Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection - Cannot run TDSKiller/broswer redirection


  • This topic is locked This topic is locked
20 replies to this topic

#1 FormerAgentOfDeath

FormerAgentOfDeath

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 28 February 2012 - 12:08 PM

I have an infected PC. Last Friday symptoms began with "Smart Protection 2012". Over the weekend, I was able to update Malwarebytes and scan/remove all reported items in safe mode. At first the machine seemed to be running fine. However, another similar "FakeAlert" trojan popped up yesterday. Again, I was able to scan and remove infected items with MalwareBytes. However, I am still having browser redirection problems. I attempted to download and run TDSKiller, but it will not execute (tried safe mode and normal mode). There is obviously some kind of infection still resident on the machine. On the advise of another IT sage, I have downloaded and run ComboFix (logs below). I have disabled McAfee VirusScan prior to running ComboFix. After ComboFix, I also ran fixmbr from the recovery console in an attempt to rebuild the MBR, then ran ComboFix a second time. Symptoms persist (browser redirection/TDSKiller will not run). Please advise.

ComboFix 12-02-23.01 - jstraub 02/28/2012 8:15.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2735 [GMT -5:00]
Running from: c:\documents and settings\jstraub\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jstraub\g2mdlhlpx.exe
c:\windows\system32\OLD5.tmp
c:\windows\system32\OLD8.tmp
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))
.
.
2012-02-28 12:39 . 2012-02-28 12:39 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-27 20:40 . 2012-02-27 20:40 -------- d-----w- c:\documents and settings\LocalService\Application Data\TightVNC
2012-02-27 20:39 . 2012-02-27 20:39 -------- d-----w- c:\documents and settings\jstraub\Local Settings\Application Data\CrossLoop
2012-02-27 13:26 . 2012-02-27 13:26 -------- d-----w- c:\program files\CCleaner
2012-02-25 05:12 . 2012-02-25 05:12 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-25 00:31 . 2012-02-25 00:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-02-25 00:28 . 2012-02-25 00:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-02-15 23:18 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 23:18 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-28 12:57 . 2010-02-25 16:49 0 ----a-w- c:\documents and settings\jstraub\Local Settings\Application Data\WavXMapDrive.bat
2012-01-12 16:54 . 2008-04-25 16:16 1869056 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24 . 2011-04-06 15:56 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}]
2011-12-05 13:19 2106992 ----a-w- c:\program files\Symantec\VIP Access Client\VIPAddOnForIE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-11 23:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-11 23:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1044480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-16 796696]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-05-18 145920]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-07-05 15872]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2010-02-18 136512]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-06-15 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-12-24 618496]
"FJTWAIN Setup"="c:\windows\Twain_32\fjscan32\FjtwSetup.exe" [2002-02-20 106496]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Morningstar\\Office\\MStarAWD.exe"=
"c:\\Program Files\\Morningstar\\Office\\AWDImport.exe"=
"c:\\Program Files\\Morningstar\\Office\\MSUpdate.exe"=
"c:\\Program Files\\Morningstar\\Office\\MSUpdateVista.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2/5/2010 3:44 PM 24064]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2/5/2010 1:07 PM 2066968]
R2 VIPAppService;VIPAppService;c:\program files\Symantec\VIP Access Client\VIPAppService.exe [12/5/2011 8:19 AM 84080]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2/5/2010 3:44 PM 157152]
S2 CrossLoopService;CrossLoop Service;c:\documents and settings\jstraub\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [2/27/2012 3:39 PM 569072]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/28/2012 7:39 AM 40776]
S3 tvnserver;TightVNC Server;c:\documents and settings\jstraub\Local Settings\Application Data\CrossLoop\tvnserver.exe [2/27/2012 3:39 PM 814080]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 11:16 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: advisorchannel.com
Trusted Zone: bdreporting.com
Trusted Zone: bonddesk.com
Trusted Zone: fidelity.com
Trusted Zone: fidelityresearch.com
Trusted Zone: fidelitywealthcentral.com
Trusted Zone: insightexpress.com
Trusted Zone: marketwatch.com
Trusted Zone: pushinfo.com
Trusted Zone: serviceops.com
Trusted Zone: verisign.com
Trusted Zone: webex.com
TCP: Interfaces\{EE886293-3570-4962-AFE2-7EFB35165D5C}: NameServer = 172.16.1.2
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Smart Protection 2012 - c:\documents and settings\All Users\Application Data\F4D55F3B0010581F0003D8D5D151FC4E\F4D55F3B0010581F0003D8D5D151FC4E.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-28 08:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(844)
c:\windows\system32\wvauth.dll
c:\windows\system32\WININET.dll
.
Completion time: 2012-02-28 09:05:45
ComboFix-quarantined-files.txt 2012-02-28 14:05
.
Pre-Run: 131,196,760,064 bytes free
Post-Run: 131,584,995,328 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5098365E259FE1E895DCB3FCB1437CC7

BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:56 PM

Posted 29 February 2012 - 07:23 AM

Hello FormerAgentOfDeath and welcome to BC.

You should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.


==============================


:step1: Download OTL to your Desktop.
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Copy and Paste the following code into the Custom Scan/Fixes box.

    c:\windows\*. /SL
    c:\windows\*. /RP 
    /md5start
    i8042prt.sys
    /md5stop
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /90
    
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them when you reply.


:step2: Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
Note: Do not install Avast anti virus when offered.



:step3: Please download Listparts
Run the tool, click Scan and post the log (Result.txt) it makes.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 29 February 2012 - 08:00 AM

Sempai:

Thanks so much for your quick response.

Please note aswMBR.EXE will not execute. Other logs are posted below as you requested.


OTL logfile created on: 2/29/2012 7:49:15 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\jstraub\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 78.05% Memory free
5.09 Gb Paging File | 4.42 Gb Available in Paging File | 86.85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.93 Gb Total Space | 122.45 Gb Free Space | 82.22% Space Free | Partition Type: NTFS
Drive I: | 261.09 Gb Total Space | 19.42 Gb Free Space | 7.44% Space Free | Partition Type: NTFS
Drive S: | 261.09 Gb Total Space | 19.42 Gb Free Space | 7.44% Space Free | Partition Type: NTFS
Drive T: | 261.09 Gb Total Space | 19.42 Gb Free Space | 7.44% Space Free | Partition Type: NTFS
Drive U: | 261.09 Gb Total Space | 19.42 Gb Free Space | 7.44% Space Free | Partition Type: NTFS
Drive V: | 261.09 Gb Total Space | 19.42 Gb Free Space | 7.44% Space Free | Partition Type: NTFS

Computer Name: JSTRAUB | User Name: jstraub | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/29 07:44:03 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jstraub\Desktop\OTL.exe
PRC - [2011/12/05 08:19:24 | 002,539,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\VIP Access Client\VIPUIManager.exe
PRC - [2011/12/05 08:19:24 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2010/03/18 15:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2010/02/18 15:50:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2010/02/18 15:50:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2010/02/18 15:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2010/02/18 15:50:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/10/02 22:32:51 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/07/16 09:36:28 | 002,066,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/16 09:36:18 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\lms.exe
PRC - [2009/07/05 16:56:34 | 000,015,872 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2009/06/11 21:46:46 | 000,656,384 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/06/11 18:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2009/05/18 08:36:00 | 000,145,920 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/15 08:43:20 | 000,049,152 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
PRC - [2002/02/20 10:38:00 | 000,106,496 | ---- | M] (FUJITSU LIMITED) -- C:\WINDOWS\twain_32\Fjscan32\FjtwSetup.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 03:16:17 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012/02/16 03:06:18 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/16 03:06:10 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
MOD - [2012/02/16 03:06:04 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 03:05:41 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/16 03:05:35 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/16 03:05:12 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/16 03:05:09 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/16 03:05:07 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/16 03:04:33 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2012/01/11 03:03:35 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b0718b9e\mscorlib.dll
MOD - [2012/01/11 03:03:33 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_2b32b4e9\system.drawing.dll
MOD - [2012/01/11 03:03:30 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_f4089c4f\system.xml.dll
MOD - [2012/01/11 03:03:28 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_dac7929e\system.windows.forms.dll
MOD - [2012/01/11 03:03:20 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_7047ad59\system.dll
MOD - [2012/01/11 03:03:11 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/11 03:03:10 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/10/13 02:05:44 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/13 02:04:58 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2010/02/18 15:50:00 | 000,065,536 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
MOD - [2010/02/05 13:11:59 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Status Lib\1.6.320.13950__f25c74fcad379103\Status Lib.dll
MOD - [2010/02/05 13:11:59 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\StatusInterfaces\1.6.320.13949__4ca2a925deedf37d\StatusInterfaces.dll
MOD - [2010/02/05 13:07:35 | 001,687,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3120.40644__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010/02/05 13:07:35 | 000,688,128 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3120.40800__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2010/02/05 13:07:35 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3120.40823__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2010/02/05 13:07:35 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3120.40600__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:35 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3120.40658__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/02/05 13:07:35 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3120.40816__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:35 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3120.40780__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:35 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3120.40636__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/02/05 13:07:35 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3120.40744__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:35 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3120.40622__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:34 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3120.40847__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/02/05 13:07:32 | 000,806,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3120.40747__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:32 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3120.40875__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:32 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3120.40806__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/02/05 13:07:32 | 000,348,160 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3120.40788__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:32 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3120.40854__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:32 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3120.40651__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:32 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3120.40794__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/02/05 13:07:32 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3120.40746__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:32 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3120.40615__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:32 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3120.40875__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:32 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3120.40787__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:32 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3120.40650__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:31 | 000,794,624 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3120.40817__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:31 | 000,663,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3120.40782__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:31 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3120.40669__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:31 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3120.40739__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:31 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3120.40623__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:31 | 000,376,832 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3120.40745__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:31 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3120.40664__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:31 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3120.40762__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:31 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3120.40816__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3120.40875__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3120.40744__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:31 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3120.40581__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/02/05 13:07:31 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3120.40583__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3120.40786__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3120.40746__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3120.40745__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3120.40642__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/02/05 13:07:31 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3120.40846__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3120.40675__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:31 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3120.40780__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3120.40745__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:31 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3120.40761__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:31 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3120.40621__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3120.40773__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:31 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3120.40837__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/02/05 13:07:31 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3120.40621__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3120.40621__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3120.40642__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3120.40761__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2010/02/05 13:07:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3120.40583__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3120.40583__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3120.40650__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3120.40599__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3120.40582__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/02/05 13:07:31 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3120.40580__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/02/05 13:07:31 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/02/05 13:07:31 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/02/05 13:07:31 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3120.40636__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3120.40614__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,015,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3120.40582__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/02/05 13:07:31 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3120.40587__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3120.40582__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3120.40598__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2010/02/05 13:07:31 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3120.40582__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3120.40599__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/02/05 13:07:31 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/02/05 13:07:31 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3120.40845__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,006,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3120.40589__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,006,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3120.40587__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3120.40584__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/02/05 13:07:31 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3120.40585__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3120.40600__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3120.40588__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,005,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3120.40599__90ba9c70f846762e\DEM.OS.dll
