.0703 5808 ctaud2k - ok
11:25:47.0734 5808 CTAUDFX (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\system32\drivers\CTAUDFX.SYS
11:25:47.0734 5808 CTAUDFX - ok
11:25:47.0750 5808 CTAUDFX.SYS (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\System32\drivers\CTAUDFX.SYS
11:25:47.0750 5808 CTAUDFX.SYS - ok
11:25:47.0796 5808 ctdvda2k (8545d70b0335a05498f34e7e3f8ca9a2) C:\WINDOWS\system32\drivers\ctdvda2k.sys
11:25:49.0218 5808 ctdvda2k - ok
11:25:49.0250 5808 CTERFXFX (16f448354067914e7deaea709011bd60) C:\WINDOWS\system32\drivers\CTERFXFX.SYS
11:25:49.0265 5808 CTERFXFX - ok
11:25:49.0265 5808 CTERFXFX.SYS (16f448354067914e7deaea709011bd60) C:\WINDOWS\System32\drivers\CTERFXFX.SYS
11:25:49.0265 5808 CTERFXFX.SYS - ok
11:25:49.0281 5808 ctprxy2k (4d71541283aea28fb839007be90b5fc7) C:\WINDOWS\system32\drivers\ctprxy2k.sys
11:25:49.0281 5808 ctprxy2k - ok
11:25:49.0312 5808 CTSBLFX (64c83684661be137023f5186a612cf34) C:\WINDOWS\system32\drivers\CTSBLFX.SYS
11:25:49.0312 5808 CTSBLFX - ok
11:25:49.0328 5808 CTSBLFX.SYS (64c83684661be137023f5186a612cf34) C:\WINDOWS\System32\drivers\CTSBLFX.SYS
11:25:49.0328 5808 CTSBLFX.SYS - ok
11:25:49.0359 5808 ctsfm2k (632194572ebde8d461728cf382a7e964) C:\WINDOWS\system32\drivers\ctsfm2k.sys
11:25:49.0359 5808 ctsfm2k - ok
11:25:49.0359 5808 dac2w2k - ok
11:25:49.0375 5808 dac960nt - ok
11:25:49.0390 5808 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:25:49.0390 5808 Disk - ok
11:25:49.0437 5808 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:25:49.0453 5808 dmboot - ok
11:25:49.0468 5808 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:25:49.0468 5808 dmio - ok
11:25:49.0468 5808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:25:49.0468 5808 dmload - ok
11:25:49.0515 5808 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:25:49.0515 5808 DMusic - ok
11:25:49.0546 5808 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
11:25:49.0546 5808 Dot4 - ok
11:25:49.0562 5808 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
11:25:49.0562 5808 Dot4Print - ok
11:25:49.0578 5808 dot4ufd (2ebac67dad0da30bccd0e838bc98db5b) C:\WINDOWS\system32\DRIVERS\hppaufd0.sys
11:25:49.0578 5808 dot4ufd - ok
11:25:49.0609 5808 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
11:25:49.0609 5808 dot4usb - ok
11:25:49.0609 5808 dpti2o - ok
11:25:49.0625 5808 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:25:49.0625 5808 drmkaud - ok
11:25:49.0656 5808 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
11:25:49.0656 5808 drvmcdb - ok
11:25:49.0671 5808 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
11:25:49.0671 5808 drvnddm - ok
11:25:49.0718 5808 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:25:49.0718 5808 E100B - ok
11:25:49.0921 5808 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:25:49.0921 5808 eeCtrl - ok
11:25:49.0937 5808 emupia (bacd9cc06d7a787e529e7ebf56b671aa) C:\WINDOWS\system32\drivers\emupia2k.sys
11:25:49.0937 5808 emupia - ok
11:25:49.0968 5808 Eplpdx02 (f9472131367d39435d750f5fa3d23582) C:\WINDOWS\System32\Drivers\EPLPDX02.SYS
11:25:49.0968 5808 Eplpdx02 - ok
11:25:50.0000 5808 EraserUtilDrvI13 (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys
11:25:50.0000 5808 EraserUtilDrvI13 - ok
11:25:50.0031 5808 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:25:50.0031 5808 Fastfat - ok
11:25:50.0078 5808 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:25:50.0078 5808 Fdc - ok
11:25:50.0093 5808 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:25:50.0093 5808 Fips - ok
11:25:50.0093 5808 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:25:50.0109 5808 Flpydisk - ok
11:25:50.0125 5808 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:25:50.0125 5808 FltMgr - ok
11:25:50.0140 5808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:25:50.0140 5808 Fs_Rec - ok
11:25:50.0140 5808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:25:50.0140 5808 Ftdisk - ok
11:25:50.0187 5808 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
11:25:50.0203 5808 GEARAspiWDM - ok
11:25:50.0203 5808 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:25:50.0203 5808 Gpc - ok
11:25:50.0234 5808 ha10kx2k (70606233f3ed0e53cb3ea17f846d6a4f) C:\WINDOWS\system32\drivers\ha10kx2k.sys
11:25:50.0250 5808 ha10kx2k - ok
11:25:50.0250 5808 hap16v2k (a0c69ad2a61e576b0207acdd9626e167) C:\WINDOWS\system32\drivers\hap16v2k.sys
11:25:50.0265 5808 hap16v2k - ok
11:25:50.0265 5808 hap17v2k (2ee89452c574d259ada4fc9fc1c07243) C:\WINDOWS\system32\drivers\hap17v2k.sys
11:25:50.0281 5808 hap17v2k - ok
11:25:50.0281 5808 hcmon (9d4bff527040edf5dcc8707ee610f535) C:\WINDOWS\System32\Drivers\hcmon.sys
11:25:50.0296 5808 hcmon - ok
11:25:50.0312 5808 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:25:50.0312 5808 HDAudBus - ok
11:25:50.0359 5808 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:25:50.0359 5808 HidUsb - ok
11:25:50.0375 5808 hpn - ok
11:25:50.0421 5808 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:25:50.0421 5808 HTTP - ok
11:25:50.0421 5808 i2omgmt - ok
11:25:50.0437 5808 i2omp - ok
11:25:50.0484 5808 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:25:50.0484 5808 i8042prt - ok
11:25:50.0562 5808 ialm (1ff4488b12a3917a217874be573c8f2a) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:25:50.0593 5808 ialm - ok
11:25:50.0593 5808 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:25:50.0593 5808 Imapi - ok
11:25:50.0609 5808 ini910u - ok
11:25:50.0765 5808 IntcAzAudAddService (52b1c4ce44ee58f7e781c561efb22517) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:25:50.0796 5808 IntcAzAudAddService - ok
11:25:50.0796 5808 IntelIde - ok
11:25:50.0812 5808 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:25:50.0812 5808 intelppm - ok
11:25:50.0812 5808 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:25:50.0828 5808 ip6fw - ok
11:25:50.0875 5808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:25:50.0875 5808 IpFilterDriver - ok
11:25:50.0906 5808 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:25:50.0906 5808 IpInIp - ok
11:25:50.0968 5808 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:25:50.0968 5808 IpNat - ok
11:25:50.0968 5808 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:25:50.0984 5808 IPSec - ok
11:25:50.0984 5808 IPVNMon - ok
11:25:51.0046 5808 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:25:51.0046 5808 IRENUM - ok
11:25:51.0078 5808 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:25:51.0078 5808 isapnp - ok
11:25:51.0109 5808 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:25:51.0109 5808 Kbdclass - ok
11:25:51.0109 5808 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:25:51.0109 5808 kbdhid - ok
11:25:51.0156 5808 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:25:51.0156 5808 kmixer - ok
11:25:51.0156 5808 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:25:51.0171 5808 KSecDD - ok
11:25:51.0171 5808 lbrtfdc - ok
11:25:51.0187 5808 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
11:25:51.0203 5808 MDC8021X - ok
11:25:51.0234 5808 MEI (d86ac00883b9c98b570e7643aaf8e554) C:\WINDOWS\system32\DRIVERS\HECI.sys
11:25:51.0250 5808 MEI - ok
11:25:51.0265 5808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:25:51.0265 5808 mnmdd - ok
11:25:51.0312 5808 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:25:51.0312 5808 Modem - ok
11:25:51.0359 5808 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
11:25:51.0359 5808 MODEMCSA - ok
11:25:51.0406 5808 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
11:25:51.0421 5808 Monfilt - ok
11:25:51.0437 5808 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:25:51.0437 5808 Mouclass - ok
11:25:51.0453 5808 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:25:51.0453 5808 mouhid - ok
11:25:51.0484 5808 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:25:51.0484 5808 MountMgr - ok
11:25:51.0500 5808 mraid35x - ok
11:25:51.0500 5808 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:25:51.0515 5808 MRxDAV - ok
11:25:51.0546 5808 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:25:51.0562 5808 MRxSmb - ok
11:25:51.0562 5808 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:25:51.0562 5808 Msfs - ok
11:25:51.0593 5808 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:25:51.0609 5808 MSKSSRV - ok
11:25:51.0609 5808 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:25:51.0609 5808 MSPCLOCK - ok
11:25:51.0640 5808 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:25:51.0640 5808 MSPQM - ok
11:25:51.0656 5808 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:25:51.0656 5808 mssmbios - ok
11:25:51.0671 5808 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:25:51.0671 5808 Mup - ok
11:25:51.0812 5808 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120203.003\naveng.sys
11:25:51.0812 5808 NAVENG - ok
11:25:51.0843 5808 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120203.003\navex15.sys
11:25:51.0859 5808 NAVEX15 - ok
11:25:51.0859 5808 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:25:51.0875 5808 NDIS - ok
11:25:51.0906 5808 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:25:51.0906 5808 NdisTapi - ok
11:25:51.0937 5808 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:25:51.0953 5808 Ndisuio - ok
11:25:51.0953 5808 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:25:51.0953 5808 NdisWan - ok
11:25:51.0968 5808 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:25:51.0968 5808 NDProxy - ok
11:25:51.0984 5808 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:25:51.0984 5808 NetBIOS - ok
11:25:52.0015 5808 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:25:52.0015 5808 NetBT - ok
11:25:52.0078 5808 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:25:52.0078 5808 NIC1394 - ok
11:25:52.0093 5808 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:25:52.0093 5808 Npfs - ok
11:25:52.0125 5808 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:25:52.0140 5808 Ntfs - ok
11:25:52.0203 5808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:25:52.0203 5808 Null - ok
11:25:52.0234 5808 nv (1aa2270491a46e90e454e143ea8ac775) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:25:52.0250 5808 nv - ok
11:25:52.0281 5808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:25:52.0281 5808 NwlnkFlt - ok
11:25:52.0312 5808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:25:52.0312 5808 NwlnkFwd - ok
11:25:52.0312 5808 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:25:52.0328 5808 ohci1394 - ok
11:25:52.0328 5808 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
11:25:52.0328 5808 OMCI - ok
11:25:52.0343 5808 ossrv (ae896073e1bbf98fefc2ec52f62c0fba) C:\WINDOWS\system32\drivers\ctoss2k.sys
11:25:52.0359 5808 ossrv - ok
11:25:52.0390 5808 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:25:52.0390 5808 Parport - ok
11:25:52.0390 5808 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:25:52.0390 5808 PartMgr - ok
11:25:52.0406 5808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:25:52.0406 5808 ParVdm - ok
11:25:52.0437 5808 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:25:52.0437 5808 PCI - ok
11:25:52.0453 5808 PCIDump - ok
11:25:52.0453 5808 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:25:52.0453 5808 PCIIde - ok
