Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine redirects


  • This topic is locked This topic is locked
28 replies to this topic

#1 leibtek

leibtek

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 27 March 2012 - 07:56 AM

Hi,

The computer had suffered from a virus a while back. After removal, and WIN7 SP1 installation, everything seems fine except for the DNS.

The computer cannot reach google.com, search.yahoo.com, or bing.com. Doing an nslookup reveals, that the local DNS server will timeout on those addresses (except for bing), and from external DNS servers, a false answer of 87.125.87.103, will always be achieved. The HOSTS file is clean, the registry to the HOSTS is correct.

Please advise.

All help is gretly appreciated.

Thank you!
Leibtek

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by danielle at 8:36:55 on 2012-03-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2792.1605 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AppleOSSMgr.exe
C:\Windows\system32\AppleTimeSrv.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Xobni\XobniService.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rdpclip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\AIM\aim.exe
C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/?ilc=8
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [Akamai NetSession Interface] "c:\users\danielle.allstatemedical\appdata\local\akamai\netsession_win.exe"
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Apple_KbdMgr] c:\program files\boot camp\Bootcamp.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.100
TCP: Interfaces\{978709DC-1B0F-460C-9E1A-2FDB244D4CBF} : DhcpNameServer = 192.168.1.100
TCP: Interfaces\{B5CF7759-7214-4E0E-9FBD-0111FFE7C93D} : DhcpNameServer = 192.168.1.100
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\progra~1\google\google~1\GO36F4~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\danielle.allstatemedical\appdata\roaming\mozilla\firefox\profiles\wwzpt9bf.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\danielle.allstatemedical\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AppleHFS;AppleHFS;c:\windows\system32\drivers\AppleHFS.sys [2011-8-15 58200]
R0 AppleMNT;AppleMNT;c:\windows\system32\drivers\AppleMNT.sys [2011-8-15 15320]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2011-8-15 194432]
R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2010-1-16 99640]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2011-8-15 15064]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2010-11-11 12928]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-1-12 185640]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-3-24 45288]
R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\drivers\AppleBtBc.sys [2012-3-9 18944]
R3 AX88178;ASIX AX88178 USB2.0 to Gigabit Ethernet Adapter;c:\windows\system32\drivers\ax88178.sys [2012-3-19 49664]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-11-3 71424]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2009-11-3 11520]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [2010-1-27 16512]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 M4-Service;M4-Service;c:\users\danielle.allstatemedical\appdata\local\microsoft\windows\temporary internet files\content.ie5\b06527j1\m4-service.exe --> c:\users\danielle.allstatemedical\appdata\local\microsoft\windows\temporary internet files\content.ie5\b06527j1\M4-Service.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-3-19 245760]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [2012-3-9 26624]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-3-12 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-9 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 QuickBooksDB19;QuickBooksDB19;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb19 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB19 [?]
.
=============== Created Last 30 ================
.
2012-03-27 08:09:10 -------- d-----w- c:\program files\Panda Security
2012-03-27 06:36:16 -------- d-----w- c:\program files\ESET
2012-03-27 06:22:25 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{df4d1a7b-5014-4d21-b924-c9e6677d9570}\mpengine.dll
2012-03-26 15:08:33 -------- d-----w- c:\program files\RadioRage_4jEI
2012-03-23 16:21:53 -------- d-----w- c:\users\danielle.allstatemedical\appdata\local\Xobni
2012-03-23 16:21:11 -------- d-----w- c:\program files\Xobni
2012-03-19 20:00:59 -------- d-----w- c:\users\danielle.allstatemedical\appdata\roaming\ControlCenter4
2012-03-19 19:48:24 -------- d-----w- C:\Brother
2012-03-19 19:48:16 -------- d-----w- c:\programdata\ControlCenter4
2012-03-19 19:48:16 -------- d-----w- c:\program files\Browny02
2012-03-19 19:48:04 -------- d-----w- c:\program files\ControlCenter4
2012-03-19 19:47:57 225280 ------w- c:\windows\system32\BrfxD05c.dll
2012-03-19 19:47:51 73728 ------w- c:\windows\system32\BrDctF2.dll
2012-03-19 19:47:51 5120 ------w- c:\windows\system32\BrDctF2L.dll
2012-03-19 19:47:51 2560 ------w- c:\windows\system32\BrDctF2S.dll