MOD - [2010/02/05 13:07:30 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3120.40867__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/02/05 13:07:30 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3120.40878__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2010/02/05 13:07:30 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3120.40588__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/02/05 13:07:29 | 000,995,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3120.40608__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/02/05 13:07:29 | 000,417,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3120.40829__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010/02/05 13:07:29 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3120.40629__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/02/05 13:07:29 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3120.40837__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/02/05 13:07:29 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3120.40599__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2010/02/05 13:07:29 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3120.40836__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/02/05 13:07:29 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3120.40590__90ba9c70f846762e\APM.Server.dll
MOD - [2010/02/05 13:07:29 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3120.40592__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/02/05 13:07:29 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3120.40591__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/02/05 13:07:29 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3120.40587__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/02/05 13:07:29 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3120.40589__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/02/05 13:07:29 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3120.40586__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/02/05 13:07:29 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3120.40607__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/02/05 13:07:29 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3120.40585__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/02/05 13:07:29 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/02/05 13:07:29 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3120.40837__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010/02/05 13:07:29 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3120.40584__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/02/05 13:07:29 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2010/02/05 13:07:29 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2010/02/05 13:07:29 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3120.40629__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/02/05 13:07:29 | 000,010,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3120.40607__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/02/05 13:07:29 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3120.40650__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/02/05 13:07:29 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3120.40591__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2009/07/16 09:20:20 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
MOD - [2009/06/03 12:07:50 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\Wavx_ESC_Logging.dll
MOD - [2009/05/18 08:34:04 | 000,249,856 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2009/02/27 15:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 15:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2008/11/12 13:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
MOD - [2008/04/25 16:35:57 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2008/04/25 16:35:57 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2008/04/25 16:35:56 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2008/04/25 16:35:55 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2007/04/18 18:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 18:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll
MOD - [2006/06/15 08:42:34 | 000,053,248 | ---- | M] () -- C:\Program Files\HP\ToolBoxFX\bin\NativeUtils.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Auto | Stopped] -- C:\Documents and Settings\jstraub\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2011/12/05 08:19:24 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2010/07/21 07:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Documents and Settings\jstraub\Local Settings\Application Data\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/03/18 15:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2010/02/18 15:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2010/02/05 13:18:07 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/16 09:36:28 | 002,066,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/07/16 09:36:18 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\lms.exe -- (LMS) Intel®
SRV - [2009/06/11 18:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/06/03 12:15:24 | 001,019,904 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/11/12 13:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/03/18 18:11:11 | 000,023,360 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2009/07/30 18:32:30 | 000,157,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2009/06/24 00:54:16 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2009/06/23 10:28:12 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/06/12 15:51:00 | 000,208,824 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2008/08/27 19:43:04 | 003,230,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/06/04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/03/28 06:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2006/06/12 16:36:30 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Help_Page = http://support.dell.com/support/index.aspx?c=us&l=en&s=gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP5X@verisign.com: C:\Program Files\Symantec\VIP Access Client\ [2011/12/15 16:04:22 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/02/28 08:49:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [FJTWAIN Setup] C:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O15 - HKCU\..Trusted Domains: advisorchannel.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: bdreporting.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: bonddesk.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: fidelity.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: fidelityresearch.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: fidelitywealthcentral.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: insightexpress.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: marketwatch.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pushinfo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: serviceops.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: verisign.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: webex.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://metlifeinvest.webex.com/client/T26L/webex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pfg.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE886293-3570-4962-AFE2-7EFB35165D5C}: NameServer = 172.16.1.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/29 07:47:40 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\jstraub\Desktop\aswMBR.exe
[2012/02/29 07:44:38 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jstraub\Desktop\OTL.exe
[2012/02/28 12:10:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/28 10:29:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/28 09:14:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jstraub\Desktop\VSE880LML
[2012/02/28 08:10:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/28 08:03:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/28 08:03:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/28 08:03:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/28 08:03:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/28 08:02:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/28 08:01:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/28 08:00:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jstraub\Start Menu\Programs\Administrative Tools
[2012/02/28 07:57:57 | 004,417,988 | R--- | C] (Swearware) -- C:\Documents and Settings\jstraub\Desktop\ComboFix.exe
[2012/02/28 07:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jstraub\My Documents\tdsskiller
[2012/02/27 15:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TightVNC
[2012/02/27 15:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jstraub\Start Menu\Programs\CrossLoop
[2012/02/27 15:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jstraub\Local Settings\Application Data\CrossLoop
[2012/02/27 08:27:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jstraub\Recent
[2012/02/27 08:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/02/27 08:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/02/24 23:24:40 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/02/24 22:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/29 07:47:27 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\jstraub\Desktop\aswMBR.exe
[2012/02/29 07:44:03 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jstraub\Desktop\OTL.exe
[2012/02/28 16:53:35 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\jstraub\Desktop\Microsoft Office Word 2007.lnk
[2012/02/28 16:52:10 | 000,000,199 | ---- | M] () -- C:\WINDOWS\ecco.fdb
[2012/02/28 16:52:09 | 000,001,703 | ---- | M] () -- C:\WINDOWS\ecco.cfx
[2012/02/28 11:58:08 | 000,001,722 | -H-- | M] () -- C:\Documents and Settings\jstraub\My Documents\Default.rdp
[2012/02/28 10:08:51 | 000,514,808 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/28 10:08:51 | 000,098,454 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/28 10:05:12 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jstraub\Local Settings\Application Data\WavXMapDrive.bat
[2012/02/28 10:05:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/28 10:04:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/28 08:49:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/28 08:10:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/02/27 15:39:32 | 000,002,346 | ---- | M] () -- C:\Documents and Settings\jstraub\Desktop\CrossLoop Connect.lnk
[2012/02/27 11:25:10 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\jstraub\Desktop\Microsoft Office Excel 2007.lnk
[2012/02/24 23:26:09 | 000,000,022 | ---- | M] () -- C:\Program Files\InstSuccess.ini
[2012/02/24 23:23:18 | 000,000,031 | ---- | M] () -- C:\dev.ini
[2012/02/24 22:01:18 | 004,417,988 | R--- | M] (Swearware) -- C:\Documents and Settings\jstraub\Desktop\ComboFix.exe
[2012/02/24 13:36:16 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\jstraub\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/23 10:21:48 | 000,000,088 | ---- | M] () -- C:\WINDOWS\ecco.alm
[2012/02/22 16:43:44 | 000,192,275 | ---- | M] () -- C:\Documents and Settings\jstraub\Desktop\Potomac EAS Agreement Fidelity.pdf
[2012/02/22 15:07:31 | 000,043,106 | ---- | M] () -- C:\Documents and Settings\jstraub\Desktop\PFG FA ADV Part 2B - Hoover, Randy 2011 Brochure Supplement Approved.pdf
[2012/02/21 15:07:18 | 002,149,331 | ---- | M] () -- C:\Documents and Settings\jstraub\Desktop\Forrest Keene UTMA.pdf
[2012/02/16 03:08:12 | 000,336,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/07 08:57:21 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\jstraub\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/02/01 12:56:08 | 000,045,675 | ---- | M] () -- C:\Documents and Settings\jstraub\Desktop\PFG Privacy Notice 2012.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/28 11:57:56 | 000,001,722 | -H-- | C] () -- C:\Documents and Settings\jstraub\My Documents\Default.rdp
[2012/02/28 08:10:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/02/28 08:10:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/28 08:03:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/28 08:03:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/28 08:03:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/28 08:03:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/28 08:03:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/27 15:39:32 | 000,002,346 | ---- | C] () -- C:\Documents and Settings\jstraub\Desktop\CrossLoop Connect.lnk
[2012/02/24 23:01:46 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/02/24 23:01:46 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NetX360.lnk
[2012/02/24 23:01:46 | 000,001,722 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Morningstar Office.lnk
[2012/02/24 23:01:46 | 000,001,270 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Profiles Professional 9.3.lnk
[2012/02/24 23:01:46 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/02/24 23:00:33 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\jstraub\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/24 23:00:33 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\jstraub\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/02/24 23:00:33 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\jstraub\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/02/24 23:00:33 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\jstraub\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/02/24 22:59:44 | 000,002,413 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk
[2012/02/24 22:59:44 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 9.lnk
[2012/02/24 22:59:44 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/02/24 22:59:44 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.LNK
[2012/02/24 22:59:44 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2012/02/24 22:59:44 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\VIP Access.lnk
[2012/02/24 22:59:44 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/02/24 22:59:44 | 000,001,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Morningstar Office.lnk
[2012/02/24 22:59:44 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD DX.lnk
[2012/02/24 22:59:44 | 000,001,079 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
[2012/02/24 22:59:44 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.LNK
[2012/02/24 22:59:44 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.LNK
[2012/02/24 13:44:25 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\jstraub\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/22 15:07:31 | 000,043,106 | ---- | C] () -- C:\Documents and Settings\jstraub\Desktop\PFG FA ADV Part 2B - Hoover, Randy 2011 Brochure Supplement Approved.pdf
[2012/02/22 11:16:15 | 000,192,275 | ---- | C] () -- C:\Documents and Settings\jstraub\Desktop\Potomac EAS Agreement Fidelity.pdf
[2012/02/15 18:18:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 18:18:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/01 12:56:08 | 000,045,675 | ---- | C] () -- C:\Documents and Settings\jstraub\Desktop\PFG Privacy Notice 2012.pdf
[2010/06/24 02:03:57 | 000,627,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/31 09:22:20 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2010/03/18 11:35:47 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\jstraub\Local Settings\Application Data\fusioncache.dat
[2010/03/01 10:54:43 | 000,000,671 | ---- | C] () -- C:\WINDOWS\Fjtwsti.ini
[2010/03/01 10:41:38 | 000,000,766 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2010/03/01 10:37:11 | 000,093,155 | ---- | C] () -- C:\WINDOWS\hppins05.dat
[2010/03/01 10:37:10 | 000,000,896 | ---- | C] () -- C:\WINDOWS\hppmdl05.dat
[2010/03/01 08:55:52 | 000,000,022 | ---- | C] () -- C:\Program Files\InstSuccess.ini
[2010/03/01 08:38:52 | 000,000,130 | ---- | C] () -- C:\Program Files\PanaHDS.ini
[2010/03/01 08:31:00 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2010/03/01 08:30:57 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2010/03/01 08:30:57 | 000,023,360 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2010/03/01 08:30:57 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2010/03/01 08:30:57 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe

========== Custom Scans ==========


< c:\windows\*. /SL >

< c:\windows\*. /RP >


< MD5 for: I8042PRT.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:i8042prt.sys
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\Program Files\Dell\DBRM\osmedia\I386\sp3.cab:i8042prt.sys
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys

< %ALLUSERSPROFILE%\Application Data\*. >
[2011/08/02 09:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/11/15 09:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/02/05 13:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010/02/25 12:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brentmark
[2010/02/05 13:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2011/12/21 10:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/03/01 10:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/02/05 13:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/03/05 10:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leimberg
[2011/04/06 10:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/28 08:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/04/06 11:03:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/02/16 03:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/02/05 13:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2010/03/01 08:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/02/05 13:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/04/28 10:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/05 13:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/02/05 13:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/02/25 11:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/11/18 15:57:54 | 000,046,496 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\9.2\ARM\Elevator.exe
[2012/01/04 02:08:53 | 033,560,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\AdbeRdr950_en_US.exe
[2012/01/03 02:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\2084\AcrobatUpdater.exe
[2012/01/03 02:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\2084\AdobeARM.exe
[2012/01/03 02:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\2084\AdobeARMHelper.exe
[2012/01/03 02:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\2084\ReaderUpdater.exe
[2010/05/27 11:44:34 | 005,269,357 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\EPOAGENT3000\Install\0409\FramePkg.exe
[2009/05/27 06:07:20 | 004,880,368 | ---- | M] (Sonic Solutions) -- C:\Documents and Settings\All Users\Application Data\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe

< %APPDATA%\*. >
[2010/03/01 10:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Adobe
[2010/02/05 13:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\ATI
[2010/02/05 13:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Broadcom
[2010/05/27 12:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\EISI
[2010/03/01 10:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Fujitsu
[2010/03/01 10:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\HP
[2008/04/25 16:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Identities
[2010/02/05 13:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\InstallShield
[2010/03/17 10:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\IsolatedStorage
[2010/03/05 10:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Leimberg
[2010/03/01 08:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Macromedia
[2011/04/06 10:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Malwarebytes
[2010/05/27 11:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\McAfee
[2010/12/16 14:31:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\jstraub\Application Data\Microsoft
[2011/09/02 10:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Morningstar
[2010/03/01 08:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Office Genuine Advantage
[2010/03/01 10:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Panasonic
[2011/09/15 07:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Pershing
[2010/02/05 13:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Roxio Log Files
[2010/02/05 12:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Sun
[2010/02/05 13:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Wave Systems Corp
[2011/09/14 09:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\webex
[2010/02/05 12:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Windows Desktop Search
[2010/02/25 11:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Windows Search

< %APPDATA%\*.exe /s >
[2011/04/07 09:29:47 | 002,872,992 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\jstraub\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2010/05/21 11:56:33 | 000,319,488 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\jstraub\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
[2010/02/05 13:01:24 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\jstraub\Application Data\Microsoft\Installer\{A8DD74DC-14C4-4BA0-8DF7-D84524D0B0D2}\ARPPRODUCTICON.exe
[2010/02/05 13:00:54 | 000,365,322 | R--- | M] () -- C:\Documents and Settings\jstraub\Application Data\Microsoft\Installer\{AF7E4468-E364-4991-BC2A-6E8293E1055B}\ARPPRODUCTICON.exe
[2010/02/05 13:01:52 | 000,405,504 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\jstraub\Application Data\Microsoft\Installer\{C3FA63E2-AFD3-41FD-B48F-1D942CC71943}\ARPPRODUCTICON.exe

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/04/25 04:21:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/04/25 04:21:09 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/04/25 04:21:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

< End of report >


OTL Extras logfile created on: 2/29/2012 7:49:15 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\jstraub\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 78.05% Memory free
5.09 Gb Paging File | 4.42 Gb Available in Paging File | 86.85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.93 Gb Total Space | 122.45 Gb Free Space | 82.22% Space Free | Partition Type: NTFS
Drive I: | 261.09 Gb Total Space | 19.42 Gb Free Space | 7.44% Space Free | Partition Type: NTFS
Drive S: | 261.09 Gb Total Space | 19.42 Gb Free Space | 7.44% Space Free | Partition Type: NTFS
Drive T: | 261.09 Gb Total Space | 19.42 Gb Free Space | 7.44% Space Free | Partition Type: NTFS
Drive U: | 261.09 Gb Total Space | 19.42 Gb Free Space | 7.44% Space Free | Partition Type: NTFS
Drive V: | 261.09 Gb Total Space | 19.42 Gb Free Space | 7.44% Space Free | Partition Type: NTFS

Computer Name: JSTRAUB | User Name: jstraub | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:enabled:Offer Remote Assistance - Port" = 135:TCP:*:enabled:Offer Remote Assistance - Port
"3390:TCP:*:Enabled:RDC" = 3390:TCP:*:Enabled:RDC
"8081:TCP:*:Enabled:epo Agent" = 8081:TCP:*:Enabled:epo Agent

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = LocalSubnet

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"5910:TCP" = 5910:TCP:*:Enabled:vnc5910