11:25:52.0484 5808 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:25:52.0484 5808 Pcmcia - ok
11:25:52.0500 5808 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
11:25:52.0515 5808 pcouffin - ok
11:25:52.0515 5808 PDCOMP - ok
11:25:52.0531 5808 PDFRAME - ok
11:25:52.0531 5808 PDRELI - ok
11:25:52.0531 5808 PDRFRAME - ok
11:25:52.0546 5808 perc2 - ok
11:25:52.0546 5808 perc2hib - ok
11:25:52.0562 5808 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:25:52.0578 5808 PptpMiniport - ok
11:25:52.0578 5808 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
11:25:52.0578 5808 PQNTDrv - ok
11:25:52.0593 5808 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
11:25:52.0593 5808 Processor - ok
11:25:52.0593 5808 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:25:52.0609 5808 PSched - ok
11:25:52.0609 5808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:25:52.0609 5808 Ptilink - ok
11:25:52.0625 5808 PxHelp20 (7e1eacdecba39e0b2a35306426f0decc) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
11:25:52.0625 5808 PxHelp20 - ok
11:25:52.0640 5808 ql1080 - ok
11:25:52.0640 5808 Ql10wnt - ok
11:25:52.0656 5808 ql12160 - ok
11:25:52.0656 5808 ql1240 - ok
11:25:52.0671 5808 ql1280 - ok
11:25:52.0718 5808 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
11:25:52.0718 5808 RapportCerberus_34302 - ok
11:25:52.0750 5808 RapportEI (34992b59780a8a227a9eb54c97dc4608) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
11:25:52.0750 5808 RapportEI - ok
11:25:52.0812 5808 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
11:25:52.0812 5808 RapportIaso - ok
11:25:52.0828 5808 RapportKELL (a231b5552148ade82ed3dfba25919b75) C:\WINDOWS\system32\Drivers\RapportKELL.sys
11:25:52.0828 5808 RapportKELL - ok
11:25:52.0859 5808 RapportPG (060f8e34707d68178a564935ce4546eb) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
11:25:52.0859 5808 RapportPG - ok
11:25:52.0890 5808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:25:52.0890 5808 RasAcd - ok
11:25:52.0906 5808 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:25:52.0906 5808 Rasl2tp - ok
11:25:52.0921 5808 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:25:52.0921 5808 RasPppoe - ok
11:25:52.0921 5808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:25:52.0921 5808 Raspti - ok
11:25:52.0937 5808 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:25:52.0937 5808 Rdbss - ok
11:25:52.0953 5808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:25:52.0953 5808 RDPCDD - ok
11:25:52.0968 5808 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:25:52.0968 5808 rdpdr - ok
11:25:53.0015 5808 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:25:53.0015 5808 RDPWD - ok
11:25:53.0031 5808 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:25:53.0031 5808 redbook - ok
11:25:53.0093 5808 RTLE8023xp (1323ba3ca4e8d863eb00cd81c0aaf356) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
11:25:53.0093 5808 RTLE8023xp - ok
11:25:53.0140 5808 RTLTEAMING (7e2737d94433365cd576fe9c8534e1e8) C:\WINDOWS\system32\DRIVERS\RTLTEAMING.SYS
11:25:53.0156 5808 RTLTEAMING - ok
11:25:53.0187 5808 RTLVLAN (2b15cae2ce4f5a8a4d575b53a30cdf4c) C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS
11:25:53.0187 5808 RTLVLAN - ok
11:25:53.0250 5808 RtNdPt5x (37a00c2dc0f61073ad61182b4d6f1be7) C:\WINDOWS\system32\DRIVERS\RtNdPt5x.sys
11:25:53.0250 5808 RtNdPt5x - ok
11:25:53.0312 5808 SAVRT (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec AntiVirus\savrt.sys
11:25:53.0312 5808 SAVRT - ok
11:25:53.0328 5808 SAVRTPEL (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
11:25:53.0328 5808 SAVRTPEL - ok
11:25:53.0328 5808 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
11:25:53.0328 5808 sbp2port - ok
11:25:53.0359 5808 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:25:53.0359 5808 Secdrv - ok
11:25:53.0375 5808 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:25:53.0375 5808 serenum - ok
11:25:53.0375 5808 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:25:53.0390 5808 Serial - ok
11:25:53.0390 5808 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:25:53.0406 5808 Sfloppy - ok
11:25:53.0406 5808 Simbad - ok
11:25:53.0437 5808 smwdm (39f9595d2f6f7eb93f45a466789a6f49) C:\WINDOWS\system32\drivers\smwdm.sys
11:25:53.0437 5808 smwdm - ok
11:25:53.0500 5808 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
11:25:53.0500 5808 SONYPVU1 - ok
11:25:53.0500 5808 Sparrow - ok
11:25:53.0625 5808 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
11:25:53.0640 5808 SPBBCDrv - ok
11:25:53.0656 5808 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:25:53.0671 5808 splitter - ok
11:25:53.0734 5808 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
11:25:53.0750 5808 sptd - ok
11:25:53.0765 5808 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:25:53.0765 5808 sr - ok
11:25:53.0812 5808 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:25:53.0812 5808 Srv - ok
11:25:53.0843 5808 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
11:25:53.0843 5808 sscdbhk5 - ok
11:25:53.0859 5808 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
11:25:53.0859 5808 ssrtln - ok
11:25:53.0875 5808 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:25:53.0875 5808 swenum - ok
11:25:53.0890 5808 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:25:53.0906 5808 swmidi - ok
11:25:53.0906 5808 symc810 - ok
11:25:53.0921 5808 symc8xx - ok
11:25:53.0953 5808 SymEvent (b3f8b9eab2ebe205c0fe053fba951d8c) C:\Program Files\Symantec\SYMEVENT.SYS
11:25:53.0953 5808 SymEvent - ok
11:25:53.0984 5808 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
11:25:53.0984 5808 SYMREDRV - ok
11:25:54.0015 5808 symsnap (66918794b1701990be8510565fbd4bc4) C:\WINDOWS\system32\DRIVERS\symsnap.sys
11:25:54.0031 5808 symsnap - ok
11:25:54.0062 5808 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
11:25:54.0062 5808 SYMTDI - ok
11:25:54.0062 5808 sym_hi - ok
11:25:54.0078 5808 sym_u3 - ok
11:25:54.0109 5808 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:25:54.0109 5808 sysaudio - ok
11:25:54.0125 5808 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:25:54.0125 5808 Tcpip - ok
11:25:54.0140 5808 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:25:54.0140 5808 TDPIPE - ok
11:25:54.0171 5808 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:25:54.0171 5808 TDTCP - ok
11:25:54.0171 5808 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:25:54.0187 5808 TermDD - ok
11:25:54.0234 5808 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
11:25:54.0234 5808 tfsnboio - ok
11:25:54.0234 5808 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
11:25:54.0250 5808 tfsncofs - ok
11:25:54.0250 5808 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
11:25:54.0250 5808 tfsndrct - ok
11:25:54.0265 5808 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys
11:25:54.0265 5808 tfsndres - ok
11:25:54.0265 5808 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
11:25:54.0281 5808 tfsnifs - ok
11:25:54.0281 5808 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
11:25:54.0281 5808 tfsnopio - ok
11:25:54.0296 5808 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
11:25:54.0296 5808 tfsnpool - ok
11:25:54.0296 5808 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
11:25:54.0312 5808 tfsnudf - ok
11:25:54.0312 5808 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
11:25:54.0312 5808 tfsnudfa - ok
11:25:54.0328 5808 TosIde - ok
11:25:54.0359 5808 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:25:54.0375 5808 Udfs - ok
11:25:54.0375 5808 ultra - ok
11:25:54.0390 5808 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:25:54.0406 5808 Update - ok
11:25:54.0437 5808 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
11:25:54.0453 5808 usbaudio - ok
11:25:54.0484 5808 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:25:54.0500 5808 usbccgp - ok
11:25:54.0531 5808 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:25:54.0546 5808 usbehci - ok
11:25:54.0546 5808 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:25:54.0562 5808 usbhub - ok
11:25:54.0578 5808 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:25:54.0578 5808 usbprint - ok
11:25:54.0625 5808 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:25:54.0640 5808 USBSTOR - ok
11:25:54.0656 5808 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:25:54.0656 5808 usbuhci - ok
11:25:54.0687 5808 v2imount (b4d63048d6358e7c6ab61b98b8cff263) C:\WINDOWS\system32\DRIVERS\v2imount.sys
11:25:54.0687 5808 v2imount - ok
11:25:54.0687 5808 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:25:54.0703 5808 VgaSave - ok
11:25:54.0703 5808 ViaIde - ok
11:25:54.0718 5808 VMnetAdapter (fdfd74ab4d0f27b5d062c2a39cbb6d54) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
11:25:54.0718 5808 VMnetAdapter - ok
11:25:54.0734 5808 VMnetBridge (4ec4340134aaca930291a062a151cb2f) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
11:25:54.0750 5808 VMnetBridge - ok
11:25:54.0765 5808 VMnetuserif (4f8c0447012c550c4c6a6a0e27190fd4) C:\WINDOWS\System32\drivers\vmnetuserif.sys
11:25:54.0765 5808 VMnetuserif - ok
11:25:54.0781 5808 VMparport (2ed0bd037a7357045ccee0cf39c25fa4) C:\WINDOWS\System32\Drivers\VMparport.sys
11:25:54.0781 5808 VMparport - ok
11:25:54.0796 5808 vmusb (4bd6bd4aa4a1cde612cb5254e62ca718) C:\WINDOWS\system32\Drivers\vmusb.sys
11:25:54.0812 5808 vmusb - ok
11:25:54.0812 5808 vmx86 (868724102e6a3431836c681ccbc951e7) C:\WINDOWS\System32\Drivers\vmx86.sys
11:25:54.0828 5808 vmx86 - ok
11:25:54.0828 5808 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:25:54.0828 5808 VolSnap - ok
11:25:54.0843 5808 VProEventMonitor (e78781b2c86c92a0a738df566460f716) C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys
11:25:54.0843 5808 VProEventMonitor - ok
11:25:54.0859 5808 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:25:54.0859 5808 Wanarp - ok
11:25:54.0875 5808 WDICA - ok
11:25:54.0875 5808 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:25:54.0890 5808 wdmaud - ok
11:25:54.0921 5808 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
11:25:54.0921 5808 WimFltr - ok
11:25:54.0968 5808 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:25:54.0968 5808 WmiAcpi - ok
11:25:54.0984 5808 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:25:54.0984 5808 WS2IFSL - ok
11:25:55.0000 5808 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:25:55.0000 5808 WudfPf - ok
11:25:55.0031 5808 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:25:55.0031 5808 WudfRd - ok
11:25:55.0078 5808 xbreader (05a74d2be6f493c65d7221d1d0e8a23c) C:\WINDOWS\system32\Drivers\xbreader.sys
11:25:55.0078 5808 xbreader - ok
11:25:55.0093 5808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:25:55.0187 5808 \Device\Harddisk0\DR0 - ok
11:25:55.0187 5808 Boot (0x1200) (24fe4ba2c2b932c63998771ec78d35e5) \Device\Harddisk0\DR0\Partition0
11:25:55.0187 5808 \Device\Harddisk0\DR0\Partition0 - ok
11:25:55.0187 5808 ============================================================
11:25:55.0187 5808 Scan finished
11:25:55.0187 5808 ============================================================
11:25:55.0203 1344 Detected object count: 0
11:25:55.0203 1344 Actual detected object count: 0