2012-03-19 19:35:04 -------- d-----w- c:\program files\ASIX Electronics Corporation
2012-03-19 19:34:20 49664 ----a-w- c:\windows\system32\drivers\ax88178.sys
2012-03-19 13:26:24 -------- d-----w- c:\program files\NVIDIA Corporation
2012-03-16 14:31:38 -------- d-----w- c:\programdata\MSScanAppDataDir
2012-03-15 13:35:16 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-15 13:35:16 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 23:56:23 -------- d-----w- c:\windows\system32\SPReview
2012-03-14 23:56:01 -------- d-----w- c:\windows\system32\EventProviders
2012-03-14 23:53:17 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 23:53:16 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 23:06:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-14 22:35:09 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-14 15:20:41 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 15:20:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 15:20:14 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 15:20:12 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 15:20:12 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 15:20:12 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2012-03-14 15:20:12 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 14:05:39 -------- d-----w- c:\users\danielle.allstatemedical\appdata\roaming\Malwarebytes
2012-03-13 07:07:06 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2012-03-12 18:41:33 -------- d-----w- c:\users\danielle.allstatemedical\appdata\local\Mozilla
2012-03-12 16:42:59 9166336 ----a-w- c:\program files\dvd maker\OmdBase.dll
2012-03-12 16:41:59 933376 ----a-w- c:\windows\system32\Vault.dll
2012-03-12 16:40:59 7680 ----a-w- c:\windows\system32\spwizres.dll
2012-03-12 16:06:31 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-03-09 05:15:01 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cc070233-9101-448e-b859-b927d7f4a41f}\gapaengine.dll
2012-03-09 05:04:58 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-09 04:57:08 18944 ----a-w- c:\windows\system32\drivers\AppleBtBc.sys
2012-03-09 04:57:00 26624 ----a-w- c:\windows\system32\drivers\KeyMagic.sys
2012-03-09 04:43:01 -------- d-----w- c:\windows\system32\Wat
2012-03-09 04:10:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-09 04:10:01 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2012-03-09 04:10:01 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-03-09 04:10:01 141112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-03-09 04:10:00 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-03-09 04:10:00 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-03-09 04:09:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-09 03:57:06 -------- d-----w- c:\users\danielle.allstatemedical\appdata\local\temp
2012-03-09 02:44:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-03-09 02:44:09 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-03-09 02:44:09 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-03-09 02:44:09 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-03-09 02:44:09 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-03-09 02:44:09 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-03-09 02:44:09 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-03-09 00:36:21 -------- d-----w- c:\programdata\Malwarebytes
2012-03-09 00:36:08 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-09 00:36:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-07 18:19:04 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-03-07 18:19:04 3867936 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-03-07 18:19:04 3556640 ----a-w- c:\windows\system32\bcmihvui.dll
2012-03-07 18:19:04 2661368 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-03-07 18:08:25 9905064 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-03-07 18:08:25 590232 ----a-w- c:\windows\system32\nvudisp.exe
2012-03-07 18:08:25 3214952 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-03-07 18:08:25 10668648 ----a-w- c:\windows\system32\nvoglv32.dll
2012-03-07 18:08:24 678504 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-07 18:08:24 260712 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-03-07 18:08:24 217496 ----a-w- c:\windows\system32\nvcod189.dll
2012-03-07 18:08:24 217496 ----a-w- c:\windows\system32\nvcod.dll
2012-03-07 18:08:24 1748584 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-07 18:08:24 1530472 ----a-w- c:\windows\system32\nvencodemft.dll
2012-03-07 18:08:24 1317480 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-07 14:50:45 -------- d-----w- c:\users\danielle.allstatemedical\appdata\local\Mikogo4
2012-03-02 07:40:08 6552120 ------w- c:\programdata\microsoft\windows defender\definition updates\{aaf4d75a-2ea7-4516-b11f-3ac2de48dc76}\mpengine.dll
.
==================== Find3M ====================
.
2012-03-15 00:12:03 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-03-14 23:44:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
.
============= FINISH: 8:37:24.64 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:42 AM