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Morningstar\Office\MStarAWD.exe" = C:\Program Files\Morningstar\Office\MStarAWD.exe:*:Enabled:MStarAWD Application -- ()
"C:\Program Files\Morningstar\Office\AWDImport.exe" = C:\Program Files\Morningstar\Office\AWDImport.exe:*:Enabled:AWDImport Application -- ()
"C:\Program Files\Morningstar\Office\MSUpdate.exe" = C:\Program Files\Morningstar\Office\MSUpdate.exe:*:Enabled:MSUpdate Application -- (Morningstar)
"C:\Program Files\Morningstar\Office\MSUpdateVista.exe" = C:\Program Files\Morningstar\Office\MSUpdateVista.exe:*:Enabled:MSUpdateVista Application -- (Morningstar)
"C:\Documents and Settings\jstraub\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\jstraub\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Documents and Settings\jstraub\Local Settings\Application Data\CrossLoop\vncviewer.exe" = C:\Documents and Settings\jstraub\Local Settings\Application Data\CrossLoop\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Documents and Settings\jstraub\Local Settings\Application Data\CrossLoop\tvnserver.exe" = C:\Documents and Settings\jstraub\Local Settings\Application Data\CrossLoop\tvnserver.exe:*:Enabled:tvnserver.exe -- (GlavSoft LLC.)
"C:\Documents and Settings\jstraub\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe" = C:\Documents and Settings\jstraub\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe:*:Enabled:CrossLoop - Simple Secure Screen Sharing -- (CrossLoop)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Morningstar\Office\MStarAWD.exe" = C:\Program Files\Morningstar\Office\MStarAWD.exe:*:Enabled:MStarAWD Application -- ()
"C:\Program Files\Morningstar\Office\AWDImport.exe" = C:\Program Files\Morningstar\Office\AWDImport.exe:*:Enabled:AWDImport Application -- ()
"C:\Program Files\Morningstar\Office\MSUpdate.exe" = C:\Program Files\Morningstar\Office\MSUpdate.exe:*:Enabled:MSUpdate Application -- (Morningstar)
"C:\Program Files\Morningstar\Office\MSUpdateVista.exe" = C:\Program Files\Morningstar\Office\MSUpdateVista.exe:*:Enabled:MSUpdateVista Application -- (Morningstar)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03329281-5216-5AAC-2889-42BAA90AA9A9}" = CCC Help Chinese Standard
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{100F22AF-553D-3CDB-F89C-B60F46469B33}" = CCC Help Italian
"{135BA9A6-495A-4FE9-B1A1-AB4DA449CAB1}" = hppLJP2015
"{14237138-900C-4C0A-AF63-1888F2671F9D}" = SO32MMWrapper
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F73D672-6175-4A1D-B3C1-420439D03D0F}" = Product_SF_Full_QFolder
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24A0A7E4-A410-D4E1-37F0-FC2E0ED01004}" = CCC Help French
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 20
"{2788093B-21C6-CD94-2589-0A881A2684A8}" = Catalyst Control Center Core Implementation
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{333615C1-60BF-4569-A8B7-2FA38D3245B7}" = Intel® Network Connections 14.2.100.0
"{3437885F-0A95-4C2C-AAEB-B6BFBDE7A31C}" = NetX360
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362678B4-6ED5-46E9-A6B2-53EF22159151}" = McAfee Agent
"{3650F490-55D6-2D26-D685-FACB56638618}" = Catalyst Control Center Localization Japanese
"{3872C2B2-1C00-4742-83F5-D0797278E9EF}" = Dell Control Point
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B24C9F4-BAE9-4E6A-9B7C-DCC19BE31324}" = Catalyst Control Center Graphics Full Existing
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BC341BD-3736-45F0-B0E0-5664792AC528}" = HP Care Pack Core
"{3F92E335-E229-4BFB-B46F-0D9620F0C6A3}" = Morningstar Office Prerequisite 3.8
"{4054E328-94C6-155A-7F9B-155511178F67}" = Catalyst Control Center Localization Thai
"{41454D20-D3EF-26CA-0094-51EC4D9FA90A}" = Catalyst Control Center Localization Polish
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{4484ED94-E29D-8192-4470-32E16FE32ABB}" = Catalyst Control Center Localization Korean
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{527DC9EF-8FA7-A154-A90C-D482F256D3F3}" = Catalyst Control Center Graphics Full New
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{561D20B1-766E-4EA5-8A1D-B7357D903673}" = hppIOFiles
"{570D2254-A771-E430-DA8A-CFE0811FF66D}" = Catalyst Control Center Localization German
"{5E55F3F1-2210-4CC9-A761-9E4B818D9FA7}" = HP Care Pack Products
"{609E7573-0847-3149-44CB-5612A5FDFCB6}" = ccc-utility
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6441FECE-0E73-4326-81BF-68503E897820}" = CorePLS_Min_QFolder
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69E6C13B-CF6B-47A6-B7A5-77FE82B2CB40}" = hppFonts
"{6C64AB8C-F78B-45C0-98E3-6DE9702E0225}" = Microsoft Office Live Meeting 2007
"{6F8799EC-3E7B-3080-903F-44FDCC281158}" = CCC Help English
"{7105D139-C323-639E-79AD-59925919B2F1}" = CCC Help Spanish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74F589FD-E68D-AA2B-569F-73972A8F29F1}" = Catalyst Control Center Localization Italian
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79B520D5-CE72-4661-A054-804BC3412516}" = Wave Infrastructure Installer
"{7A178F2E-92F6-437C-A709-69685D1C0F2B}" = hppTLBXFXP2015
"{7AB56F86-8859-F35D-92EC-66AE8938C8E1}" = Catalyst Control Center Localization Spanish
"{7B088773-4913-46E1-813E-CD1A0FA9CB03}" = DCP32MMWrapper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83E09138-09A1-1075-EA0E-5332CA2E02CB}" = Catalyst Control Center Localization Chinese Traditional
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8978A90C-FDC0-2980-98FB-347AB5ADD818}" = ccc-core-static
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89FD1110-1362-1B23-D78B-A54176AC2441}" = Catalyst Control Center Localization Portuguese
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C0118CC-F720-45FF-A4DA-44AD77B2E73C}" = CorePLS_Full_QFolder
"{8CB3ED73-ABEE-949D-8EE9-B8B4CD0F4949}" = CCC Help Japanese
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel« Matrix Storage Manager
"{908F3442-DFD7-19CF-AD15-449AF7A0682B}" = Catalyst Control Center Localization French
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{93C069D4-2F86-4570-A6DF-BFABBA1E4AFD}" = hpzTLBXFX
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C28C880-EFC8-C87F-BA4A-B7E912448399}" = Catalyst Control Center Graphics Light
"{9D59AC32-B0FA-4CD7-A2EC-4B57C06CD9D9}" = Dell Backup and Recovery Manager
"{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A7AEE77C-2DC2-69F0-8C02-4D7C6BCBC5B7}" = Catalyst Control Center Localization Chinese Standard
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8C69F6C-E35A-4202-9A43-631143502202}" = Profiles Professional Desktop Application 9.3
"{A8DD74DC-14C4-4BA0-8DF7-D84524D0B0D2}" = ST Microelectronics TPM Driver Installer
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Franšais, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Franšais, Deutsch
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AF521B1D-7A5B-7565-7635-0F9169B97EA8}" = CCC Help Portuguese
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B01649C2-BEC1-0D69-47D1-FCBB747275ED}" = CCC Help Korean
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B399106F-0878-9AC8-6AFB-D306C863942B}" = CCC Help Polish
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B711B1FC-140B-779B-1754-DEE3D0D245ED}" = CCC Help Thai
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3FA63E2-AFD3-41FD-B48F-1D942CC71943}" = UPEK TouchChip Fingerprint Reader
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD3CD0EC-B788-4BF0-A1F5-925A5311D49F}" = NetX360
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF1E99F2-6379-461C-9DD5-26115381851D}" = ccc-core-preinstall
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DE660DD0-304A-CE96-D1E4-71FED40277D7}" = CCC Help Chinese Traditional
"{E2B14AC7-C8A7-40BD-A018-845CB3E845A8}" = Morningstar Office Prerequisite 3.10
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIP Access
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{ED91136D-4AC7-E90D-428E-E3813565D33C}" = CCC Help German
"{EDAE4F43-833C-443B-8DB5-129F897DF3E8}" = hppWebRegMM
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F38D0F99-1BFC-47AB-AC36-8D9D43700CFB}" = hppManualsP2015
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"35858E766EFC35B58A45C301DD358D503119A8FA" = Windows Driver Package - STMicroelectronics (stmtpm) System (05/24/2007 1.00.04.15)
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"CrossLoop_is1" = CrossLoop 2.82
"HP LaserJet P2015" = HP LaserJet P2015 Series 1.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MESOL" = Intel« Active Management Technology
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Morningstar Office" = Morningstar Office
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NumberCruncher" = NumberCruncher
"PersonalLogger" = Personal Logger 3.0
"Scanner Utility for Microsoft Windows" = Scanner Utility for Microsoft Windows
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"State Death Tax Manager" = State Death Tax Manager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.0.0.799
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

ListParts by Farbar
Ran by jstraub (administrator) on 29-02-2012 at 07:54:42
Windows XP (X86)
Running From: C:\Documents and Settings\jstraub\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 21%
Total physical RAM: 3325.5 MB
Available physical RAM: 2596.32 MB
Total Pagefile: 5208.85 MB
Available Pagefile: 4516.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.68 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:148.93 GB) (Free:122.41 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive i: () (Network) (Total:261.09 GB) (Free:19.42 GB) NTFS
4 Drive s: () (Network) (Total:261.09 GB) (Free:19.42 GB) NTFS
5 Drive t: () (Network) (Total:261.09 GB) (Free:19.42 GB) NTFS
6 Drive u: () (Network) (Total:261.09 GB) (Free:19.42 GB) NTFS
7 Drive v: () (Network) (Total:261.09 GB) (Free:19.42 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 86 MB 32 KB
Partition 2 Primary 149 GB 86 MB

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 149 GB Healthy System (partition with boot components)


****** End Of Log ******

#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:56 PM

Posted 29 February 2012 - 09:58 AM

Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    
    :Files
    ipconfig /flushdns /c
    C:\I386\sp3.cab:i8042prt.sys /E
    C:\WINDOWS\system32\drivers\i8042prt.sys|c:\i8042prt.sys /replace
    
    :Commands
    [REBOOT] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 29 February 2012 - 10:39 AM

I followed your instructions. The log did not automatically pop up, but I found it in C:\_OTL\MovedFiles. Here is a copy...


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\jstraub\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\jstraub\Desktop\cmd.txt deleted successfully.
i8042prt.sys extracted to C:\
File C:\WINDOWS\system32\drivers\i8042prt.sys successfully replaced with c:\i8042prt.sys
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.33.2 log created on 02292012_103240

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:56 PM

Posted 29 February 2012 - 10:52 AM

OK thanks. Now please delete your copy of Combofix (do not uninstall) and then download and run a new copy.


Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 29 February 2012 - 01:13 PM

As you requested, I removed the old ComboFix. I downloaded a new one to the desktop from the link you provided and disabled Anti-Virus. Below is the log -


ComboFix 12-02-29.01 - jstraub 02/29/2012 12:20:30.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2705 [GMT -5:00]
Running from: c:\documents and settings\jstraub\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2012-02-29 15:32 . 2008-04-14 05:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-02-29 15:32 . 2008-04-14 05:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-29 15:32 . 2008-04-14 05:48 52480 ----a-w- C:\i8042prt.sys
2012-02-29 15:32 . 2012-02-29 15:32 -------- d-----w- C:\_OTL
2012-02-27 20:40 . 2012-02-27 20:40 -------- d-----w- c:\documents and settings\LocalService\Application Data\TightVNC
2012-02-27 20:39 . 2012-02-28 16:58 -------- d-----w- c:\documents and settings\jstraub\Local Settings\Application Data\CrossLoop
2012-02-27 13:26 . 2012-02-27 13:26 -------- d-----w- c:\program files\CCleaner
2012-02-25 05:12 . 2012-02-25 05:12 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-25 00:31 . 2012-02-25 00:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-02-25 00:28 . 2012-02-25 00:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-02-15 23:18 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 23:18 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 15:35 . 2010-02-25 16:49 0 ----a-w- c:\documents and settings\jstraub\Local Settings\Application Data\WavXMapDrive.bat
2012-01-12 16:54 . 2008-04-25 16:16 1869056 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24 . 2011-04-06 15:56 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-28_13.51.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-29 16:06 . 2012-02-29 16:06 16384 c:\windows\Temp\Perflib_Perfdata_740.dat
+ 2012-02-29 15:35 . 2012-02-29 15:35 16384 c:\windows\Temp\Perflib_Perfdata_72c.dat
+ 2008-04-25 16:16 . 2012-02-29 15:39 98454 c:\windows\system32\perfc009.dat
- 2008-04-25 16:16 . 2012-02-28 12:59 98454 c:\windows\system32\perfc009.dat
+ 2008-04-25 16:16 . 2012-02-29 15:39 514808 c:\windows\system32\perfh009.dat
- 2008-04-25 16:16 . 2012-02-28 12:59 514808 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}]
2011-12-05 13:19 2106992 ----a-w- c:\program files\Symantec\VIP Access Client\VIPAddOnForIE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-11 23:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-11 23:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1044480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-16 796696]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-05-18 145920]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-07-05 15872]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2010-02-18 136512]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-06-15 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-12-24 618496]
"FJTWAIN Setup"="c:\windows\Twain_32\fjscan32\FjtwSetup.exe" [2002-02-20 106496]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Morningstar\\Office\\MStarAWD.exe"=
"c:\\Program Files\\Morningstar\\Office\\AWDImport.exe"=
"c:\\Program Files\\Morningstar\\Office\\MSUpdate.exe"=
"c:\\Program Files\\Morningstar\\Office\\MSUpdateVista.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2/5/2010 3:44 PM 24064]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2/5/2010 1:07 PM 2066968]
R2 VIPAppService;VIPAppService;c:\program files\Symantec\VIP Access Client\VIPAppService.exe [12/5/2011 8:19 AM 84080]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2/5/2010 3:44 PM 157152]
S2 CrossLoopService;CrossLoop Service;c:\documents and settings\jstraub\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [2/27/2012 3:39 PM 569072]
S3 tvnserver;TightVNC Server;c:\documents and settings\jstraub\Local Settings\Application Data\CrossLoop\tvnserver.exe [2/27/2012 3:39 PM 814080]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 11:16 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: advisorchannel.com
Trusted Zone: bdreporting.com
Trusted Zone: bonddesk.com
Trusted Zone: fidelity.com
Trusted Zone: fidelityresearch.com
Trusted Zone: fidelitywealthcentral.com
Trusted Zone: insightexpress.com
Trusted Zone: marketwatch.com
Trusted Zone: pushinfo.com
Trusted Zone: serviceops.com
Trusted Zone: verisign.com
Trusted Zone: webex.com
TCP: Interfaces\{EE886293-3570-4962-AFE2-7EFB35165D5C}: NameServer = 172.16.1.2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-29 12:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(840)
c:\windows\system32\wvauth.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3680)
c:\windows\system32\WININET.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\jscript.dll
c:\windows\system32\Macromed\Flash\Flash10t.ocx
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-29 13:03:30
ComboFix-quarantined-files.txt 2012-02-29 18:03
ComboFix2.txt 2012-02-28 16:24
ComboFix3.txt 2012-02-28 14:05
.
Pre-Run: 131,366,211,584 bytes free
Post-Run: 131,411,771,392 bytes free
.
- - End Of File - - EF2FB6EF6538B1CBFFAA464A6FBD70E0

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:56 PM

Posted 29 February 2012 - 10:34 PM

Log looks good, how's the computer running?


Let's see if there are unseen malware remnant.


:step1: Please run Malwarebytes Anti-Malware. Go to update tab and download all updates and then perform a "Quick Scan".
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



:step2: ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, but make sure you copy the logfile first.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!



:step3: Please run OTL and click the "Quick Scan" button, post the new report for my review.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 01 March 2012 - 08:53 AM

I am still getting browser redirection. Other than that, computer operation/performance seem to be normal.

1. Ran MalwareBytes QuickScan as instructed. No malicious items were found. Log to follow.
2. Ran ESET Scanner as instructed. Found 3 infected files. Log to follow.
2. Ran OTL Quick Scan. Log to follow.