aswMBR.txt:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-14 11:28:22
-----------------------------
11:28:22.484 OS Version: Windows 5.1.2600 Service Pack 3
11:28:22.484 Number of processors: 2 586 0x2A07
11:28:22.484 ComputerName: MK-9JVLJ5IT3WEO UserName:
11:28:23.609 Initialize success
11:31:02.703 AVAST engine defs: 12021401
11:36:31.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:36:31.906 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
11:36:31.921 Disk 0 MBR read successfully
11:36:31.921 Disk 0 MBR scan
11:36:31.953 Disk 0 Windows XP default MBR code
11:36:31.953 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 63
11:36:31.953 Disk 0 scanning sectors +1953520065
11:36:32.046 Disk 0 scanning C:\WINDOWS\system32\drivers
11:36:47.125 Service scanning
11:36:48.328 Modules scanning
11:37:02.671 Disk 0 trace - called modules:
11:37:02.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:37:02.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b630ab8]
11:37:02.703 3 CLASSPNP.SYS[b9908fd7] -> nt!IofCallDriver -> \Device\0000008f[0x8b6bbf18]
11:37:02.703 5 ACPI.sys[b977f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b651940]
11:37:03.765 AVAST engine scan C:\WINDOWS
11:37:18.671 AVAST engine scan C:\WINDOWS\system32
11:39:55.718 AVAST engine scan C:\WINDOWS\system32\drivers
11:40:20.890 AVAST engine scan C:\Documents and Settings\Michael Kydonieus
11:44:49.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michael Kydonieus\Desktop\MBR.dat"
11:44:49.781 The log file has been saved successfully to "C:\Documents and Settings\Michael Kydonieus\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:16 PM