Posted 30 March 2012 - 09:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

If you did not set this proxy remove it. ( Check with your Internet Provider is not sure)
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:9421 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.
===

The computer cannot reach google.com, search.yahoo.com, or bing.com. Doing an nslookup reveals, that the local DNS server will timeout on those addresses (except for bing), and from external DNS servers, a false answer of 87.125.87.103, will always be achieved. The HOSTS file is clean, the registry to the HOSTS is correct.


Click the Posted Image button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/
<<<>>>

If that fails continue.

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]


Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.

On a Vista or Windows 7 operating system right click on the fixme.reg file and run as Administrator.

Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.

===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Let me know if the problem persists.

#3 leibtek

leibtek
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 30 March 2012 - 10:10 AM

Thank you nasdaq!

I ran the flushdns command.

I added the registry entries.

And I ran the SecurityCheck.

The "Use Proxy" checkbox was unchecked. I searched the registry for ";127.0.0.1:9421" and found two entries "OverrideProxy=*.local;127.0.0.1:9421" so I deleted the ";127.0.0.1:9421" and left it at "*.local" only.

Still having the same issue.

Results of screen317's Security Check version 0.99.32
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 24
Java version out of date!
Adobe Flash Player 11.1.102.63
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox 10.0.2 Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````


Neither Spywareblaster nor Spybot are installed.

Edited by leibtek, 30 March 2012 - 10:32 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:42 AM

Posted 30 March 2012 - 01:10 PM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 24


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Please let me know if the problem persists.

Edited by nasdaq, 30 March 2012 - 01:11 PM.


#5 leibtek

leibtek
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 30 March 2012 - 03:07 PM

I ran the Combofix and attached it's log. Adobe Reader and Java were updated soon afterward.

After Combofix ran, if I tried opening any program, an error would appear saying that the registry key has been marked for deletion. I restarted the computer, and everything seems back to normal.

However, my problem is still here.

Thank you!

Attached Files


Edited by leibtek, 30 March 2012 - 03:30 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:42 AM

Posted 31 March 2012 - 07:39 AM

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#7 leibtek

leibtek
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 31 March 2012 - 08:58 PM

Here it is:

Farbar Service Scanner Version: 01-03-2012
Ran by Danielle (administrator) on 31-03-2012 at 21:58:41
Running from "C:\Users\Danielle.ALLSTATEMEDICAL\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:42 AM

Posted 01 April 2012 - 07:39 AM

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Then run this tool.


Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

Please post the logs for my review.

#9 leibtek

leibtek
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 01 April 2012 - 08:03 AM

TDSKiller Report:

08:55:47.0145 1960 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
08:55:47.0415 1960 ============================================================
08:55:47.0416 1960 Current date / time: 2012/04/01 08:55:47.0415
08:55:47.0416 1960 SystemInfo:
08:55:47.0416 1960
08:55:47.0416 1960 OS Version: 6.1.7601 ServicePack: 1.0
08:55:47.0416 1960 Product type: Workstation
08:55:47.0416 1960 ComputerName: DANIELLE-PC
08:55:47.0416 1960 UserName: Danielle
08:55:47.0416 1960 Windows directory: C:\Windows
08:55:47.0416 1960 System windows directory: C:\Windows
08:55:47.0416 1960 Processor architecture: Intel x86
08:55:47.0416 1960 Number of processors: 2
08:55:47.0416 1960 Page size: 0x1000
08:55:47.0416 1960 Boot type: Normal boot
08:55:47.0416 1960 ============================================================
08:55:48.0860 1960 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:55:48.0942 1960 \Device\Harddisk0\DR0:
08:55:48.0942 1960 GPT used
08:55:48.0942 1960 \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {00005C43-67A0-0000-AF7D-00003F520000}, Name: EFI system partition, StartLBA 0x28, BlocksNum 0x64000
08:55:48.0942 1960 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {48465300-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {000012C7-4F3B-0000-A935-0000312D0000}, Name: Customer, StartLBA 0x64028, BlocksNum 0x3BC0000
08:55:48.0942 1960 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {91453407-E1C7-4169-8A36-FFC51A702FA2}, Name: Untitled, StartLBA 0x3C64800, BlocksNum 0x46BF3800
08:55:48.0943 1960 Initialize success
08:55:48.0943 1960 ============================================================
08:55:52.0059 0652 ============================================================
08:55:52.0059 0652 Scan started
08:55:52.0059 0652 Mode: Manual;
08:55:52.0059 0652 ============================================================
08:55:52.0568 0652 1394ohci - ok
08:55:52.0577 0652 ACPI - ok
08:55:52.0585 0652 AcpiPmi - ok
08:55:52.0602 0652 AdobeARMservice - ok
08:55:52.0612 0652 adp94xx - ok
08:55:52.0621 0652 adpahci - ok
08:55:52.0630 0652 adpu320 - ok
08:55:52.0643 0652 AeLookupSvc - ok
08:55:52.0654 0652 AFD - ok
08:55:52.0663 0652 agp440 - ok
08:55:52.0673 0652 aic78xx - ok
08:55:52.0686 0652 ALG - ok
08:55:52.0695 0652 aliide - ok
08:55:52.0704 0652 amdagp - ok
08:55:52.0713 0652 amdide - ok
08:55:52.0722 0652 AmdK8 - ok
08:55:52.0731 0652 AmdPPM - ok
08:55:52.0740 0652 amdsata - ok
08:55:52.0749 0652 amdsbs - ok
08:55:52.0758 0652 amdxata - ok
08:55:52.0767 0652 AppID - ok
08:55:52.0776 0652 AppIDSvc - ok
08:55:52.0785 0652 Appinfo - ok
08:55:52.0811 0652 AppleBtBc - ok
08:55:52.0826 0652 AppleHFS - ok
08:55:52.0835 0652 AppleMNT - ok
08:55:52.0844 0652 AppleOSSMgr - ok
08:55:52.0853 0652 AppleTimeSrv - ok
08:55:52.0862 0652 AppMgmt - ok
08:55:52.0871 0652 arc - ok