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.01.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
jstraub :: JSTRAUB [administrator]

3/1/2012 8:06:31 AM
mbam-log-2012-03-01 (08-06-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217096
Time elapsed: 2 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ff4fb22f9365f94ba5904c124f0c6e4c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-01 01:48:35
# local_time=2012-03-01 08:48:35 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=91240
# found=3
# cleaned=0
# scan_time=1751
C:\Documents and Settings\jstraub\Application Data\Sun\Java\Deployment\cache\6.0\16\4521ee10-75b870e4 a variant of Java/TrojanDownloader.Agent.AD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\jstraub\Application Data\Sun\Java\Deployment\cache\6.0\61\13b683bd-27003a1d Java/Exploit.CVE-2011-3544.AU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\jstraub\Application Data\Sun\Java\Deployment\cache\6.0\61\13b683bd-28ff71e4 a variant of Java/Exploit.CVE-2011-3544.AV trojan (unable to clean) 00000000000000000000000000000000 I


OTL logfile created on: 3/1/2012 8:51:22 AM - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\jstraub\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 76.03% Memory free
5.09 Gb Paging File | 4.42 Gb Available in Paging File | 86.87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.93 Gb Total Space | 122.39 Gb Free Space | 82.18% Space Free | Partition Type: NTFS
Drive I: | 261.09 Gb Total Space | 19.31 Gb Free Space | 7.40% Space Free | Partition Type: NTFS
Drive S: | 261.09 Gb Total Space | 19.31 Gb Free Space | 7.40% Space Free | Partition Type: NTFS
Drive T: | 261.09 Gb Total Space | 19.31 Gb Free Space | 7.40% Space Free | Partition Type: NTFS
Drive U: | 261.09 Gb Total Space | 19.31 Gb Free Space | 7.40% Space Free | Partition Type: NTFS
Drive V: | 261.09 Gb Total Space | 19.31 Gb Free Space | 7.40% Space Free | Partition Type: NTFS

Computer Name: JSTRAUB | User Name: jstraub | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/29 07:44:03 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jstraub\Desktop\OTL.exe
PRC - [2011/12/05 08:19:24 | 002,539,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\VIP Access Client\VIPUIManager.exe
PRC - [2011/12/05 08:19:24 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2010/03/18 15:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2010/02/18 15:50:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2010/02/18 15:50:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2010/02/18 15:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2010/02/18 15:50:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/10/02 22:32:51 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/07/16 09:36:28 | 002,066,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/16 09:36:18 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\lms.exe
PRC - [2009/06/11 21:46:46 | 000,656,384 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/06/11 18:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2009/05/18 08:36:00 | 000,145,920 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 07:00:00 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2008/04/14 07:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2006/06/15 08:43:20 | 000,049,152 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
PRC - [2002/02/20 10:38:00 | 000,106,496 | ---- | M] (FUJITSU LIMITED) -- C:\WINDOWS\twain_32\Fjscan32\FjtwSetup.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 03:16:17 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012/02/16 03:06:18 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/16 03:06:10 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
MOD - [2012/02/16 03:06:04 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 03:05:41 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/16 03:05:35 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/16 03:05:12 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/16 03:05:09 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/16 03:05:07 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/01/11 03:03:35 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b0718b9e\mscorlib.dll
MOD - [2012/01/11 03:03:33 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_2b32b4e9\system.drawing.dll
MOD - [2012/01/11 03:03:30 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_f4089c4f\system.xml.dll
MOD - [2012/01/11 03:03:28 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_dac7929e\system.windows.forms.dll
MOD - [2012/01/11 03:03:20 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_7047ad59\system.dll
MOD - [2012/01/11 03:03:11 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/11 03:03:10 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/10/13 02:05:44 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/13 02:04:58 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2010/02/18 15:50:00 | 000,065,536 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
MOD - [2010/02/05 13:11:59 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Status Lib\1.6.320.13950__f25c74fcad379103\Status Lib.dll
MOD - [2010/02/05 13:11:59 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\StatusInterfaces\1.6.320.13949__4ca2a925deedf37d\StatusInterfaces.dll
MOD - [2010/02/05 13:07:35 | 001,687,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3120.40644__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010/02/05 13:07:35 | 000,688,128 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3120.40800__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2010/02/05 13:07:35 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3120.40823__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2010/02/05 13:07:35 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3120.40600__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:35 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3120.40658__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/02/05 13:07:35 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3120.40816__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:35 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3120.40780__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:35 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3120.40636__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/02/05 13:07:35 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3120.40744__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:35 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3120.40622__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:34 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3120.40847__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/02/05 13:07:32 | 000,806,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3120.40747__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:32 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3120.40875__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:32 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3120.40806__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/02/05 13:07:32 | 000,348,160 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3120.40788__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:32 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3120.40854__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:32 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3120.40651__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:32 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3120.40794__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/02/05 13:07:32 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3120.40746__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:32 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3120.40615__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:32 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3120.40875__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:32 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3120.40787__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:32 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3120.40650__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:31 | 000,794,624 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3120.40817__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:31 | 000,663,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3120.40782__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:31 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3120.40669__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:31 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3120.40739__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:31 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3120.40623__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:31 | 000,376,832 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3120.40745__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:31 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3120.40664__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:31 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3120.40762__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/02/05 13:07:31 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3120.40816__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3120.40875__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3120.40744__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:31 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3120.40581__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/02/05 13:07:31 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3120.40583__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3120.40786__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3120.40746__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3120.40745__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3120.40642__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/02/05 13:07:31 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3120.40846__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3120.40675__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:31 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3120.40780__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3120.40745__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:31 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3120.40761__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:31 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3120.40621__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3120.40773__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/02/05 13:07:31 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3120.40837__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/02/05 13:07:31 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3120.40621__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3120.40621__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3120.40642__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3120.40761__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2010/02/05 13:07:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3120.40583__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3120.40583__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3120.40650__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3120.40599__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3120.40582__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/02/05 13:07:31 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3120.40580__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/02/05 13:07:31 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/02/05 13:07:31 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/02/05 13:07:31 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3120.40636__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3120.40614__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,015,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3120.40582__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/02/05 13:07:31 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3120.40587__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3120.40582__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3120.40598__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2010/02/05 13:07:31 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3120.40582__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3120.40599__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/02/05 13:07:31 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/02/05 13:07:31 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3120.40845__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,006,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3120.40589__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,006,144 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3120.40587__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3120.40584__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/02/05 13:07:31 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3120.40585__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3120.40600__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3120.40588__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/02/05 13:07:31 | 000,005,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3120.40599__90ba9c70f846762e\DEM.OS.dll
MOD - [2010/02/05 13:07:30 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3120.40867__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/02/05 13:07:30 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3120.40878__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2010/02/05 13:07:30 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3120.40588__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/02/05 13:07:29 | 000,995,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3120.40608__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/02/05 13:07:29 | 000,417,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3120.40829__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010/02/05 13:07:29 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3120.40629__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/02/05 13:07:29 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3120.40837__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/02/05 13:07:29 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3120.40599__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2010/02/05 13:07:29 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3120.40836__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/02/05 13:07:29 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3120.40590__90ba9c70f846762e\APM.Server.dll
MOD - [2010/02/05 13:07:29 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3120.40592__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/02/05 13:07:29 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3120.40591__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/02/05 13:07:29 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3120.40587__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/02/05 13:07:29 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3120.40589__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/02/05 13:07:29 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3120.40586__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/02/05 13:07:29 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3120.40607__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/02/05 13:07:29 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3120.40585__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/02/05 13:07:29 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/02/05 13:07:29 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3120.40837__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010/02/05 13:07:29 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3120.40584__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/02/05 13:07:29 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2010/02/05 13:07:29 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2010/02/05 13:07:29 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3120.40629__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/02/05 13:07:29 | 000,010,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3120.40607__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/02/05 13:07:29 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3120.40650__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/02/05 13:07:29 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3120.40591__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2009/07/16 09:20:20 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
MOD - [2009/05/18 08:34:04 | 000,249,856 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2009/02/27 15:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 15:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2008/04/25 16:35:57 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2008/04/25 16:35:57 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2008/04/25 16:35:56 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2008/04/25 16:35:55 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2007/04/18 18:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 18:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll
MOD - [2006/06/15 08:42:34 | 000,053,248 | ---- | M] () -- C:\Program Files\HP\ToolBoxFX\bin\NativeUtils.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Auto | Stopped] -- C:\Documents and Settings\jstraub\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2011/12/05 08:19:24 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2010/07/21 07:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Documents and Settings\jstraub\Local Settings\Application Data\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/03/18 15:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2010/02/18 15:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2010/02/05 13:18:07 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/16 09:36:28 | 002,066,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/07/16 09:36:18 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\lms.exe -- (LMS) Intel®
SRV - [2009/06/11 18:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/06/03 12:15:24 | 001,019,904 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/11/12 13:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/03/18 18:11:11 | 000,023,360 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2009/07/30 18:32:30 | 000,157,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2009/06/24 00:54:16 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2009/06/23 10:28:12 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/06/12 15:51:00 | 000,208,824 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2008/08/27 19:43:04 | 003,230,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/06/04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/03/28 06:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2006/06/12 16:36:30 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Help_Page = http://support.dell.com/support/index.aspx?c=us&l=en&s=gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP5X@verisign.com: C:\Program Files\Symantec\VIP Access Client\ [2011/12/15 16:04:22 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/02/28 08:49:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [FJTWAIN Setup] C:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O15 - HKCU\..Trusted Domains: advisorchannel.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: bdreporting.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: bonddesk.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: fidelity.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: fidelityresearch.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: fidelitywealthcentral.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: insightexpress.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: marketwatch.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pushinfo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: serviceops.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: verisign.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: webex.com ([]* in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://metlifeinvest.webex.com/client/T26L/webex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pfg.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE886293-3570-4962-AFE2-7EFB35165D5C}: NameServer = 172.16.1.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/01 08:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/29 16:49:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/29 12:13:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/29 10:32:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/29 07:47:40 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\jstraub\Desktop\aswMBR.exe
[2012/02/29 07:44:38 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jstraub\Desktop\OTL.exe
[2012/02/28 09:14:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jstraub\Desktop\VSE880LML
[2012/02/28 08:10:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/28 08:03:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/28 08:03:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/28 08:03:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/28 08:03:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/28 08:02:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/28 08:01:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/28 08:00:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jstraub\Start Menu\Programs\Administrative Tools
[2012/02/28 07:57:57 | 004,422,703 | R--- | C] (Swearware) -- C:\Documents and Settings\jstraub\Desktop\ComboFix.exe
[2012/02/28 07:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jstraub\My Documents\tdsskiller
[2012/02/27 15:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TightVNC
[2012/02/27 15:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jstraub\Start Menu\Programs\CrossLoop
[2012/02/27 15:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jstraub\Local Settings\Application Data\CrossLoop
[2012/02/27 08:27:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jstraub\Recent
[2012/02/27 08:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/02/27 08:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/02/24 23:24:40 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/02/24 22:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/01 08:43:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/29 17:48:39 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\jstraub\Desktop\Microsoft Office Word 2007.lnk
[2012/02/29 17:28:01 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\jstraub\Desktop\Microsoft Office Excel 2007.lnk
[2012/02/29 13:48:54 | 000,000,199 | ---- | M] () -- C:\WINDOWS\ecco.fdb
[2012/02/29 13:48:53 | 000,001,703 | ---- | M] () -- C:\WINDOWS\ecco.cfx
[2012/02/29 13:40:15 | 000,402,553 | ---- | M] () -- C:\Documents and Settings\jstraub\Desktop\Krebs Fidelity IRA transfer.pdf
[2012/02/29 13:37:29 | 000,285,695 | ---- | M] () -- C:\Documents and Settings\jstraub\Desktop\Krebs Fidelity IRA app.pdf
[2012/02/29 11:59:07 | 004,422,703 | R--- | M] (Swearware) -- C:\Documents and Settings\jstraub\Desktop\ComboFix.exe
[2012/02/29 11:11:49 | 000,402,790 | ---- | M] () -- C:\Documents and Settings\jstraub\Desktop\McDowell IRA Transfer Form.pdf
[2012/02/29 11:04:38 | 000,276,948 | ---- | M] () -- C:\Documents and Settings\jstraub\Desktop\McDowell IRA Fidelity app.pdf
[2012/02/29 10:39:00 | 000,514,808 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/29 10:39:00 | 000,098,454 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/29 10:35:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jstraub\Local Settings\Application Data\WavXMapDrive.bat
[2012/02/29 10:35:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/29 10:34:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/29 07:51:42 | 000,303,889 | ---- | M] () -- C:\Documents and Settings\jstraub\Desktop\ListParts.exe
[2012/02/29 07:47:27 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\jstraub\Desktop\aswMBR.exe
[2012/02/29 07:44:03 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jstraub\Desktop\OTL.exe
[2012/02/28 11:58:08 | 000,001,722 | -H-- | M] () -- C:\Documents and Settings\jstraub\My Documents\Default.rdp
[2012/02/28 08:49:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/28 08:10:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/02/27 15:39:32 | 000,002,346 | ---- | M] () -- C:\Documents and Settings\jstraub\Desktop\CrossLoop Connect.lnk
[2012/02/24 23:26:09 | 000,000,022 | ---- | M] () -- C:\Program Files\InstSuccess.ini
[2012/02/24 23:23:18 | 000,000,031 | ---- | M] () -- C:\dev.ini
[2012/02/24 13:36:16 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\jstraub\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/23 10:21:48 | 000,000,088 | ---- | M] () -- C:\WINDOWS\ecco.alm
[2012/02/22 15:07:31 | 000,043,106 | ---- | M] () -- C:\Documents and Settings\jstraub\Desktop\PFG FA ADV Part 2B - Hoover, Randy 2011 Brochure Supplement Approved.pdf
[2012/02/16 03:08:12 | 000,336,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/07 08:57:21 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\jstraub\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/02/01 12:56:08 | 000,045,675 | ---- | M] () -- C:\Documents and Settings\jstraub\Desktop\PFG Privacy Notice 2012.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/01 08:43:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/29 13:40:15 | 000,402,553 | ---- | C] () -- C:\Documents and Settings\jstraub\Desktop\Krebs Fidelity IRA transfer.pdf
[2012/02/29 13:37:29 | 000,285,695 | ---- | C] () -- C:\Documents and Settings\jstraub\Desktop\Krebs Fidelity IRA app.pdf
[2012/02/29 11:11:49 | 000,402,790 | ---- | C] () -- C:\Documents and Settings\jstraub\Desktop\McDowell IRA Transfer Form.pdf
[2012/02/29 11:02:43 | 000,276,948 | ---- | C] () -- C:\Documents and Settings\jstraub\Desktop\McDowell IRA Fidelity app.pdf
[2012/02/29 07:51:59 | 000,303,889 | ---- | C] () -- C:\Documents and Settings\jstraub\Desktop\ListParts.exe
[2012/02/28 11:57:56 | 000,001,722 | -H-- | C] () -- C:\Documents and Settings\jstraub\My Documents\Default.rdp
[2012/02/28 08:10:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/02/28 08:10:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/28 08:03:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/28 08:03:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/28 08:03:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/28 08:03:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/28 08:03:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/27 15:39:32 | 000,002,346 | ---- | C] () -- C:\Documents and Settings\jstraub\Desktop\CrossLoop Connect.lnk
[2012/02/24 23:01:46 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/02/24 23:01:46 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NetX360.lnk
[2012/02/24 23:01:46 | 000,001,722 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Morningstar Office.lnk
[2012/02/24 23:01:46 | 000,001,270 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Profiles Professional 9.3.lnk
[2012/02/24 23:01:46 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/02/24 23:00:33 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\jstraub\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/24 23:00:33 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\jstraub\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/02/24 23:00:33 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\jstraub\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/02/24 23:00:33 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\jstraub\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/02/24 22:59:44 | 000,002,413 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk
[2012/02/24 22:59:44 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 9.lnk
[2012/02/24 22:59:44 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/02/24 22:59:44 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.LNK
[2012/02/24 22:59:44 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2012/02/24 22:59:44 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\VIP Access.lnk
[2012/02/24 22:59:44 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/02/24 22:59:44 | 000,001,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Morningstar Office.lnk
[2012/02/24 22:59:44 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD DX.lnk
[2012/02/24 22:59:44 | 000,001,079 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
[2012/02/24 22:59:44 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.LNK
[2012/02/24 22:59:44 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.LNK
[2012/02/24 13:44:25 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\jstraub\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/22 15:07:31 | 000,043,106 | ---- | C] () -- C:\Documents and Settings\jstraub\Desktop\PFG FA ADV Part 2B - Hoover, Randy 2011 Brochure Supplement Approved.pdf
[2012/02/15 18:18:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 18:18:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/01 12:56:08 | 000,045,675 | ---- | C] () -- C:\Documents and Settings\jstraub\Desktop\PFG Privacy Notice 2012.pdf
[2010/06/24 02:03:57 | 000,627,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/31 09:22:20 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2010/03/18 11:35:47 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\jstraub\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2010/11/15 09:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/02/25 12:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brentmark
[2010/03/05 10:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leimberg
[2010/02/05 13:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2010/02/05 13:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/02/05 13:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/02/05 13:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Broadcom
[2010/05/27 12:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\EISI
[2010/03/01 10:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Fujitsu
[2010/03/17 10:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\IsolatedStorage
[2010/03/05 10:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Leimberg
[2011/09/02 10:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Morningstar
[2010/03/01 10:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Panasonic
[2011/09/15 07:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Pershing
[2010/02/05 13:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Wave Systems Corp
[2011/09/14 09:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\webex
[2010/02/05 12:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Windows Desktop Search
[2010/02/25 11:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jstraub\Application Data\Windows Search