Posted 14 February 2012 - 04:47 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
c:\program files\uTorrentBar

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 pompous

pompous
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 14 February 2012 - 11:49 PM

Nothing new to report -- my computer is behaving, for now.

Here's the report from Combo-Fix:

ComboFix 12-02-13.01 - Michael Kydonieus 02/14/2012 19:20:17.18.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2108 [GMT -8:00]
Running from: c:\documents and settings\Michael Kydonieus\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Michael Kydonieus\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\uTorrentBar
c:\program files\uTorrentBar\GottenAppsContextMenu.xml
c:\program files\uTorrentBar\INSTALL.LOG
c:\program files\uTorrentBar\ldrtbuTo0.dll
c:\program files\uTorrentBar\ldrtbuTo2.dll
c:\program files\uTorrentBar\OtherAppsContextMenu.xml
c:\program files\uTorrentBar\prxtbuTo0.dll
c:\program files\uTorrentBar\prxtbuTo2.dll
c:\program files\uTorrentBar\SharedAppsContextMenu.xml
c:\program files\uTorrentBar\tbuTo0.dll
c:\program files\uTorrentBar\tbuTo1.dll
c:\program files\uTorrentBar\tbuTo2.dll
c:\program files\uTorrentBar\tbuTor.dll
c:\program files\uTorrentBar\toolbar.cfg
c:\program files\uTorrentBar\ToolbarContextMenu.xml
c:\program files\uTorrentBar\uninstall.exe
c:\program files\uTorrentBar\UNWISE.EXE
c:\program files\uTorrentBar\uTorrentBarToolbarHelper.exe
c:\program files\uTorrentBar\uTorrentBarToolbarHelper1.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-15 to 2012-02-15 )))))))))))))))))))))))))))))))
.
.
2012-02-14 21:14 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-14 21:14 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-13 22:48 . 2012-02-13 22:48 -------- d-----w- c:\program files\DVD Decrypter
2012-02-13 16:20 . 2012-02-13 16:30 -------- d-----w- C:\Combo-Fix4589C
2012-02-13 16:00 . 2012-02-13 16:00 -------- d-----w- C:\Combo-Fix16179C
2012-02-13 15:55 . 2012-02-13 15:55 -------- d-----w- C:\Combo-Fix32761C
2012-02-02 21:34 . 2012-02-02 21:52 -------- d-----w- c:\program files\FairUse Wizard 2
2012-01-25 18:16 . 2012-01-25 18:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-01-20 17:46 . 2012-01-20 17:47 -------- d-----w- C:\Combo-Fix5381C
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2003-07-16 16:45 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2003-07-16 16:45 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2003-07-16 16:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2003-07-16 16:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2011-12-04 22:27 . 2011-05-29 22:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2003-07-16 16:45 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-21 10:47 . 2011-12-09 10:11 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{A2ABB67E-53A2-49C2-AC6F-76C30006C68A}\mpengine.dll
2011-11-21 10:47 . 2006-05-08 04:57 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-11-18 12:35 . 2003-07-16 16:34 60416 ----a-w- c:\windows\system32\packager.exe
2012-02-02 23:12 . 2011-05-01 21:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-25_22.39.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-14 22:57 . 2012-02-14 22:57 16384 c:\windows\Temp\Perflib_Perfdata_f44.dat
+ 2012-02-15 03:33 . 2012-02-15 03:33 16384 c:\windows\Temp\Perflib_Perfdata_ea8.dat
+ 2012-02-15 03:33 . 2012-02-15 03:33 16384 c:\windows\Temp\Perflib_Perfdata_dd8.dat
+ 2012-02-15 03:32 . 2012-02-15 03:32 16384 c:\windows\Temp\Perflib_Perfdata_cd4.dat
+ 2012-02-15 03:31 . 2012-02-15 03:31 16384 c:\windows\Temp\Perflib_Perfdata_9f4.dat
+ 2012-02-15 03:31 . 2012-02-15 03:31 16384 c:\windows\Temp\Perflib_Perfdata_9d8.dat
+ 2012-02-15 03:20 . 2012-02-15 03:20 16384 c:\windows\Temp\Perflib_Perfdata_10f8.dat
+ 2003-07-16 16:35 . 2012-02-14 22:20 73792 c:\windows\system32\perfc009.dat
- 2003-07-16 16:35 . 2012-01-20 04:25 73792 c:\windows\system32\perfc009.dat
- 2003-07-16 16:30 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
+ 2003-07-16 16:30 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll
+ 2006-11-08 05:03 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
- 2006-11-08 05:03 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
+ 2003-07-16 16:25 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
- 2003-07-16 16:25 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-25 01:56 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-25 01:56 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
- 2010-10-14 00:22 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-10-14 00:22 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-09 08:41 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-09 08:41 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-10-14 00:22 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2010-10-14 00:22 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2003-07-16 16:25 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2003-07-16 16:25 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2005-09-12 02:01 . 2012-02-14 22:16 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-09-12 02:01 . 2012-01-20 04:21 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-09-12 02:01 . 2012-01-20 04:21 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2005-09-12 02:01 . 2012-02-14 22:16 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2005-09-12 02:01 . 2012-02-14 22:16 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-09-12 02:01 . 2012-01-20 04:21 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-09-12 02:01 . 2012-01-20 04:21 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2005-09-12 02:01 . 2012-02-14 22:16 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-09-12 02:01 . 2012-01-20 04:21 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2005-09-12 02:01 . 2012-02-14 22:16 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-06-04 10:01 . 2012-02-14 22:16 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-04 10:01 . 2011-10-13 10:08 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-02-14 22:16 . 2011-11-04 19:20 12800 c:\windows\ie8updates\KB2647516-IE8\xpshims.dll
+ 2012-02-14 22:16 . 2011-11-04 19:20 66560 c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll
+ 2012-02-14 22:16 . 2011-11-04 19:20 55296 c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll
+ 2012-02-14 22:16 . 2011-11-04 19:20 43520 c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll
+ 2012-02-14 22:16 . 2011-11-04 19:20 25600 c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-14 22:21 . 2012-02-14 22:21 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3aa4296d4aa01fe0533de2c15f818d5f\PresentationFontCache.ni.exe
+ 2012-02-14 22:20 . 2012-02-14 22:20 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\820acb71782d9cd006800b3ac7e1ca53\PresentationCFFRasterizer.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2005-09-12 02:01 . 2012-01-20 04:21 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-09-12 02:01 . 2012-02-14 22:16 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-02-05 20:33 . 2012-01-31 18:04 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStopShortcut.exe
- 2011-02-05 20:33 . 2011-12-25 21:29 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStopShortcut.exe
- 2011-02-05 20:33 . 2011-12-25 21:29 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStartShortcut.exe
+ 2011-02-05 20:33 . 2012-01-31 18:04 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStartShortcut.exe
- 2011-02-05 20:33 . 2011-12-25 21:29 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceConsoleShortcut.exe
+ 2011-02-05 20:33 . 2012-01-31 18:04 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceConsoleShortcut.exe
+ 2012-02-14 22:20 . 2012-02-14 22:20 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-01-20 04:24 . 2012-01-20 04:24 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2003-07-16 16:43 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
+ 2003-07-16 16:43 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll
- 2003-07-16 16:35 . 2012-01-20 04:25 447516 c:\windows\system32\perfh009.dat
+ 2003-07-16 16:35 . 2012-02-14 22:20 447516 c:\windows\system32\perfh009.dat
+ 2003-07-16 16:34 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll
- 2003-07-16 16:34 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
+ 2003-07-16 16:31 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll
- 2003-07-16 16:31 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
- 2006-11-08 05:03 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
+ 2006-11-08 05:03 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll
- 2005-02-18 20:43 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
+ 2005-02-18 20:43 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll
+ 2003-07-16 16:24 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll
- 2003-07-16 16:24 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
+ 2003-07-16 16:24 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe
- 2003-07-16 16:24 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
- 2003-07-16 16:45 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
+ 2003-07-16 16:45 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll
- 2011-08-10 05:05 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
+ 2011-08-10 05:05 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll
- 2003-07-16 16:34 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
+ 2003-07-16 16:34 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll
+ 2010-03-31 03:57 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll
- 2010-03-31 03:57 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-05-09 08:41 . 2011-12-17 19:46 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2007-05-09 08:41 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2009-06-25 01:56 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-25 01:56 . 2011-12-17 19:46 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2005-02-18 20:43 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll
- 2005-02-18 20:43 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-11 04:52 . 2011-12-17 19:46 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-11 04:52 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2003-07-16 16:24 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2003-07-16 16:24 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2003-07-16 16:24 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2003-07-16 16:24 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-10-24 06:00 . 2012-02-15 03:30 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-10-24 06:00 . 2012-01-21 04:00 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2005-09-12 02:01 . 2012-01-20 04:21 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-09-12 02:01 . 2012-02-14 22:16 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-09-12 02:01 . 2012-01-20 04:21 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2005-09-12 02:01 . 2012-02-14 22:16 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2005-09-12 02:01 . 2012-02-14 22:16 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2005-09-12 02:01 . 2012-01-20 04:21 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2005-09-12 02:01 . 2012-01-20 04:21 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-09-12 02:01 . 2012-02-14 22:16 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2005-09-12 02:01 . 2012-01-20 04:21 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2005-09-12 02:01 . 2012-02-14 22:16 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2005-09-12 02:01 . 2012-02-14 22:16 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2005-09-12 02:01 . 2012-01-20 04:21 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2012-02-14 22:16 . 2011-11-04 19:20 916992 c:\windows\ie8updates\KB2647516-IE8\wininet.dll
+ 2012-02-14 22:16 . 2011-11-04 19:20 105984 c:\windows\ie8updates\KB2647516-IE8\url.dll
+ 2012-02-14 22:17 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2647516-IE8\spuninst\updspapi.dll
+ 2012-02-14 22:17 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2647516-IE8\spuninst\spuninst.exe
+ 2012-02-14 22:16 . 2011-11-04 19:20 206848 c:\windows\ie8updates\KB2647516-IE8\occache.dll
+ 2012-02-14 22:16 . 2011-11-04 19:20 611840 c:\windows\ie8updates\KB2647516-IE8\mstime.dll
+ 2012-02-14 22:16 . 2011-11-04 19:20 602112 c:\windows\ie8updates\KB2647516-IE8\msfeeds.dll
+ 2012-02-14 22:16 . 2011-11-04 19:20 247808 c:\windows\ie8updates\KB2647516-IE8\ieproxy.dll
+ 2012-02-14 22:16 . 2011-11-04 19:20 184320 c:\windows\ie8updates\KB2647516-IE8\iepeers.dll
+ 2012-02-14 22:16 . 2011-11-04 19:20 743424 c:\windows\ie8updates\KB2647516-IE8\iedvtool.dll
+ 2012-02-14 22:16 . 2011-11-04 19:20 387584 c:\windows\ie8updates\KB2647516-IE8\iedkcs32.dll
+ 2012-02-14 22:16 . 2011-11-04 11:24 174080 c:\windows\ie8updates\KB2647516-IE8\ie4uinit.exe
+ 2012-01-20 04:24 . 2012-01-20 04:24 626688 c:\windows\assembly\temp\5BFJNRVZ38\System.Drawing.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\edc5691acfb65ac37f49de2ec497083a\WsatConfig.ni.exe
+ 2012-02-14 22:21 . 2012-02-14 22:21 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4ad8369d6a60765d7e9b43cdf9023f41\WindowsFormsIntegration.ni.dll
+ 2012-02-14 22:21 . 2012-02-14 22:21 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\68f4157e570c77df653057c0583395bd\UIAutomationClient.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc63b434b2f253cd27625487f7b02ac0\System.Web.Routing.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\86650d4fb220f94f25bb5da42a03d454\System.Web.Extensions.Design.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\654465871e547e131668874de7c60b8c\System.Web.Entity.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f0d6895f6e709d425cb5da6053c603d2\System.Web.Entity.Design.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3f3b7dc7208e302e39a2dfb5b2cb953b\System.Web.DynamicData.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1335dd98ce5ce22ad1f51cc274ca5a1d\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a4b2b1ee81acd843970d9a81b281f1c1\System.Net.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e3436edde657a5111d39d5b2eecf9715\System.Management.Instrumentation.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\974ded7dd3bca225a1b90de778846c78\System.IO.Log.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\01eba24390736a59c39becd825b5756e\System.IdentityModel.Selectors.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
+ 2012-02-14 22:21 . 2012-02-14 22:21 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e9ae7ae6d1e9edc7aaf819889cd1c692\System.Drawing.Design.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\78a370dc153011708dd9e4cb0e606bfc\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6e644fc7464d9fe23fc9cd6001296f2f\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bac39be66bb9f987c1948b766833f8e6\System.Data.Services.Client.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\2b5ecd231320e57010043c408783d80b\System.Data.Services.Design.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\4ac9ac2326720485aefd4d79d2024945\System.Data.Entity.Design.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\d504d550fd0a6994fcb1466ea7be92af\System.Data.DataSetExtensions.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\28637135c6939e74450bbbf110b12643\System.Configuration.Install.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\958b5c0114d664ab5ba72575c301e2ea\System.AddIn.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4dcff3b0e79fc27e31549bb2af00efb5\SMSvcHost.ni.exe
+ 2012-02-14 22:23 . 2012-02-14 22:23 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\edec83be646eb52204c991371751a428\ServiceModelReg.ni.exe
+ 2012-02-14 22:21 . 2012-02-14 22:21 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\52015457bc28e7a9a563d9eab8ab0015\PresentationFramework.Royale.ni.dll
+ 2012-02-14 22:21 . 2012-02-14 22:21 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\46a680814559114706a33282e9df4b7a\PresentationFramework.Classic.ni.dll
+ 2012-02-14 22:21 . 2012-02-14 22:21 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2713754549b1114c9152d33efe5f72c7\PresentationFramework.Aero.ni.dll
+ 2012-02-14 22:21 . 2012-02-14 22:21 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7c51497b188c82e2ccbe6315549ce023\MSBuild.ni.exe
+ 2012-02-14 22:23 . 2012-02-14 22:23 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f0f6dd614d294295c5d8386cc4192034\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fd1338828beec8737fed8f50f4fcc567\Microsoft.Build.Utilities.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\0d5f999c4b7e51151548c37c676c1b8e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\792168ce8fe03a3db43e12cf736cf91e\Microsoft.Build.Engine.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0a5277c34ddc1f55df1defb4231e814f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a8df37aadb089f1f34d3d2f103966fbc\ComSvcConfig.ni.exe
+ 2012-02-14 22:23 . 2012-02-14 22:23 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\25ce400b547f517258c8afb0480390ea\AspNetMMCExt.ni.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-20 04:24 . 2012-02-14 22:20 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2003-07-16 16:43 . 2011-12-17 19:46 1212416 c:\windows\system32\urlmon.dll
- 2003-07-16 16:43 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
+ 2005-07-18 23:22 . 2011-12-17 19:46 5979136 c:\windows\system32\mshtml.dll
- 2006-10-17 19:57 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
+ 2006-10-17 19:57 . 2011-12-17 19:46 2000384 c:\windows\system32\iertutil.dll
+ 2009-10-23 20:15 . 2012-02-14 22:55 3681944 c:\windows\system32\FNTCACHE.DAT
- 2009-10-23 20:15 . 2011-12-15 11:26 3681944 c:\windows\system32\FNTCACHE.DAT
+ 2003-07-16 16:45 . 2012-01-12 16:53 1859968 c:\windows\system32\dllcache\win32k.sys
+ 2003-07-16 16:43 . 2011-12-17 19:46 1212416 c:\windows\system32\dllcache\urlmon.dll
- 2003-07-16 16:43 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2005-07-18 23:22 . 2011-12-17 19:46 5979136 c:\windows\system32\dllcache\mshtml.dll
- 2007-05-09 08:41 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2007-05-09 08:41 . 2011-12-17 19:46 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-10-26 11:39 . 2011-10-26 11:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-10-31 06:54 . 2011-10-31 06:54 2748416 c:\windows\Installer\aae037.msp
+ 2012-01-25 22:55 . 2012-01-25 22:55 5520384 c:\windows\Installer\aae026.msp
+ 2012-01-30 16:27 . 2012-01-30 16:27 3947520 c:\windows\Installer\60f17.msi
+ 2012-01-31 18:04 . 2012-01-31 18:04 1409024 c:\windows\Installer\14280.msi
+ 2012-02-14 22:16 . 2011-11-04 19:20 1212416 c:\windows\ie8updates\KB2647516-IE8\urlmon.dll
+ 2012-02-14 22:16 . 2011-11-04 19:20 5978112 c:\windows\ie8updates\KB2647516-IE8\mshtml.dll
+ 2012-02-14 22:16 . 2011-11-04 19:20 2000384 c:\windows\ie8updates\KB2647516-IE8\iertutil.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
+ 2012-02-14 22:21 . 2012-02-14 22:21 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\94f5164ff4f664c5e4e7fb4c3af1abad\UIAutomationClientsideProviders.ni.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