08:55:52.0880 0652 arcsas - ok
08:55:52.0889 0652 AsyncMac - ok
08:55:52.0898 0652 atapi - ok
08:55:52.0906 0652 AudioEndpointBuilder - ok
08:55:52.0916 0652 Audiosrv - ok
08:55:52.0932 0652 AX88178 - ok
08:55:52.0941 0652 AxInstSV - ok
08:55:52.0950 0652 b06bdrv - ok
08:55:52.0959 0652 b57nd60x - ok
08:55:52.0973 0652 BCM43XX - ok
08:55:52.0988 0652 BDESVC - ok
08:55:52.0998 0652 Beep - ok
08:55:53.0007 0652 BFE - ok
08:55:53.0015 0652 BITS - ok
08:55:53.0024 0652 blbdrive - ok
08:55:53.0033 0652 bowser - ok
08:55:53.0042 0652 BrFiltLo - ok
08:55:53.0051 0652 BrFiltUp - ok
08:55:53.0061 0652 BridgeMP - ok
08:55:53.0070 0652 Browser - ok
08:55:53.0084 0652 BrSerIb - ok
08:55:53.0093 0652 Brserid - ok
08:55:53.0101 0652 BrSerWdm - ok
08:55:53.0110 0652 BrUsbMdm - ok
08:55:53.0120 0652 BrUsbSer - ok
08:55:53.0128 0652 BrUsbSIb - ok
08:55:53.0137 0652 BrYNSvc - ok
08:55:53.0148 0652 BthEnum - ok
08:55:53.0157 0652 BTHMODEM - ok
08:55:53.0165 0652 BthPan - ok
08:55:53.0175 0652 BTHPORT - ok
08:55:53.0184 0652 bthserv - ok
08:55:53.0193 0652 BTHUSB - ok
08:55:53.0209 0652 catchme - ok
08:55:53.0218 0652 cdfs - ok
08:55:53.0227 0652 cdrom - ok
08:55:53.0235 0652 CertPropSvc - ok
08:55:53.0245 0652 circlass - ok
08:55:53.0254 0652 CLFS - ok
08:55:53.0262 0652 clr_optimization_v2.0.50727_32 - ok
08:55:53.0278 0652 clr_optimization_v4.0.30319_32 - ok
08:55:53.0287 0652 CmBatt - ok
08:55:53.0295 0652 cmdide - ok
08:55:53.0305 0652 CNG - ok
08:55:53.0310 0652 Compbatt - ok
08:55:53.0320 0652 CompositeBus - ok
08:55:53.0329 0652 COMSysApp - ok
08:55:53.0338 0652 crcdisk - ok
08:55:53.0351 0652 CryptSvc - ok
08:55:53.0360 0652 CSC - ok
08:55:53.0369 0652 CscService - ok
08:55:53.0382 0652 DcomLaunch - ok
08:55:53.0391 0652 defragsvc - ok
08:55:53.0400 0652 DfsC - ok
08:55:53.0409 0652 Dhcp - ok
08:55:53.0418 0652 discache - ok
08:55:53.0427 0652 Disk - ok
08:55:53.0436 0652 Dnscache - ok
08:55:53.0445 0652 dot3svc - ok
08:55:53.0454 0652 DPS - ok
08:55:53.0463 0652 drmkaud - ok
08:55:53.0472 0652 DXGKrnl - ok
08:55:53.0481 0652 EapHost - ok
08:55:53.0490 0652 ebdrv - ok
08:55:53.0499 0652 EFS - ok
08:55:53.0507 0652 ehRecvr - ok
08:55:53.0516 0652 ehSched - ok
08:55:53.0525 0652 elxstor - ok
08:55:53.0534 0652 ErrDev - ok
08:55:53.0552 0652 EventSystem - ok
08:55:53.0561 0652 exfat - ok
08:55:53.0570 0652 fastfat - ok
08:55:53.0579 0652 Fax - ok
08:55:53.0588 0652 fdc - ok
08:55:53.0597 0652 fdPHost - ok
08:55:53.0606 0652 FDResPub - ok
08:55:53.0615 0652 FileInfo - ok
08:55:53.0624 0652 Filetrace - ok
08:55:53.0633 0652 flpydisk - ok
08:55:53.0641 0652 FltMgr - ok
08:55:53.0651 0652 FontCache - ok
08:55:53.0660 0652 FontCache3.0.0.0 - ok
08:55:53.0669 0652 FreeAgentGoNext Service - ok
08:55:53.0678 0652 FsDepends - ok
08:55:53.0687 0652 Fs_Rec - ok
08:55:53.0696 0652 fvevol - ok