========== Purity Check ==========



< End of report >

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:56 PM

Posted 01 March 2012 - 09:34 AM

Hi,

Did you add the following into the trusted sites?

O15 - HKCU\..Trusted Domains: advisorchannel.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: bdreporting.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: bonddesk.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: fidelity.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: fidelityresearch.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: fidelitywealthcentral.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: insightexpress.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: marketwatch.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pushinfo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: serviceops.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: verisign.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: webex.com ([]* in Trusted sites)


=============================


Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  • Click on Report to generate a log.
  • Please post that log when you reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 01 March 2012 - 10:19 AM

Most of the entries in Trusted Sites are legitimate. I do not recognize the following entry-

O15 - HKCU\..Trusted Domains: serviceops.com ([]* in Trusted sites)

This is a parked domain. Do you suggest I remove?


I ran TDSKiller as you instructed. TDSKiller reported one detection. Log to follow...

10:16:07.0284 4124 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
10:16:07.0753 4124 ============================================================
10:16:07.0753 4124 Current date / time: 2012/03/01 10:16:07.0753
10:16:07.0753 4124 SystemInfo:
10:16:07.0753 4124
10:16:07.0753 4124 OS Version: 5.1.2600 ServicePack: 3.0
10:16:07.0753 4124 Product type: Workstation
10:16:07.0753 4124 ComputerName: JSTRAUB
10:16:07.0753 4124 UserName: jstraub
10:16:07.0769 4124 Windows directory: C:\WINDOWS
10:16:07.0769 4124 System windows directory: C:\WINDOWS
10:16:07.0769 4124 Processor architecture: Intel x86
10:16:07.0769 4124 Number of processors: 2
10:16:07.0769 4124 Page size: 0x1000
10:16:07.0769 4124 Boot type: Normal boot
10:16:07.0769 4124 ============================================================
10:16:07.0956 4124 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:16:07.0956 4124 \Device\Harddisk0\DR0:
10:16:07.0956 4124 MBR used
10:16:07.0956 4124 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B24B, BlocksNum 0x129D9EB1
10:16:08.0034 4124 Initialize success
10:16:08.0034 4124 ============================================================
10:16:33.0440 3256 ============================================================
10:16:33.0440 3256 Scan started
10:16:33.0440 3256 Mode: Manual;
10:16:33.0440 3256 ============================================================
10:16:33.0799 3256 Abiosdsk - ok
10:16:33.0846 3256 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:16:33.0846 3256 abp480n5 - ok
10:16:33.0877 3256 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:16:33.0877 3256 ACPI - ok
10:16:33.0877 3256 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:16:33.0877 3256 ACPIEC - ok
10:16:33.0940 3256 ADIHdAudAddService (9d13680a2f0a4d61870da624e8e2f305) C:\WINDOWS\system32\drivers\ADIHdAud.sys
10:16:33.0940 3256 ADIHdAudAddService - ok
10:16:33.0971 3256 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:16:33.0971 3256 adpu160m - ok
10:16:34.0002 3256 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:16:34.0002 3256 aec - ok
10:16:34.0049 3256 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:16:34.0049 3256 AFD - ok
10:16:34.0096 3256 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:16:34.0096 3256 agp440 - ok
10:16:34.0096 3256 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:16:34.0096 3256 agpCPQ - ok
10:16:34.0112 3256 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:16:34.0112 3256 Aha154x - ok
10:16:34.0112 3256 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:16:34.0112 3256 aic78u2 - ok
10:16:34.0127 3256 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:16:34.0127 3256 aic78xx - ok
10:16:34.0127 3256 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:16:34.0127 3256 AliIde - ok
10:16:34.0143 3256 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:16:34.0143 3256 alim1541 - ok
10:16:34.0143 3256 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:16:34.0143 3256 amdagp - ok
10:16:34.0159 3256 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:16:34.0159 3256 amsint - ok
10:16:34.0159 3256 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:16:34.0159 3256 asc - ok
10:16:34.0174 3256 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:16:34.0174 3256 asc3350p - ok
10:16:34.0174 3256 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:16:34.0190 3256 asc3550 - ok
10:16:34.0205 3256 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:16:34.0205 3256 AsyncMac - ok
10:16:34.0237 3256 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:16:34.0237 3256 atapi - ok
10:16:34.0237 3256 Atdisk - ok
10:16:34.0346 3256 ati2mtag (fb3f4c60d58d11fb7c7cec927315b0ae) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:16:34.0346 3256 ati2mtag - ok
10:16:34.0393 3256 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:16:34.0393 3256 Atmarpc - ok
10:16:34.0409 3256 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:16:34.0424 3256 audstub - ok
10:16:34.0424 3256 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:16:34.0424 3256 Beep - ok
10:16:34.0534 3256 catchme - ok
10:16:34.0612 3256 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:16:34.0612 3256 cbidf - ok
10:16:34.0627 3256 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:16:34.0627 3256 cbidf2k - ok
10:16:34.0643 3256 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:16:34.0643 3256 cd20xrnt - ok
10:16:34.0659 3256 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:16:34.0659 3256 Cdaudio - ok
10:16:34.0674 3256 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:16:34.0674 3256 Cdfs - ok
10:16:34.0721 3256 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:16:34.0721 3256 Cdrom - ok
10:16:34.0721 3256 Changer - ok
10:16:34.0799 3256 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:16:34.0799 3256 CmdIde - ok
10:16:34.0815 3256 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:16:34.0815 3256 Cpqarray - ok
10:16:34.0815 3256 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:16:34.0830 3256 dac2w2k - ok
10:16:34.0830 3256 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:16:34.0830 3256 dac960nt - ok
10:16:34.0862 3256 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:16:34.0862 3256 Disk - ok
10:16:34.0955 3256 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:16:34.0971 3256 dmboot - ok
10:16:34.0987 3256 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:16:35.0002 3256 dmio - ok
10:16:35.0002 3256 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:16:35.0002 3256 dmload - ok
10:16:35.0049 3256 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:16:35.0049 3256 DMusic - ok
10:16:35.0080 3256 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:16:35.0080 3256 dpti2o - ok
10:16:35.0112 3256 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:16:35.0112 3256 drmkaud - ok
10:16:35.0159 3256 e1kexpress (df9261eb1bcb4983dddb765b3950fc97) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
10:16:35.0159 3256 e1kexpress - ok
10:16:35.0221 3256 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:16:35.0221 3256 Fastfat - ok
10:16:35.0237 3256 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:16:35.0237 3256 Fdc - ok
10:16:35.0252 3256 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:16:35.0252 3256 Fips - ok
10:16:35.0268 3256 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:16:35.0268 3256 Flpydisk - ok
10:16:35.0284 3256 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:16:35.0284 3256 FltMgr - ok
10:16:35.0299 3256 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:16:35.0299 3256 Fs_Rec - ok
10:16:35.0315 3256 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:16:35.0315 3256 Ftdisk - ok
10:16:35.0362 3256 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:16:35.0362 3256 Gpc - ok
10:16:35.0409 3256 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:16:35.0409 3256 HDAudBus - ok
10:16:35.0440 3256 HECI (88a67c34e37186665e916fd347b50d19) C:\WINDOWS\system32\DRIVERS\HECI.sys
10:16:35.0440 3256 HECI - ok
10:16:35.0455 3256 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:16:35.0455 3256 hidusb - ok
10:16:35.0518 3256 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys
10:16:35.0518 3256 HPFXBULK - ok
10:16:35.0549 3256 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:16:35.0549 3256 hpn - ok
10:16:35.0580 3256 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:16:35.0580 3256 HTTP - ok
10:16:35.0596 3256 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:16:35.0596 3256 i2omgmt - ok
10:16:35.0612 3256 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:16:35.0612 3256 i2omp - ok
10:16:35.0659 3256 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\drivers\iaStor.sys
10:16:35.0659 3256 iaStor - ok
10:16:35.0674 3256 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:16:35.0674 3256 Imapi - ok
10:16:35.0705 3256 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:16:35.0705 3256 ini910u - ok
10:16:35.0721 3256 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:16:35.0721 3256 IntelIde - ok
10:16:35.0752 3256 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:16:35.0752 3256 intelppm - ok
10:16:35.0752 3256 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:16:35.0752 3256 Ip6Fw - ok
10:16:35.0768 3256 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:16:35.0768 3256 IpFilterDriver - ok
10:16:35.0768 3256 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:16:35.0768 3256 IpInIp - ok
10:16:35.0784 3256 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:16:35.0784 3256 IpNat - ok
10:16:35.0784 3256 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:16:35.0784 3256 IPSec - ok
10:16:35.0815 3256 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:16:35.0815 3256 IRENUM - ok
10:16:35.0893 3256 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:16:35.0893 3256 isapnp - ok
10:16:35.0940 3256 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:16:35.0940 3256 Kbdclass - ok
10:16:35.0955 3256 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:16:35.0955 3256 kbdhid - ok
10:16:36.0002 3256 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:16:36.0018 3256 kmixer - ok
10:16:36.0065 3256 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:16:36.0065 3256 KSecDD - ok
10:16:36.0065 3256 lbrtfdc - ok
10:16:36.0127 3256 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:16:36.0127 3256 mnmdd - ok
10:16:36.0143 3256 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:16:36.0143 3256 Modem - ok
10:16:36.0174 3256 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:16:36.0174 3256 Mouclass - ok
10:16:36.0190 3256 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:16:36.0190 3256 mouhid - ok
10:16:36.0205 3256 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:16:36.0205 3256 MountMgr - ok
10:16:36.0221 3256 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:16:36.0221 3256 mraid35x - ok
10:16:36.0237 3256 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:16:36.0237 3256 MRxDAV - ok
10:16:36.0283 3256 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:16:36.0283 3256 MRxSmb - ok
10:16:36.0299 3256 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:16:36.0299 3256 Msfs - ok
10:16:36.0330 3256 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:16:36.0330 3256 MSKSSRV - ok
10:16:36.0362 3256 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:16:36.0362 3256 MSPCLOCK - ok
10:16:36.0362 3256 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:16:36.0362 3256 MSPQM - ok
10:16:36.0408 3256 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:16:36.0408 3256 mssmbios - ok
10:16:36.0471 3256 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:16:36.0471 3256 Mup - ok
10:16:36.0502 3256 NAL (8c48260fd6c281da171bdcc7b7396379) C:\WINDOWS\system32\Drivers\iqvw32.sys
10:16:36.0502 3256 NAL - ok
10:16:36.0549 3256 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:16:36.0565 3256 NDIS - ok
10:16:36.0596 3256 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:16:36.0596 3256 NdisTapi - ok
10:16:36.0612 3256 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:16:36.0612 3256 Ndisuio - ok
10:16:36.0612 3256 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:16:36.0612 3256 NdisWan - ok
10:16:36.0658 3256 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:16:36.0658 3256 NDProxy - ok
10:16:36.0674 3256 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:16:36.0674 3256 NetBIOS - ok
10:16:36.0690 3256 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:16:36.0690 3256 NetBT - ok
10:16:36.0721 3256 NetworkX (9446d03271baf3496bbd2957d2732fd2) C:\WINDOWS\system32\ckldrv.sys
10:16:36.0721 3256 NetworkX - ok
10:16:36.0737 3256 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:16:36.0737 3256 Npfs - ok
10:16:36.0768 3256 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:16:36.0783 3256 Ntfs - ok
10:16:36.0799 3256 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:16:36.0799 3256 Null - ok
10:16:36.0830 3256 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:16:36.0830 3256 NwlnkFlt - ok
10:16:36.0846 3256 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:16:36.0846 3256 NwlnkFwd - ok
10:16:36.0877 3256 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:16:36.0877 3256 Parport - ok
10:16:36.0893 3256 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:16:36.0893 3256 PartMgr - ok
10:16:36.0924 3256 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:16:36.0924 3256 ParVdm - ok
10:16:36.0940 3256 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
10:16:36.0940 3256 PBADRV - ok
10:16:36.0955 3256 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:16:36.0955 3256 PCI - ok
10:16:36.0955 3256 PCIDump - ok
10:16:36.0971 3256 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:16:36.0971 3256 PCIIde - ok
10:16:36.0971 3256 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:16:36.0987 3256 Pcmcia - ok
10:16:36.0987 3256 PDCOMP - ok
10:16:36.0987 3256 PDFRAME - ok
10:16:37.0002 3256 PDRELI - ok
10:16:37.0002 3256 PDRFRAME - ok
10:16:37.0018 3256 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:16:37.0018 3256 perc2 - ok
10:16:37.0018 3256 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:16:37.0018 3256 perc2hib - ok
10:16:37.0065 3256 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:16:37.0065 3256 PptpMiniport - ok
10:16:37.0065 3256 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:16:37.0065 3256 PSched - ok
10:16:37.0080 3256 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:16:37.0080 3256 Ptilink - ok
10:16:37.0112 3256 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:16:37.0112 3256 PxHelp20 - ok
10:16:37.0143 3256 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:16:37.0143 3256 ql1080 - ok
10:16:37.0143 3256 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:16:37.0143 3256 Ql10wnt - ok
10:16:37.0158 3256 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:16:37.0158 3256 ql12160 - ok
10:16:37.0158 3256 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:16:37.0158 3256 ql1240 - ok
10:16:37.0174 3256 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:16:37.0174 3256 ql1280 - ok
10:16:37.0190 3256 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:16:37.0190 3256 RasAcd - ok
10:16:37.0221 3256 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:16:37.0221 3256 Rasl2tp - ok
10:16:37.0221 3256 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:16:37.0221 3256 RasPppoe - ok
10:16:37.0237 3256 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:16:37.0237 3256 Raspti - ok
10:16:37.0252 3256 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:16:37.0252 3256 Rdbss - ok
10:16:37.0268 3256 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:16:37.0268 3256 RDPCDD - ok
10:16:37.0330 3256 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:16:37.0346 3256 rdpdr - ok
10:16:37.0393 3256 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:16:37.0393 3256 RDPWD - ok
10:16:37.0471 3256 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:16:37.0471 3256 redbook - ok
10:16:37.0565 3256 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:16:37.0565 3256 Secdrv - ok
10:16:37.0612 3256 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:16:37.0612 3256 Serenum - ok
10:16:37.0643 3256 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:16:37.0643 3256 Serial - ok
10:16:37.0737 3256 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
10:16:37.0737 3256 SFAUDIO - ok
10:16:37.0799 3256 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:16:37.0799 3256 Sfloppy - ok
10:16:37.0830 3256 Simbad - ok
10:16:37.0877 3256 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:16:37.0877 3256 sisagp - ok
10:16:37.0940 3256 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:16:37.0940 3256 Sparrow - ok
10:16:37.0971 3256 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:16:37.0971 3256 splitter - ok
10:16:38.0033 3256 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:16:38.0033 3256 sr - ok
10:16:38.0065 3256 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:16:38.0065 3256 Srv - ok
10:16:38.0096 3256 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:16:38.0096 3256 swenum - ok
10:16:38.0143 3256 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:16:38.0143 3256 swmidi - ok
10:16:38.0174 3256 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:16:38.0174 3256 symc810 - ok
10:16:38.0174 3256 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:16:38.0174 3256 symc8xx - ok
10:16:38.0190 3256 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:16:38.0190 3256 sym_hi - ok
10:16:38.0190 3256 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:16:38.0190 3256 sym_u3 - ok
10:16:38.0221 3256 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:16:38.0221 3256 sysaudio - ok
10:16:38.0268 3256 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:16:38.0283 3256 Tcpip - ok
10:16:38.0315 3256 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:16:38.0315 3256 TDPIPE - ok
10:16:38.0362 3256 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:16:38.0362 3256 TDTCP - ok
10:16:38.0393 3256 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:16:38.0393 3256 TermDD - ok
10:16:38.0455 3256 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
10:16:38.0455 3256 TosIde - ok
10:16:38.0502 3256 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:16:38.0502 3256 Udfs - ok
10:16:38.0518 3256 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:16:38.0518 3256 ultra - ok
10:16:38.0565 3256 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:16:38.0565 3256 Update - ok
10:16:38.0612 3256 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:16:38.0612 3256 usbccgp - ok
10:16:38.0674 3256 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:16:38.0674 3256 usbehci - ok
10:16:38.0721 3256 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:16:38.0721 3256 usbhub - ok
10:16:38.0768 3256 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:16:38.0768 3256 usbprint - ok
10:16:38.0799 3256 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:16:38.0799 3256 usbscan - ok
10:16:38.0862 3256 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:16:38.0862 3256 USBSTOR - ok
10:16:38.0908 3256 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:16:38.0908 3256 usbuhci - ok
10:16:38.0955 3256 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:16:38.0955 3256 VgaSave - ok
10:16:38.0987 3256 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:16:38.0987 3256 viaagp - ok
10:16:38.0987 3256 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:16:38.0987 3256 ViaIde - ok
10:16:39.0033 3256 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:16:39.0033 3256 VolSnap - ok
10:16:39.0065 3256 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:16:39.0065 3256 Wanarp - ok
10:16:39.0127 3256 WavxDMgr (e1369c7a53c76eb681afd0eba348b45a) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
10:16:39.0127 3256 WavxDMgr - ok
10:16:39.0143 3256 WDICA - ok
10:16:39.0190 3256 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:16:39.0190 3256 wdmaud - ok
10:16:39.0237 3256 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:16:39.0237 3256 WmiAcpi - ok
10:16:39.0268 3256 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:16:39.0268 3256 WS2IFSL - ok
10:16:39.0315 3256 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:16:39.0315 3256 WudfPf - ok
10:16:39.0315 3256 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:16:39.0315 3256 WudfRd - ok
10:16:39.0330 3256 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:16:39.0362 3256 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
10:16:39.0362 3256 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
10:16:39.0393 3256 Boot (0x1200) (537a8765f23721da995d9c77e0a06bd6) \Device\Harddisk0\DR0\Partition0
10:16:39.0393 3256 \Device\Harddisk0\DR0\Partition0 - ok
10:16:39.0393 3256 ============================================================
10:16:39.0393 3256 Scan finished
10:16:39.0393 3256 ============================================================
10:16:39.0408 4404 Detected object count: 1
10:16:39.0408 4404 Actual detected object count: 1
10:17:16.0298 4404 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - skipped by user
10:17:16.0298 4404 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Skip