+ 2012-02-14 22:21 . 2012-02-14 22:21 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c4c671c737b553db8e07664816475333\System.WorkflowServices.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\248ea47105ff4af6ee75e6fdd5b450a1\System.Workflow.Runtime.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\80a288b6611668160334668cc2608e4a\System.Workflow.ComponentModel.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4c27548df5897320840ee0d65db38742\System.Workflow.Activities.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\030cde14924eefebc06c240dbfe093a4\System.Web.Mobile.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6379c8ca8ae11effb415139990923ff1\System.Web.Extensions.ni.dll
+ 2012-02-14 22:21 . 2012-02-14 22:21 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e456140d5d6c43d7383bd36d3f9e12c6\System.Speech.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\285dfbf2380436e187cb624bd1cd4683\System.ServiceModel.Web.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
+ 2012-02-14 22:21 . 2012-02-14 22:21 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d51e6bb07124a1d780d1e024858e0dc1\System.Printing.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\8ef05061cd205c4f2a8583d97f32a603\System.IdentityModel.ni.dll
+ 2012-02-14 22:21 . 2012-02-14 22:21 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77d0e93f024055d04c07cc2700b4c590\System.DirectoryServices.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\707a05a7d5a8d99dd56d1d50311a60d2\System.Deployment.ni.dll
+ 2012-02-14 22:21 . 2012-02-14 22:21 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\857300fa64d09c69125451fd8894f3da\System.Data.SqlXml.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e9d4a1fb13572c769ddd9b86e55baab4\System.Data.Services.ni.dll
+ 2012-02-14 22:21 . 2012-02-14 22:21 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3d9c33f71d15a3e2e240092a244eba3\System.Data.Linq.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\424160369b301ccd1b6fd86265611955\System.Data.Entity.ni.dll
+ 2012-02-14 22:21 . 2012-02-14 22:21 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
+ 2012-02-14 22:21 . 2012-02-14 22:21 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\33cdfb4c322a528260016ac759230501\ReachFramework.ni.dll
+ 2012-02-14 22:21 . 2012-02-14 22:21 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a6def83aee1aaf3336675ce58ac09013\PresentationUI.ni.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\59cd6ce5a254006179eee92952cd2272\PresentationBuildTasks.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f7071f9a1c0523540f6aa7f11c302fb6\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\806b1d127ed3e906db972751e87585c4\Microsoft.JScript.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\912789fd859e0887e10a935cade08e72\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6c1d3eec78906cc2a2ecffb013114c50\Microsoft.Build.Tasks.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d6edd4b4619a9052d3dfe50c3067d5e0\Microsoft.Build.Engine.ni.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-02-14 22:20 . 2012-02-14 22:20 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-20 04:24 . 2012-01-20 04:24 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-20 04:24 . 2012-02-14 22:20 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2005-09-13 00:52 . 2012-02-14 22:17 52550552 c:\windows\system32\MRT.exe
+ 2006-11-08 05:03 . 2011-12-18 22:46 11082240 c:\windows\system32\ieframe.dll
+ 2007-05-09 08:41 . 2011-12-18 22:46 11082240 c:\windows\system32\dllcache\ieframe.dll
+ 2012-02-14 22:16 . 2012-02-14 22:16 20333056 c:\windows\Installer\aae031.msp
+ 2012-01-30 16:04 . 2012-01-30 16:04 18024960 c:\windows\Installer\17d68.msi
+ 2012-02-14 22:16 . 2011-11-04 19:20 11081728 c:\windows\ie8updates\KB2647516-IE8\ieframe.dll
+ 2012-02-14 22:21 . 2012-02-14 22:21 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll
+ 2012-02-14 22:21 . 2012-02-14 22:21 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c8f8fb506c32500acc1b6190d054f26\System.Design.ni.dll
+ 2012-02-14 22:21 . 2012-02-14 22:21 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll
+ 2012-02-14 22:21 . 2012-02-14 22:21 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" [BU]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-05 399736]
"HDDHealth"="c:\program files\HDD Health\HDDHealth.exe" [2008-06-15 1692672]
"ALLUpdate"="c:\program files\OpenSubtitlesPlayer\ALLUpdate.exe" [2011-02-27 1022464]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"CTHelper"="CTHELPER.EXE" [2010-03-19 19456]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-16 19722344]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-02 142360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-02 182296]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-02 166424]
"ASUS Ai Charger"="c:\program files\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-10-19 465536]
"ASUS AI Suite II Execute"="c:\program files\ASUS\AI Suite II\AsRoutineController.exe" [2010-11-27 2931328]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-04 06:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 23:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 14.0]
2008-05-08 00:13 2245984 ----a-w- c:\program files\Norton Ghost\Agent\VProTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-26 05:31 198160 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2010-07-21 07:52 1167296 ----a-w- c:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Michael Kydonieus\\Desktop\\CommonFiles\\Java\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ASUS\\AI Suite II\\AI Suite II.exe"=
.
R0 AiCharger;ASUS Charger Driver;c:\windows\system32\drivers\AiCharger.sys [8/22/2011 5:31 PM 13440]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [1/25/2012 10:16 AM 56208]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [8/22/2011 5:34 PM 11832]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [12/15/2011 9:10 AM 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [1/25/2012 10:16 AM 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [1/25/2012 10:16 AM 164112]
R2 asComSvc;ASUS Com Service;c:\program files\ASUS\AXSP\1.00.13\atkexComSvc.exe [8/22/2011 5:32 PM 918144]
R2 asHmComSvc;ASUS HM Com Service;c:\program files\ASUS\AAHM\1.00.13\aaHMSvc.exe [8/22/2011 5:32 PM 915584]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [8/22/2011 5:33 PM 586880]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [3/5/2010 9:15 AM 235752]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [1/25/2012 10:16 AM 931640]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [8/22/2011 5:29 PM 27424]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [8/22/2011 5:27 PM 2656280]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [8/27/2011 1:20 PM 101904]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [8/22/2011 5:27 PM 41088]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/2/2009 8:33 PM 47360]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 4:13 PM 1558000]
S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [7/16/2003 8:21 AM 5120]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/22/2011 5:22 PM 1691480]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/16/2010 11:20 AM 79360]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [8/22/2011 5:29 PM 34208]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [8/22/2011 5:29 PM 17664]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 12:30 PM 124608]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/2/2001 10:53 PM 19677]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/6/2010 12:47 PM 691696]
S4 Swe8ffar;Swe8ffar;c:\windows\system32\drivers\fips.sys [7/16/2003 8:22 AM 44544]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - EraserUtilDrvI13
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2012-02-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
2012-02-14 c:\windows\Tasks\User_Feed_Synchronization-{22D1F4A4-13E9-4094-8CD3-355F70D8288C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fsearch.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Michael Kydonieus\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: skillport.com
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Michael Kydonieus\Application Data\Mozilla\Firefox\Profiles\zlzl3n6p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\uTorrentBar\prxtbuTo2.dll
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\uTorrentBar\prxtbuTo2.dll
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - c:\program files\uTorrentBar\prxtbuTo2.dll
AddRemove-uTorrentBar Toolbar - c:\program files\uTorrentBar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-14 19:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(440)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\ATL.DLL
.
- - - - - - - > 'explorer.exe'(5360)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec\Ghost\ngserver.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\CTHELPER.EXE
c:\program files\Analog Devices\SoundMAX\spkrmon.exe
c:\windows\RTHDCPL.EXE
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\System32\vmnat.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\System32\vmnetdhcp.exe
c:\program files\Symantec\Ghost\bin\dbserv.exe
c:\program files\Symantec\Ghost\bin\rteng7.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2012-02-14 19:38:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-15 03:38
ComboFix2.txt 2012-02-13 16:30
ComboFix3.txt 2012-01-25 22:40
ComboFix4.txt 2012-01-01 06:50
ComboFix5.txt 2012-02-15 03:18
.
Pre-Run: 57,370,693,632 bytes free
Post-Run: 57,339,256,832 bytes free
.
- - End Of File - - 4AA8C88EAEE7176DDF5144E85F69128E