08:55:53.0705 0652 gagp30kx - ok
08:55:53.0714 0652 GoogleDesktopManager - ok
08:55:53.0723 0652 gpsvc - ok
08:55:53.0732 0652 hcw85cir - ok
08:55:53.0743 0652 HdAudAddService - ok
08:55:53.0752 0652 HDAudBus - ok
08:55:53.0760 0652 HidBatt - ok
08:55:53.0770 0652 HidBth - ok
08:55:53.0779 0652 HidIr - ok
08:55:53.0787 0652 hidserv - ok
08:55:53.0796 0652 HidUsb - ok
08:55:53.0805 0652 hkmsvc - ok
08:55:53.0814 0652 HomeGroupListener - ok
08:55:53.0824 0652 HomeGroupProvider - ok
08:55:53.0833 0652 HpSAMD - ok
08:55:53.0842 0652 HTTP - ok
08:55:53.0850 0652 hwpolicy - ok
08:55:53.0860 0652 i8042prt - ok
08:55:53.0873 0652 iaStorV - ok
08:55:53.0882 0652 idsvc - ok
08:55:53.0891 0652 iirsp - ok
08:55:53.0900 0652 IKEEXT - ok
08:55:53.0914 0652 IntcAzAudAddService - ok
08:55:53.0923 0652 intelide - ok
08:55:53.0932 0652 intelppm - ok
08:55:53.0942 0652 IPBusEnum - ok
08:55:53.0952 0652 IpFilterDriver - ok
08:55:53.0962 0652 iphlpsvc - ok
08:55:53.0970 0652 IPMIDRV - ok
08:55:53.0980 0652 IPNAT - ok
08:55:53.0988 0652 IRENUM - ok
08:55:53.0997 0652 IRRemoteFlt - ok
08:55:54.0007 0652 isapnp - ok
08:55:54.0016 0652 iScsiPrt - ok
08:55:54.0025 0652 kbdclass - ok
08:55:54.0034 0652 kbdhid - ok
08:55:54.0042 0652 KeyAgent - ok
08:55:54.0051 0652 KeyIso - ok
08:55:54.0061 0652 KeyMagic - ok
08:55:54.0066 0652 KSecDD - ok
08:55:54.0075 0652 KSecPkg - ok
08:55:54.0085 0652 KtmRm - ok
08:55:54.0094 0652 LanmanServer - ok
08:55:54.0107 0652 LanmanWorkstation - ok
08:55:54.0121 0652 lltdio - ok
08:55:54.0130 0652 lltdsvc - ok
08:55:54.0139 0652 lmhosts - ok
08:55:54.0150 0652 lmimirr - ok
08:55:54.0163 0652 LSI_FC - ok
08:55:54.0172 0652 LSI_SAS - ok
08:55:54.0181 0652 LSI_SAS2 - ok
08:55:54.0190 0652 LSI_SCSI - ok
08:55:54.0199 0652 luafv - ok
08:55:54.0208 0652 M4-Service - ok
08:55:54.0217 0652 MacHALDriver - ok
08:55:54.0226 0652 Mcx2Svc - ok
08:55:54.0235 0652 MDM - ok
08:55:54.0244 0652 megasas - ok
08:55:54.0253 0652 MegaSR - ok
08:55:54.0262 0652 MMCSS - ok
08:55:54.0271 0652 Modem - ok
08:55:54.0280 0652 monitor - ok
08:55:54.0289 0652 mouclass - ok
08:55:54.0298 0652 mouhid - ok
08:55:54.0307 0652 mountmgr - ok
08:55:54.0316 0652 MpFilter - ok
08:55:54.0325 0652 mpio - ok
08:55:54.0359 0652 MpKsl3d6dcb91 - ok
08:55:54.0379 0652 MpNWMon - ok
08:55:54.0388 0652 mpsdrv - ok
08:55:54.0397 0652 MpsSvc - ok
08:55:54.0406 0652 MRxDAV - ok
08:55:54.0435 0652 mrxsmb - ok
08:55:54.0444 0652 mrxsmb10 - ok
08:55:54.0452 0652 mrxsmb20 - ok
08:55:54.0462 0652 msahci - ok
08:55:54.0471 0652 msdsm - ok
08:55:54.0481 0652 MSDTC - ok
08:55:54.0498 0652 Msfs - ok
08:55:54.0507 0652 mshidkmdf - ok
08:55:54.0516 0652 msisadrv - ok
08:55:54.0525 0652 MSiSCSI - ok
08:55:54.0534 0652 msiserver - ok
08:55:54.0543 0652 MSKSSRV - ok
08:55:54.0552 0652 MsMpSvc - ok
08:55:54.0561 0652 MSPCLOCK - ok