#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:56 PM

Posted 01 March 2012 - 10:31 AM

Yes remove it if you don't recognize it.


Let's cure the rootkit.
  • Close all other running programs.
  • Please run TDSSKiller.exe again and start the scan.
  • Do not change any setting after the scan and let it Cure any infections found.
  • Follow the prompts and reboot the computer when ask.
  • Once completed.. It will generate a report located at C:\TDSSKiller.Version_Date_Time_log.txt.
  • Please post the contents of that log when you reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 01 March 2012 - 10:57 AM

I removed the suspicious Trusted Site as directed and ran TDSKiller following your instructions to Cure. The machine rebooted as expected. Log to follow -

10:52:34.0230 2436 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
10:52:34.0714 2436 ============================================================
10:52:34.0714 2436 Current date / time: 2012/03/01 10:52:34.0714
10:52:34.0714 2436 SystemInfo:
10:52:34.0714 2436
10:52:34.0714 2436 OS Version: 5.1.2600 ServicePack: 3.0
10:52:34.0714 2436 Product type: Workstation
10:52:34.0714 2436 ComputerName: JSTRAUB
10:52:34.0714 2436 UserName: jstraub
10:52:34.0714 2436 Windows directory: C:\WINDOWS
10:52:34.0714 2436 System windows directory: C:\WINDOWS
10:52:34.0714 2436 Processor architecture: Intel x86
10:52:34.0714 2436 Number of processors: 2
10:52:34.0714 2436 Page size: 0x1000
10:52:34.0714 2436 Boot type: Normal boot
10:52:34.0714 2436 ============================================================
10:52:34.0902 2436 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:52:34.0902 2436 \Device\Harddisk0\DR0:
10:52:34.0902 2436 MBR used
10:52:34.0902 2436 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B24B, BlocksNum 0x129D9EB1
10:52:34.0980 2436 Initialize success
10:52:34.0980 2436 ============================================================
10:52:39.0183 2248 ============================================================
10:52:39.0183 2248 Scan started
10:52:39.0183 2248 Mode: Manual;
10:52:39.0183 2248 ============================================================
10:52:39.0558 2248 Abiosdsk - ok
10:52:39.0605 2248 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:52:39.0605 2248 abp480n5 - ok
10:52:39.0621 2248 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:52:39.0636 2248 ACPI - ok
10:52:39.0636 2248 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:52:39.0636 2248 ACPIEC - ok
10:52:39.0699 2248 ADIHdAudAddService (9d13680a2f0a4d61870da624e8e2f305) C:\WINDOWS\system32\drivers\ADIHdAud.sys
10:52:39.0699 2248 ADIHdAudAddService - ok
10:52:39.0730 2248 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:52:39.0730 2248 adpu160m - ok
10:52:39.0761 2248 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:52:39.0761 2248 aec - ok
10:52:39.0824 2248 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:52:39.0824 2248 AFD - ok
10:52:39.0855 2248 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:52:39.0871 2248 agp440 - ok
10:52:39.0871 2248 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:52:39.0871 2248 agpCPQ - ok
10:52:39.0871 2248 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:52:39.0871 2248 Aha154x - ok
10:52:39.0886 2248 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:52:39.0886 2248 aic78u2 - ok
10:52:39.0886 2248 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:52:39.0886 2248 aic78xx - ok
10:52:39.0902 2248 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:52:39.0902 2248 AliIde - ok
10:52:39.0917 2248 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:52:39.0917 2248 alim1541 - ok
10:52:39.0917 2248 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:52:39.0917 2248 amdagp - ok
10:52:39.0933 2248 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:52:39.0933 2248 amsint - ok
10:52:39.0933 2248 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:52:39.0933 2248 asc - ok
10:52:39.0949 2248 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:52:39.0949 2248 asc3350p - ok
10:52:39.0949 2248 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:52:39.0949 2248 asc3550 - ok
10:52:39.0980 2248 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:52:39.0980 2248 AsyncMac - ok
10:52:40.0011 2248 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:52:40.0011 2248 atapi - ok
10:52:40.0011 2248 Atdisk - ok
10:52:40.0120 2248 ati2mtag (fb3f4c60d58d11fb7c7cec927315b0ae) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:52:40.0136 2248 ati2mtag - ok
10:52:40.0167 2248 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:52:40.0167 2248 Atmarpc - ok
10:52:40.0199 2248 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:52:40.0199 2248 audstub - ok
10:52:40.0245 2248 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:52:40.0245 2248 Beep - ok
10:52:40.0355 2248 catchme - ok
10:52:40.0433 2248 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:52:40.0433 2248 cbidf - ok
10:52:40.0449 2248 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:52:40.0449 2248 cbidf2k - ok
10:52:40.0449 2248 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:52:40.0449 2248 cd20xrnt - ok
10:52:40.0480 2248 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:52:40.0480 2248 Cdaudio - ok
10:52:40.0495 2248 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:52:40.0495 2248 Cdfs - ok
10:52:40.0542 2248 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:52:40.0542 2248 Cdrom - ok
10:52:40.0542 2248 Changer - ok
10:52:40.0589 2248 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:52:40.0589 2248 CmdIde - ok
10:52:40.0589 2248 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:52:40.0589 2248 Cpqarray - ok
10:52:40.0605 2248 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:52:40.0605 2248 dac2w2k - ok
10:52:40.0620 2248 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:52:40.0620 2248 dac960nt - ok
10:52:40.0652 2248 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:52:40.0652 2248 Disk - ok
10:52:40.0714 2248 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:52:40.0730 2248 dmboot - ok
10:52:40.0730 2248 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:52:40.0730 2248 dmio - ok
10:52:40.0745 2248 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:52:40.0745 2248 dmload - ok
10:52:40.0777 2248 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:52:40.0777 2248 DMusic - ok
10:52:40.0808 2248 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:52:40.0808 2248 dpti2o - ok
10:52:40.0839 2248 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:52:40.0839 2248 drmkaud - ok
10:52:40.0886 2248 e1kexpress (df9261eb1bcb4983dddb765b3950fc97) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
10:52:40.0886 2248 e1kexpress - ok
10:52:40.0949 2248 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:52:40.0949 2248 Fastfat - ok
10:52:40.0980 2248 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:52:40.0980 2248 Fdc - ok
10:52:40.0995 2248 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:52:40.0995 2248 Fips - ok
10:52:41.0011 2248 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:52:41.0011 2248 Flpydisk - ok
10:52:41.0027 2248 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:52:41.0027 2248 FltMgr - ok
10:52:41.0042 2248 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:52:41.0042 2248 Fs_Rec - ok
10:52:41.0042 2248 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:52:41.0042 2248 Ftdisk - ok
10:52:41.0089 2248 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:52:41.0089 2248 Gpc - ok
10:52:41.0136 2248 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:52:41.0136 2248 HDAudBus - ok
10:52:41.0183 2248 HECI (88a67c34e37186665e916fd347b50d19) C:\WINDOWS\system32\DRIVERS\HECI.sys
10:52:41.0183 2248 HECI - ok
10:52:41.0230 2248 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:52:41.0230 2248 hidusb - ok
10:52:41.0277 2248 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys
10:52:41.0277 2248 HPFXBULK - ok
10:52:41.0324 2248 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:52:41.0324 2248 hpn - ok
10:52:41.0355 2248 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:52:41.0355 2248 HTTP - ok
10:52:41.0402 2248 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:52:41.0402 2248 i2omgmt - ok
10:52:41.0417 2248 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:52:41.0417 2248 i2omp - ok
10:52:41.0511 2248 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\drivers\iaStor.sys
10:52:41.0511 2248 iaStor - ok
10:52:41.0558 2248 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:52:41.0558 2248 Imapi - ok
10:52:41.0589 2248 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:52:41.0589 2248 ini910u - ok
10:52:41.0589 2248 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:52:41.0589 2248 IntelIde - ok
10:52:41.0620 2248 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:52:41.0620 2248 intelppm - ok
10:52:41.0620 2248 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:52:41.0620 2248 Ip6Fw - ok
10:52:41.0636 2248 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:52:41.0636 2248 IpFilterDriver - ok
10:52:41.0636 2248 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:52:41.0636 2248 IpInIp - ok
10:52:41.0683 2248 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:52:41.0683 2248 IpNat - ok
10:52:41.0683 2248 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:52:41.0683 2248 IPSec - ok
10:52:41.0714 2248 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:52:41.0714 2248 IRENUM - ok
10:52:41.0745 2248 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:52:41.0745 2248 isapnp - ok
10:52:41.0792 2248 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:52:41.0792 2248 Kbdclass - ok
10:52:41.0808 2248 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:52:41.0808 2248 kbdhid - ok
10:52:41.0855 2248 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:52:41.0855 2248 kmixer - ok
10:52:41.0902 2248 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:52:41.0902 2248 KSecDD - ok
10:52:41.0902 2248 lbrtfdc - ok
10:52:41.0949 2248 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:52:41.0949 2248 mnmdd - ok
10:52:41.0980 2248 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:52:41.0980 2248 Modem - ok
10:52:41.0995 2248 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:52:42.0011 2248 Mouclass - ok
10:52:42.0011 2248 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:52:42.0011 2248 mouhid - ok
10:52:42.0027 2248 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:52:42.0027 2248 MountMgr - ok
10:52:42.0058 2248 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:52:42.0058 2248 mraid35x - ok
10:52:42.0058 2248 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:52:42.0058 2248 MRxDAV - ok
10:52:42.0105 2248 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:52:42.0105 2248 MRxSmb - ok
10:52:42.0136 2248 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:52:42.0136 2248 Msfs - ok
10:52:42.0152 2248 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:52:42.0152 2248 MSKSSRV - ok
10:52:42.0183 2248 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:52:42.0183 2248 MSPCLOCK - ok
10:52:42.0183 2248 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:52:42.0183 2248 MSPQM - ok
10:52:42.0230 2248 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:52:42.0230 2248 mssmbios - ok
10:52:42.0292 2248 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:52:42.0292 2248 Mup - ok
10:52:42.0339 2248 NAL (8c48260fd6c281da171bdcc7b7396379) C:\WINDOWS\system32\Drivers\iqvw32.sys
10:52:42.0339 2248 NAL - ok
10:52:42.0370 2248 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:52:42.0386 2248 NDIS - ok
10:52:42.0417 2248 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:52:42.0417 2248 NdisTapi - ok
10:52:42.0433 2248 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:52:42.0433 2248 Ndisuio - ok
10:52:42.0433 2248 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:52:42.0433 2248 NdisWan - ok
10:52:42.0480 2248 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:52:42.0480 2248 NDProxy - ok
10:52:42.0495 2248 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:52:42.0495 2248 NetBIOS - ok
10:52:42.0511 2248 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:52:42.0511 2248 NetBT - ok
10:52:42.0542 2248 NetworkX (9446d03271baf3496bbd2957d2732fd2) C:\WINDOWS\system32\ckldrv.sys
10:52:42.0542 2248 NetworkX - ok
10:52:42.0558 2248 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:52:42.0558 2248 Npfs - ok
10:52:42.0589 2248 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:52:42.0605 2248 Ntfs - ok
10:52:42.0620 2248 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:52:42.0620 2248 Null - ok
10:52:42.0652 2248 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:52:42.0652 2248 NwlnkFlt - ok
10:52:42.0652 2248 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:52:42.0652 2248 NwlnkFwd - ok
10:52:42.0683 2248 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:52:42.0699 2248 Parport - ok
10:52:42.0730 2248 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:52:42.0730 2248 PartMgr - ok
10:52:42.0761 2248 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:52:42.0761 2248 ParVdm - ok
10:52:42.0824 2248 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
10:52:42.0824 2248 PBADRV - ok
10:52:42.0824 2248 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:52:42.0824 2248 PCI - ok
10:52:42.0839 2248 PCIDump - ok
10:52:42.0839 2248 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:52:42.0839 2248 PCIIde - ok
10:52:42.0902 2248 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:52:42.0902 2248 Pcmcia - ok
10:52:42.0902 2248 PDCOMP - ok
10:52:42.0917 2248 PDFRAME - ok
10:52:42.0917 2248 PDRELI - ok
10:52:42.0917 2248 PDRFRAME - ok
10:52:42.0949 2248 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:52:42.0949 2248 perc2 - ok
10:52:42.0949 2248 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:52:42.0949 2248 perc2hib - ok
10:52:42.0995 2248 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:52:42.0995 2248 PptpMiniport - ok
10:52:42.0995 2248 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:52:42.0995 2248 PSched - ok
10:52:43.0011 2248 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:52:43.0011 2248 Ptilink - ok
10:52:43.0042 2248 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:52:43.0042 2248 PxHelp20 - ok
10:52:43.0074 2248 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:52:43.0089 2248 ql1080 - ok
10:52:43.0089 2248 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:52:43.0089 2248 Ql10wnt - ok
10:52:43.0089 2248 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:52:43.0089 2248 ql12160 - ok
10:52:43.0105 2248 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:52:43.0105 2248 ql1240 - ok
10:52:43.0105 2248 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:52:43.0105 2248 ql1280 - ok
10:52:43.0136 2248 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:52:43.0136 2248 RasAcd - ok
10:52:43.0152 2248 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:52:43.0152 2248 Rasl2tp - ok
10:52:43.0167 2248 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:52:43.0167 2248 RasPppoe - ok
10:52:43.0167 2248 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:52:43.0167 2248 Raspti - ok
10:52:43.0183 2248 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:52:43.0183 2248 Rdbss - ok
10:52:43.0199 2248 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:52:43.0199 2248 RDPCDD - ok
10:52:43.0214 2248 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:52:43.0214 2248 rdpdr - ok
10:52:43.0261 2248 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:52:43.0261 2248 RDPWD - ok
10:52:43.0277 2248 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:52:43.0277 2248 redbook - ok
10:52:43.0324 2248 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:52:43.0324 2248 Secdrv - ok
10:52:43.0355 2248 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:52:43.0355 2248 Serenum - ok
10:52:43.0370 2248 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:52:43.0370 2248 Serial - ok
10:52:43.0417 2248 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
10:52:43.0417 2248 SFAUDIO - ok
10:52:43.0433 2248 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:52:43.0433 2248 Sfloppy - ok
10:52:43.0449 2248 Simbad - ok
10:52:43.0464 2248 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:52:43.0464 2248 sisagp - ok
10:52:43.0480 2248 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:52:43.0480 2248 Sparrow - ok
10:52:43.0495 2248 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:52:43.0495 2248 splitter - ok
10:52:43.0527 2248 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:52:43.0527 2248 sr - ok
10:52:43.0574 2248 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:52:43.0574 2248 Srv - ok
10:52:43.0605 2248 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:52:43.0605 2248 swenum - ok
10:52:43.0652 2248 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:52:43.0652 2248 swmidi - ok
10:52:43.0683 2248 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:52:43.0683 2248 symc810 - ok
10:52:43.0699 2248 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:52:43.0699 2248 symc8xx - ok
10:52:43.0699 2248 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:52:43.0699 2248 sym_hi - ok
10:52:43.0714 2248 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:52:43.0714 2248 sym_u3 - ok
10:52:43.0730 2248 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:52:43.0730 2248 sysaudio - ok
10:52:43.0761 2248 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:52:43.0761 2248 Tcpip - ok
10:52:43.0808 2248 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:52:43.0808 2248 TDPIPE - ok
10:52:43.0823 2248 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:52:43.0823 2248 TDTCP - ok
10:52:43.0839 2248 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:52:43.0839 2248 TermDD - ok
10:52:43.0855 2248 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
10:52:43.0855 2248 TosIde - ok
10:52:43.0870 2248 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:52:43.0870 2248 Udfs - ok
10:52:43.0886 2248 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:52:43.0886 2248 ultra - ok
10:52:43.0886 2248 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:52:43.0902 2248 Update - ok
10:52:43.0933 2248 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:52:43.0933 2248 usbccgp - ok
10:52:43.0980 2248 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:52:43.0980 2248 usbehci - ok
10:52:44.0027 2248 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:52:44.0027 2248 usbhub - ok
10:52:44.0058 2248 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:52:44.0058 2248 usbprint - ok
10:52:44.0105 2248 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:52:44.0105 2248 usbscan - ok
10:52:44.0152 2248 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:52:44.0152 2248 USBSTOR - ok
10:52:44.0198 2248 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:52:44.0198 2248 usbuhci - ok
10:52:44.0245 2248 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:52:44.0245 2248 VgaSave - ok
10:52:44.0277 2248 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:52:44.0277 2248 viaagp - ok
10:52:44.0277 2248 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:52:44.0277 2248 ViaIde - ok
10:52:44.0308 2248 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:52:44.0308 2248 VolSnap - ok
10:52:44.0339 2248 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:52:44.0339 2248 Wanarp - ok
10:52:44.0402 2248 WavxDMgr (e1369c7a53c76eb681afd0eba348b45a) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
10:52:44.0402 2248 WavxDMgr - ok
10:52:44.0433 2248 WDICA - ok
10:52:44.0495 2248 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:52:44.0495 2248 wdmaud - ok
10:52:44.0605 2248 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:52:44.0605 2248 WmiAcpi - ok
10:52:44.0652 2248 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:52:44.0652 2248 WS2IFSL - ok
10:52:44.0730 2248 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:52:44.0730 2248 WudfPf - ok
10:52:44.0777 2248 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:52:44.0777 2248 WudfRd - ok
10:52:44.0808 2248 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:52:44.0839 2248 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
10:52:44.0839 2248 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
10:52:44.0855 2248 Boot (0x1200) (537a8765f23721da995d9c77e0a06bd6) \Device\Harddisk0\DR0\Partition0
10:52:44.0855 2248 \Device\Harddisk0\DR0\Partition0 - ok
10:52:44.0855 2248 ============================================================
10:52:44.0855 2248 Scan finished
10:52:44.0855 2248 ============================================================
10:52:44.0870 2980 Detected object count: 1
10:52:44.0870 2980 Actual detected object count: 1
10:53:03.0307 2980 \Device\Harddisk0\DR0\# - copied to quarantine
10:53:03.0307 2980 \Device\Harddisk0\DR0 - copied to quarantine
10:53:03.0338 2980 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
10:53:03.0338 2980 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
10:53:03.0354 2980 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
10:53:03.0354 2980 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
10:53:03.0354 2980 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
10:53:03.0354 2980 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
10:53:03.0354 2980 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
10:53:03.0354 2980 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
10:53:03.0354 2980 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
10:53:03.0354 2980 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:53:03.0354 2980 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:53:03.0354 2980 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:53:03.0354 2980 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:53:03.0370 2980 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
10:53:03.0370 2980 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
10:53:03.0370 2980 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
10:53:03.0385 2980 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
10:53:03.0385 2980 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
10:53:03.0385 2980 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
10:53:03.0385 2980 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
10:53:03.0417 2980 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
10:53:03.0417 2980 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
10:53:03.0417 2980 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
10:53:03.0417 2980 \Device\Harddisk0\DR0 - ok
10:53:03.0479 2980 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
10:53:08.0901 2708 Deinitialize success

#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:56 PM

Posted 01 March 2012 - 11:26 AM

Can you please run a scan with TDSSKiller again to ensure that the infection is gone. Please choose skip again if infection is found. Thanks.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 01 March 2012 - 11:31 AM

The browser redirection symptoms seem to be gone.