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:16 PM

Posted 15 February 2012 - 08:12 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

ĶTorrent
Adobe Reader 9.5.0
eMule
Java™ 6 Update 24
uTorrentBar Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshopģ Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshopģ Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 pompous

pompous
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 17 February 2012 - 12:04 PM

Hello, Gringo.

I have had more adventures.

My computer got reinfected, I think from a website I was visiting. Symantec Antivirus caught the following: bvc.exe.vir (Fake Cloud AV2A2), Trojan.gen (CTNEXE~1.VIR), Trojan.gen (AFDYS~1.VIR), and Trojan.gen (MRXSMB~1.VIR).

This really bugged me because I can't just stop browsing the web. So I did a little research and discovered a neat little program: Sandboxie. Sandboxie isolates whatever program you run in it, walling it off from the rest of your computer. When you're done with Sandboxie and the program you're running (such as a browser), you delete whatever you did, including any nasty viruses you might have picked up. In theory, anyway.

I'll be using Sandboxie from now on whenever I go to an unfamiliar site so maybe I won't have problems as often in the future.

To deal with the reinfestation, I ran through what we've already done: Combofix, TDSSKiller, aswMBR, Combofix again, TFC, and Malwarebytes, followed by HijackThis

Anyway, here are the logs you asked for:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.16.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michael Kydonieus :: MK-9JVLJ5IT3WEO [administrator]

2/17/2012 7:07:59 AM
mbam-log-2012-02-17 (07-07-59).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 587978
Time elapsed: 1 hour(s), 30 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:48:29 AM, on 2/17/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files\ASUS\AAHM\1.00.13\aaHMSvc.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Ghost\ngserver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\System32\vmnat.exe
C:\WINDOWS\System32\vmnetdhcp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files\Symantec\Ghost\bin\dbserv.exe
C:\Program Files\Symantec\Ghost\bin\rteng7.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fsearch.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ASUS Ai Charger] C:\Program Files\ASUS\ASUS Ai Charger\AiChargerAP.exe
O4 - HKLM\..\Run: [ASUS AI Suite II Execute] C:\Program Files\ASUS\AI Suite II\AsRoutineController.exe -open
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\HDDHealth.exe -wl
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Michael Kydonieus\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.skillport.com
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files\ASUS\AXSP\1.00.13\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files\ASUS\AAHM\1.00.13\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngserver.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe

--
End of file - 15535 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:16 PM

Posted 18 February 2012 - 12:21 AM

Hello

also in IE there is a little used feature called "inprivate browsing" under safety that almost does the same thing


I would like to see the last combofix run (to see if there is any left overs)


  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\ComboFix.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 pompous

pompous
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 18 February 2012 - 01:21 AM

Here you go:

ComboFix 12-02-13.01 - Michael Kydonieus 02/16/2012 12:42:04.19.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2137 [GMT -8:00]
Running from: c:\documents and settings\Michael Kydonieus\Desktop\Combo-Fix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-16 17:31 . 2012-02-16 17:31 -------- d-----r- C:\Sandbox
2012-02-16 17:30 . 2012-02-16 17:30 -------- d-----w- c:\program files\Sandboxie
2012-02-16 03:04 . 2012-02-16 03:04 -------- d-----w- c:\program files\Foxit Software
2012-02-16 02:59 . 2012-02-16 02:59 -------- d-----w- c:\program files\Common Files\Java
2012-02-16 02:58 . 2012-02-16 02:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-15 03:18 . 2012-02-15 03:38 -------- d-----w- C:\Combo-Fix28805C
2012-02-14 21:14 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-14 21:14 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-13 22:48 . 2012-02-13 22:48 -------- d-----w- c:\program files\DVD Decrypter
2012-02-13 16:20 . 2012-02-13 16:30 -------- d-----w- C:\Combo-Fix4589C
2012-02-13 16:00 . 2012-02-13 16:00 -------- d-----w- C:\Combo-Fix16179C
2012-02-13 15:55 . 2012-02-13 15:55 -------- d-----w- C:\Combo-Fix32761C
2012-02-02 21:34 . 2012-02-02 21:52 -------- d-----w- c:\program files\FairUse Wizard 2
2012-01-25 18:16 . 2012-01-25 18:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-01-20 17:46 . 2012-01-20 17:47 -------- d-----w- C:\Combo-Fix5381C
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 02:58 . 2011-02-18 17:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 16:53 . 2003-07-16 16:45 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2003-07-16 16:45 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2003-07-16 16:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2003-07-16 16:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2011-12-10 23:24 . 2010-06-18 16:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 22:27 . 2011-05-29 22:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2003-07-16 16:45 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-21 10:47 . 2011-12-09 10:11 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{A2ABB67E-53A2-49C2-AC6F-76C30006C68A}\mpengine.dll
2011-11-21 10:47 . 2006-05-08 04:57 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-02-15 23:50 . 2011-05-01 21:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-15_03.31.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-16 17:28 . 2012-02-16 17:28 16384 c:\windows\Temp\Perflib_Perfdata_e54.dat
+ 2012-02-16 17:27 . 2012-02-16 17:27 16384 c:\windows\Temp\Perflib_Perfdata_ab8.dat
+ 2012-02-16 17:28 . 2012-02-16 17:28 16384 c:\windows\Temp\Perflib_Perfdata_498.dat
+ 2012-02-16 02:58 . 2012-02-16 02:58 157472 c:\windows\system32\javaws.exe
- 2011-02-18 17:28 . 2011-02-18 17:28 157472 c:\windows\system32\javaws.exe
+ 2012-02-16 02:58 . 2012-02-16 02:58 149280 c:\windows\system32\javaw.exe
+ 2012-02-16 02:58 . 2012-02-16 02:58 149280 c:\windows\system32\java.exe
+ 2009-10-24 06:53 . 2007-12-21 00:13 136416 c:\windows\system32\drivers\symsnap.sys
- 2009-10-24 06:00 . 2012-02-15 03:30 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-10-24 06:00 . 2012-02-16 17:26 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2012-02-16 02:59 . 2012-02-16 02:59 203776 c:\windows\Installer\443f4.msi
+ 2012-02-16 02:58 . 2012-02-16 02:58 901120 c:\windows\Installer\443ef.msi
+ 2012-02-16 17:30 . 2012-02-16 17:30 1002144 c:\windows\Installer\SandboxieInstall32.exe
+ 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\45f294f.msi
+ 2012-01-03 17:44 . 2012-01-03 17:44 15929344 c:\windows\Installer\45f2950.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" [BU]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-05 399736]
"HDDHealth"="c:\program files\HDD Health\HDDHealth.exe" [2008-06-15 1692672]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-02-07 451856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"CTHelper"="CTHELPER.EXE" [2010-03-19 19456]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-16 19722344]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-02 142360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-02 182296]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-02 166424]
"ASUS Ai Charger"="c:\program files\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-10-19 465536]
"ASUS AI Suite II Execute"="c:\program files\ASUS\AI Suite II\AsRoutineController.exe" [2010-11-27 2931328]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 23:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-26 05:31 198160 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2010-07-21 07:52 1167296 ----a-w- c:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Michael Kydonieus\\Desktop\\CommonFiles\\Java\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ASUS\\AI Suite II\\AI Suite II.exe"=
.
R0 AiCharger;ASUS Charger Driver;c:\windows\system32\drivers\AiCharger.sys [8/22/2011 5:31 PM 13440]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [1/25/2012 10:16 AM 56208]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [8/22/2011 5:34 PM 11832]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [12/15/2011 9:10 AM 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [1/25/2012 10:16 AM 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [1/25/2012 10:16 AM 164112]
R2 asComSvc;ASUS Com Service;c:\program files\ASUS\AXSP\1.00.13\atkexComSvc.exe [8/22/2011 5:32 PM 918144]
R2 asHmComSvc;ASUS HM Com Service;c:\program files\ASUS\AAHM\1.00.13\aaHMSvc.exe [8/22/2011 5:32 PM 915584]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [8/22/2011 5:33 PM 586880]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [3/5/2010 9:15 AM 235752]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [1/25/2012 10:16 AM 931640]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [8/22/2011 5:29 PM 27424]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [8/22/2011 5:27 PM 2656280]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [8/27/2011 1:20 PM 101904]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [8/22/2011 5:27 PM 41088]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/2/2009 8:33 PM 47360]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [8/7/2011 7:44 AM 21520]
S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [7/16/2003 8:21 AM 5120]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/22/2011 5:22 PM 1691480]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/16/2010 11:20 AM 79360]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [8/22/2011 5:29 PM 34208]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [8/22/2011 5:29 PM 17664]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 12:30 PM 124608]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/2/2001 10:53 PM 19677]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/6/2010 12:47 PM 691696]
S4 Swe8ffar;Swe8ffar;c:\windows\system32\drivers\fips.sys [7/16/2003 8:22 AM 44544]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SBIEDRV
*NewlyCreated* - SBIESVC
*Deregistered* - EraserUtilDrvI13
*Deregistered* - EraserUtilRebootDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2012-02-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
2012-02-15 c:\windows\Tasks\User_Feed_Synchronization-{22D1F4A4-13E9-4094-8CD3-355F70D8288C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fsearch.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Michael Kydonieus\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: skillport.com
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Michael Kydonieus\Application Data\Mozilla\Firefox\Profiles\zlzl3n6p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
.
------- File Associations -------
.
.txt=GetDiz.TextFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ALLUpdate - c:\program files\OpenSubtitlesPlayer\ALLUpdate.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Norton Ghost 14 - c:\program files\Norton Ghost\Agent\VProTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-16 12:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(5920)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-16 12:49:41
ComboFix-quarantined-files.txt 2012-02-16 20:49
ComboFix2.txt 2012-02-15 03:38
ComboFix3.txt 2012-02-13 16:30
ComboFix4.txt 2012-01-25 22:40
ComboFix5.txt 2012-02-16 20:41
.
Pre-Run: 89,158,639,616 bytes free
Post-Run: 89,118,826,496 bytes free
.
- - End Of File - - 4F2C8BC72B51674BC03259E231DC50ED

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:16 PM

Posted 18 February 2012 - 01:34 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
      O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 pompous

pompous
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 18 February 2012 - 02:43 PM

Hi, Gringo.

Thinning out the startup programs via HijackThis went fine.

However, Eset Online Scanner is taking forever. It's been going for 45 minutes so far and has found one adware program, OpenCandy. It makes me a little nervous since I have to shut down my antivirus monitoring program while I run Eset.

Should I just let it run?

4:05 p.m. - Eset Online Scanner is still running at 5 1/2 hours. At some point, Symantec Antivirus kicked back in (it automatically does that from time to time) and caught the following viruses: FakeCloudAV2012 (A0728598.exe), TrojanGen (072817.sys), TrojanGen (0867552.sys), and TrojanGen (0867600.exe).

Eset has caught the following:

1) a variant of Win32/Kryptik.XCZ trojan
2) Win32/Adware.Toolbar Dealio Application
3) a variant of Win32/Toolbar.Widgi application
4) Win32 OpenCandy application

By the way, I have a question. Once the scan starts running, do I still need to be connected to the Internet? I'd feel a lot safer if I wasn't.

Edited by pompous, 18 February 2012 - 07:20 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:16 PM

Posted 18 February 2012 - 09:38 PM

it is best to be connected (never tried to disconnect once it has started)

when the scan is complete let me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 pompous

pompous
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 18 February 2012 - 11:06 PM

Ended up taking over 9 hours. Here is the result:

C:\Documents and Settings\Michael Kydonieus\Desktop\KeyFinderInstaller.exe Win32/OpenCandy application
C:\Documents and Settings\Michael Kydonieus\My Documents\Downloads\YouTubeDownloaderSetup34.exe a variant of Win32/Toolbar.Widgi application
C:\My Downloads\media.player.codec.pack.v3.8.0.setup.exe Win32/Adware.Toolbar.Dealio application
C:\Sandbox\Michael_Kydonieus\DefaultBox\drive\C\Documents and Settings\Michael Kydonieus\Desktop\KeyFinderInstaller.exe Win32/OpenCandy application
C:\Sandbox\Michael_Kydonieus\DefaultBox\drive\C\Documents and Settings\Michael Kydonieus\My Documents\Downloads\YouTubeDownloaderSetup34.exe a variant of Win32/Toolbar.Widgi application
C:\Sandbox\Michael_Kydonieus\DefaultBox\drive\C\My Downloads\media.player.codec.pack.v3.8.0.setup.exe Win32/Adware.Toolbar.Dealio application
C:\Sandbox\Michael_Kydonieus\DefaultBox\drive\C\System Volume Information\_restore{60A121A5-17E6-487A-809A-374E3156AF96}\RP699\A0728598.exe a variant of Win32/Kryptik.XCZ trojan
C:\Sandbox\Michael_Kydonieus\DefaultBox\user\current\Desktop\KeyFinderInstaller.exe Win32/OpenCandy application
C:\Sandbox\Michael_Kydonieus\DefaultBox\user\current\My Documents\Downloads\YouTubeDownloaderSetup34.exe a variant of Win32/Toolbar.Widgi application

I didn't see the harm in deleting the first three .exe files on the list (KeyFinderInstaller.exe, YouTubeDownloaderSetup34.exe, and media.player.codec.pack.v3.8.0.setup.exe), so I went ahead and did it.

The others should have been deleted when I deleted everything in the Sandbox.

Assuming that this completes the malware removal process, do you have any tips on how I can avoid future infestations?

As I mentioned, from now on, I intend to only visit questionable websites if I am running a browser in the sandbox.

Edited by pompous, 19 February 2012 - 02:04 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users