I ran TDSKiller again and it reported no detections. Log to follow -

11:28:25.0281 4996 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
11:28:25.0671 4996 ============================================================
11:28:25.0671 4996 Current date / time: 2012/03/01 11:28:25.0671
11:28:25.0671 4996 SystemInfo:
11:28:25.0671 4996
11:28:25.0671 4996 OS Version: 5.1.2600 ServicePack: 3.0
11:28:25.0671 4996 Product type: Workstation
11:28:25.0671 4996 ComputerName: JSTRAUB
11:28:25.0671 4996 UserName: jstraub
11:28:25.0671 4996 Windows directory: C:\WINDOWS
11:28:25.0671 4996 System windows directory: C:\WINDOWS
11:28:25.0671 4996 Processor architecture: Intel x86
11:28:25.0671 4996 Number of processors: 2
11:28:25.0671 4996 Page size: 0x1000
11:28:25.0671 4996 Boot type: Normal boot
11:28:25.0671 4996 ============================================================
11:28:27.0561 4996 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:28:27.0561 4996 \Device\Harddisk0\DR0:
11:28:27.0561 4996 MBR used
11:28:27.0561 4996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B24B, BlocksNum 0x129D9EB1
11:28:27.0733 4996 Initialize success
11:28:27.0733 4996 ============================================================
11:28:31.0060 5076 ============================================================
11:28:31.0060 5076 Scan started
11:28:31.0060 5076 Mode: Manual;
11:28:31.0060 5076 ============================================================
11:28:33.0169 5076 Abiosdsk - ok
11:28:33.0888 5076 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:28:33.0966 5076 abp480n5 - ok
11:28:34.0294 5076 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:28:34.0294 5076 ACPI - ok
11:28:34.0669 5076 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:28:34.0669 5076 ACPIEC - ok
11:28:34.0997 5076 ADIHdAudAddService (9d13680a2f0a4d61870da624e8e2f305) C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:28:35.0013 5076 ADIHdAudAddService - ok
11:28:35.0278 5076 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:28:35.0356 5076 adpu160m - ok
11:28:35.0778 5076 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:28:35.0809 5076 aec - ok
11:28:36.0059 5076 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:28:36.0059 5076 AFD - ok
11:28:36.0200 5076 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:28:36.0200 5076 agp440 - ok
11:28:36.0200 5076 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:28:36.0216 5076 agpCPQ - ok
11:28:36.0216 5076 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:28:36.0247 5076 Aha154x - ok
11:28:36.0356 5076 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:28:36.0403 5076 aic78u2 - ok
11:28:36.0669 5076 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:28:36.0747 5076 aic78xx - ok
11:28:36.0918 5076 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:28:37.0247 5076 AliIde - ok
11:28:37.0668 5076 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:28:37.0684 5076 alim1541 - ok
11:28:37.0887 5076 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:28:37.0887 5076 amdagp - ok
11:28:37.0981 5076 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:28:38.0043 5076 amsint - ok
11:28:38.0215 5076 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:28:38.0278 5076 asc - ok
11:28:38.0481 5076 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:28:38.0512 5076 asc3350p - ok
11:28:38.0731 5076 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:28:38.0762 5076 asc3550 - ok
11:28:38.0965 5076 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:28:38.0981 5076 AsyncMac - ok
11:28:39.0231 5076 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:28:39.0231 5076 atapi - ok
11:28:39.0262 5076 Atdisk - ok
11:28:39.0637 5076 ati2mtag (fb3f4c60d58d11fb7c7cec927315b0ae) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:28:39.0684 5076 ati2mtag - ok
11:28:39.0949 5076 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:28:39.0949 5076 Atmarpc - ok
11:28:40.0105 5076 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:28:40.0105 5076 audstub - ok
11:28:40.0137 5076 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:28:40.0137 5076 Beep - ok
11:28:40.0230 5076 catchme - ok
11:28:40.0308 5076 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:28:40.0308 5076 cbidf - ok
11:28:40.0324 5076 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:28:40.0324 5076 cbidf2k - ok
11:28:40.0324 5076 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:28:40.0355 5076 cd20xrnt - ok
11:28:40.0387 5076 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:28:40.0387 5076 Cdaudio - ok
11:28:40.0402 5076 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:28:40.0402 5076 Cdfs - ok
11:28:40.0449 5076 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:28:40.0512 5076 Cdrom - ok
11:28:40.0527 5076 Changer - ok
11:28:40.0558 5076 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:28:40.0558 5076 CmdIde - ok
11:28:40.0574 5076 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:28:40.0574 5076 Cpqarray - ok
11:28:40.0605 5076 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:28:40.0605 5076 dac2w2k - ok
11:28:40.0621 5076 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:28:40.0668 5076 dac960nt - ok
11:28:40.0793 5076 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:28:40.0793 5076 Disk - ok
11:28:40.0824 5076 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:28:40.0902 5076 dmboot - ok
11:28:41.0246 5076 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:28:41.0246 5076 dmio - ok
11:28:41.0511 5076 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:28:41.0511 5076 dmload - ok
11:28:41.0605 5076 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:28:41.0621 5076 DMusic - ok
11:28:41.0652 5076 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:28:41.0652 5076 dpti2o - ok
11:28:41.0714 5076 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:28:41.0714 5076 drmkaud - ok
11:28:41.0761 5076 e1kexpress (df9261eb1bcb4983dddb765b3950fc97) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
11:28:41.0902 5076 e1kexpress - ok
11:28:42.0027 5076 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:28:42.0043 5076 Fastfat - ok
11:28:42.0058 5076 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:28:42.0058 5076 Fdc - ok
11:28:42.0105 5076 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:28:42.0105 5076 Fips - ok
11:28:42.0121 5076 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:28:42.0121 5076 Flpydisk - ok
11:28:42.0136 5076 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:28:42.0136 5076 FltMgr - ok
11:28:42.0183 5076 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:28:42.0183 5076 Fs_Rec - ok
11:28:42.0230 5076 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:28:42.0230 5076 Ftdisk - ok
11:28:42.0293 5076 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:28:42.0293 5076 Gpc - ok
11:28:42.0339 5076 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:28:42.0339 5076 HDAudBus - ok
11:28:42.0386 5076 HECI (88a67c34e37186665e916fd347b50d19) C:\WINDOWS\system32\DRIVERS\HECI.sys
11:28:42.0496 5076 HECI - ok
11:28:42.0636 5076 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:28:42.0636 5076 hidusb - ok
11:28:42.0714 5076 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys
11:28:42.0777 5076 HPFXBULK - ok
11:28:42.0824 5076 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:28:42.0855 5076 hpn - ok
11:28:42.0917 5076 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:28:42.0917 5076 HTTP - ok
11:28:43.0011 5076 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:28:43.0027 5076 i2omgmt - ok
11:28:43.0152 5076 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:28:43.0152 5076 i2omp - ok
11:28:43.0292 5076 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\drivers\iaStor.sys
11:28:43.0292 5076 iaStor - ok
11:28:43.0464 5076 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:28:43.0464 5076 Imapi - ok
11:28:43.0652 5076 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:28:43.0683 5076 ini910u - ok
11:28:43.0808 5076 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:28:43.0808 5076 IntelIde - ok
11:28:43.0855 5076 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:28:43.0855 5076 intelppm - ok
11:28:43.0870 5076 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:28:43.0886 5076 Ip6Fw - ok
11:28:43.0902 5076 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:28:43.0902 5076 IpFilterDriver - ok
11:28:43.0917 5076 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:28:43.0917 5076 IpInIp - ok
11:28:43.0964 5076 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:28:43.0964 5076 IpNat - ok
11:28:44.0027 5076 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:28:44.0027 5076 IPSec - ok
11:28:44.0042 5076 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:28:44.0058 5076 IRENUM - ok
11:28:44.0105 5076 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:28:44.0105 5076 isapnp - ok
11:28:44.0167 5076 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:28:44.0167 5076 Kbdclass - ok
11:28:44.0386 5076 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:28:44.0386 5076 kbdhid - ok
11:28:44.0526 5076 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:28:44.0542 5076 kmixer - ok
11:28:44.0667 5076 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:28:44.0667 5076 KSecDD - ok
11:28:44.0683 5076 lbrtfdc - ok
11:28:44.0776 5076 mfeapfk (c0d975d64c1af8057f2d75b1297a6979) C:\WINDOWS\system32\drivers\mfeapfk.sys
11:28:44.0808 5076 mfeapfk - ok
11:28:45.0339 5076 mfeavfk (c169326049a8a03d5f905b34f5a65f8c) C:\WINDOWS\system32\drivers\mfeavfk.sys
11:28:45.0386 5076 mfeavfk - ok
11:28:45.0542 5076 mfeavfk01 - ok
11:28:45.0604 5076 mfebopk (50b0253b2484a306a20d8695c5ae5858) C:\WINDOWS\system32\drivers\mfebopk.sys
11:28:45.0667 5076 mfebopk - ok
11:28:45.0948 5076 mfehidk (188b40866db2ab8ef262febc65291687) C:\WINDOWS\system32\drivers\mfehidk.sys
11:28:45.0948 5076 mfehidk - ok
11:28:46.0370 5076 mferkdet (c1b30af2e18e69bf8ceb39b33f32d3c1) C:\WINDOWS\system32\drivers\mferkdet.sys
11:28:46.0448 5076 mferkdet - ok
11:28:46.0667 5076 mfetdi2k (97ef4ca122ddda4781ff557e65dfb262) C:\WINDOWS\system32\drivers\mfetdi2k.sys
11:28:46.0698 5076 mfetdi2k - ok
11:28:46.0917 5076 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:28:46.0917 5076 mnmdd - ok
11:28:47.0307 5076 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:28:47.0323 5076 Modem - ok
11:28:47.0916 5076 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:28:47.0916 5076 Mouclass - ok
11:28:48.0245 5076 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:28:48.0245 5076 mouhid - ok
11:28:48.0401 5076 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:28:48.0401 5076 MountMgr - ok
11:28:48.0573 5076 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:28:48.0619 5076 mraid35x - ok
11:28:48.0698 5076 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:28:48.0698 5076 MRxDAV - ok
11:28:49.0229 5076 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:28:49.0229 5076 MRxSmb - ok
11:28:49.0338 5076 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:28:49.0338 5076 Msfs - ok
11:28:49.0479 5076 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:28:49.0479 5076 MSKSSRV - ok
11:28:49.0494 5076 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:28:49.0510 5076 MSPCLOCK - ok
11:28:49.0526 5076 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:28:49.0526 5076 MSPQM - ok
11:28:49.0588 5076 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:28:49.0604 5076 mssmbios - ok
11:28:49.0775 5076 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:28:49.0775 5076 Mup - ok
11:28:49.0822 5076 NAL (8c48260fd6c281da171bdcc7b7396379) C:\WINDOWS\system32\Drivers\iqvw32.sys
11:28:49.0963 5076 NAL - ok
11:28:50.0088 5076 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:28:50.0088 5076 NDIS - ok
11:28:50.0197 5076 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:28:50.0197 5076 NdisTapi - ok
11:28:50.0275 5076 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:28:50.0275 5076 Ndisuio - ok
11:28:50.0322 5076 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:28:50.0322 5076 NdisWan - ok
11:28:50.0400 5076 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:28:50.0400 5076 NDProxy - ok
11:28:50.0572 5076 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:28:50.0572 5076 NetBIOS - ok
11:28:50.0603 5076 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:28:50.0603 5076 NetBT - ok
11:28:50.0650 5076 NetworkX (9446d03271baf3496bbd2957d2732fd2) C:\WINDOWS\system32\ckldrv.sys
11:28:50.0916 5076 NetworkX - ok
11:28:51.0166 5076 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:28:51.0166 5076 Npfs - ok
11:28:51.0369 5076 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:28:51.0369 5076 Ntfs - ok
11:28:51.0681 5076 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:28:51.0697 5076 Null - ok
11:28:51.0931 5076 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:28:51.0931 5076 NwlnkFlt - ok
11:28:51.0994 5076 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:28:52.0009 5076 NwlnkFwd - ok
11:28:52.0103 5076 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:28:52.0103 5076 Parport - ok
11:28:52.0166 5076 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:28:52.0166 5076 PartMgr - ok
11:28:52.0400 5076 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:28:52.0400 5076 ParVdm - ok
11:28:52.0556 5076 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
11:28:52.0556 5076 PBADRV - ok
11:28:52.0728 5076 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:28:52.0728 5076 PCI - ok
11:28:52.0728 5076 PCIDump - ok
11:28:52.0744 5076 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:28:52.0744 5076 PCIIde - ok
11:28:52.0759 5076 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:28:52.0775 5076 Pcmcia - ok
11:28:52.0962 5076 PDCOMP - ok
11:28:53.0009 5076 PDFRAME - ok
11:28:53.0025 5076 PDRELI - ok
11:28:53.0041 5076 PDRFRAME - ok
11:28:53.0103 5076 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:28:53.0134 5076 perc2 - ok
11:28:53.0212 5076 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:28:53.0212 5076 perc2hib - ok
11:28:53.0462 5076 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:28:53.0462 5076 PptpMiniport - ok
11:28:53.0743 5076 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:28:53.0743 5076 PSched - ok
11:28:53.0931 5076 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:28:53.0931 5076 Ptilink - ok
11:28:54.0150 5076 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:28:54.0150 5076 PxHelp20 - ok
11:28:54.0306 5076 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:28:54.0306 5076 ql1080 - ok
11:28:54.0337 5076 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:28:54.0337 5076 Ql10wnt - ok
11:28:54.0415 5076 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:28:54.0415 5076 ql12160 - ok
11:28:54.0462 5076 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:28:54.0478 5076 ql1240 - ok
11:28:54.0493 5076 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:28:54.0509 5076 ql1280 - ok
11:28:54.0571 5076 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:28:54.0571 5076 RasAcd - ok
11:28:54.0587 5076 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:28:54.0587 5076 Rasl2tp - ok
11:28:54.0618 5076 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:28:54.0618 5076 RasPppoe - ok
11:28:54.0634 5076 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:28:54.0634 5076 Raspti - ok
11:28:54.0665 5076 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:28:54.0665 5076 Rdbss - ok
11:28:54.0681 5076 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:28:54.0681 5076 RDPCDD - ok
11:28:54.0712 5076 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:28:54.0775 5076 rdpdr - ok
11:28:55.0025 5076 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:28:55.0025 5076 RDPWD - ok
11:28:55.0149 5076 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:28:55.0165 5076 redbook - ok
11:28:55.0321 5076 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:28:55.0321 5076 Secdrv - ok
11:28:55.0353 5076 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:28:55.0353 5076 Serenum - ok
11:28:55.0368 5076 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:28:55.0384 5076 Serial - ok
11:28:55.0446 5076 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
11:28:55.0446 5076 SFAUDIO - ok
11:28:55.0540 5076 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:28:55.0556 5076 Sfloppy - ok
11:28:55.0603 5076 Simbad - ok
11:28:55.0649 5076 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:28:55.0649 5076 sisagp - ok
11:28:55.0665 5076 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:28:55.0665 5076 Sparrow - ok
11:28:55.0728 5076 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:28:55.0743 5076 splitter - ok
11:28:56.0040 5076 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:28:56.0040 5076 sr - ok
11:28:56.0274 5076 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:28:56.0274 5076 Srv - ok
11:28:56.0352 5076 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:28:56.0352 5076 swenum - ok
11:28:56.0415 5076 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:28:56.0415 5076 swmidi - ok
11:28:56.0462 5076 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:28:56.0524 5076 symc810 - ok
11:28:56.0524 5076 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:28:56.0587 5076 symc8xx - ok
11:28:56.0634 5076 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:28:56.0634 5076 sym_hi - ok
11:28:56.0837 5076 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:28:56.0899 5076 sym_u3 - ok
11:28:57.0133 5076 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:28:57.0133 5076 sysaudio - ok
11:28:57.0430 5076 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:28:57.0430 5076 Tcpip - ok
11:28:57.0696 5076 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:28:57.0696 5076 TDPIPE - ok
11:28:57.0790 5076 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:28:57.0805 5076 TDTCP - ok
11:28:57.0868 5076 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:28:57.0883 5076 TermDD - ok
11:28:57.0899 5076 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:28:57.0899 5076 TosIde - ok
11:28:57.0977 5076 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:28:57.0977 5076 Udfs - ok
11:28:58.0165 5076 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:28:58.0196 5076 ultra - ok
11:28:58.0274 5076 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:28:58.0321 5076 Update - ok
11:28:58.0524 5076 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:28:58.0524 5076 usbccgp - ok
11:28:58.0602 5076 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:28:58.0664 5076 usbehci - ok
11:28:58.0836 5076 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:28:58.0852 5076 usbhub - ok
11:28:59.0118 5076 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:28:59.0118 5076 usbprint - ok
11:28:59.0211 5076 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:28:59.0227 5076 usbscan - ok
11:28:59.0289 5076 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:28:59.0289 5076 USBSTOR - ok
11:28:59.0367 5076 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:28:59.0367 5076 usbuhci - ok
11:28:59.0430 5076 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:28:59.0430 5076 VgaSave - ok
11:28:59.0492 5076 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:28:59.0508 5076 viaagp - ok
11:28:59.0508 5076 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:28:59.0508 5076 ViaIde - ok
11:28:59.0555 5076 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:28:59.0555 5076 VolSnap - ok
11:28:59.0571 5076 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:28:59.0586 5076 Wanarp - ok
11:28:59.0602 5076 WavxDMgr (e1369c7a53c76eb681afd0eba348b45a) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
11:28:59.0617 5076 WavxDMgr - ok
11:28:59.0617 5076 WDICA - ok
11:28:59.0680 5076 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:28:59.0680 5076 wdmaud - ok
11:28:59.0774 5076 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:28:59.0774 5076 WmiAcpi - ok
11:28:59.0805 5076 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:28:59.0805 5076 WS2IFSL - ok
11:28:59.0883 5076 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:28:59.0883 5076 WudfPf - ok
11:28:59.0914 5076 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:28:59.0914 5076 WudfRd - ok
11:28:59.0961 5076 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:29:00.0039 5076 \Device\Harddisk0\DR0 - ok
11:29:00.0039 5076 Boot (0x1200) (537a8765f23721da995d9c77e0a06bd6) \Device\Harddisk0\DR0\Partition0
11:29:00.0039 5076 \Device\Harddisk0\DR0\Partition0 - ok
11:29:00.0039 5076 ============================================================
11:29:00.0039 5076 Scan finished
11:29:00.0039 5076 ============================================================
11:29:00.0055 5068 Detected object count: 0
11:29:00.0055 5068 Actual detected object count: 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users