08:55:54.0571 0652 MSPQM - ok
08:55:54.0580 0652 MsRPC - ok
08:55:54.0594 0652 mssmbios - ok
08:55:54.0603 0652 MSTEE - ok
08:55:54.0612 0652 MTConfig - ok
08:55:54.0621 0652 Mup - ok
08:55:54.0630 0652 napagent - ok
08:55:54.0639 0652 NativeWifiP - ok
08:55:54.0648 0652 NDIS - ok
08:55:54.0657 0652 NdisCap - ok
08:55:54.0670 0652 NdisTapi - ok
08:55:54.0678 0652 Ndisuio - ok
08:55:54.0687 0652 NdisWan - ok
08:55:54.0696 0652 NDProxy - ok
08:55:54.0705 0652 NetBIOS - ok
08:55:54.0714 0652 NetBT - ok
08:55:54.0723 0652 Netlogon - ok
08:55:54.0733 0652 Netman - ok
08:55:54.0742 0652 netprofm - ok
08:55:54.0751 0652 NetTcpPortSharing - ok
08:55:54.0764 0652 nfrd960 - ok
08:55:54.0774 0652 NisDrv - ok
08:55:54.0783 0652 NisSrv - ok
08:55:54.0792 0652 NlaSvc - ok
08:55:54.0800 0652 Npfs - ok
08:55:54.0809 0652 nsi - ok
08:55:54.0818 0652 nsiproxy - ok
08:55:54.0827 0652 Ntfs - ok
08:55:54.0837 0652 Null - ok
08:55:54.0845 0652 NVENETFD - ok
08:55:54.0854 0652 nvlddmkm - ok
08:55:54.0863 0652 NVNET - ok
08:55:54.0872 0652 nvraid - ok
08:55:54.0881 0652 nvsmu - ok
08:55:54.0890 0652 nvstor - ok
08:55:54.0899 0652 nvsvc - ok
08:55:54.0908 0652 nv_agp - ok
08:55:54.0917 0652 odserv - ok
08:55:54.0926 0652 ohci1394 - ok
08:55:54.0935 0652 ose - ok
08:55:54.0948 0652 p2pimsvc - ok
08:55:54.0957 0652 p2psvc - ok
08:55:54.0966 0652 Parport - ok
08:55:54.0975 0652 partmgr - ok
08:55:54.0984 0652 Parvdm - ok
08:55:54.0993 0652 PcaSvc - ok
08:55:55.0001 0652 pci - ok
08:55:55.0011 0652 pciide - ok
08:55:55.0019 0652 pcmcia - ok
08:55:55.0028 0652 pcw - ok
08:55:55.0047 0652 PDFProFiltSrvPP - ok
08:55:55.0056 0652 PEAUTH - ok
08:55:55.0065 0652 PeerDistSvc - ok
08:55:55.0092 0652 pla - ok
08:55:55.0108 0652 PlugPlay - ok
08:55:55.0117 0652 PNRPAutoReg - ok
08:55:55.0126 0652 PNRPsvc - ok
08:55:55.0135 0652 PolicyAgent - ok
08:55:55.0148 0652 Power - ok
08:55:55.0157 0652 PptpMiniport - ok
08:55:55.0166 0652 Processor - ok
08:55:55.0175 0652 ProfSvc - ok
08:55:55.0184 0652 ProtectedStorage - ok
08:55:55.0193 0652 Psched - ok
08:55:55.0202 0652 QBCFMonitorService - ok
08:55:55.0212 0652 QBFCService - ok
08:55:55.0220 0652 ql2300 - ok
08:55:55.0229 0652 ql40xx - ok
08:55:55.0238 0652 QuickBooksDB19 - ok
08:55:55.0247 0652 QWAVE - ok
08:55:55.0256 0652 QWAVEdrv - ok
08:55:55.0265 0652 RasAcd - ok
08:55:55.0278 0652 RasAgileVpn - ok
08:55:55.0287 0652 RasAuto - ok
08:55:55.0296 0652 Rasl2tp - ok
08:55:55.0305 0652 RasMan - ok
08:55:55.0314 0652 RasPppoe - ok
08:55:55.0323 0652 RasSstp - ok
08:55:55.0328 0652 rdbss - ok
08:55:55.0337 0652 rdpbus - ok
08:55:55.0345 0652 RDPCDD - ok
08:55:55.0358 0652 RDPDR - ok
08:55:55.0367 0652 RDPENCDD - ok
08:55:55.0381 0652 RDPREFMP - ok
08:55:55.0390 0652 RDPWD - ok
08:55:55.0399 0652 rdyboost - ok
08:55:55.0408 0652 RemoteAccess - ok
08:55:55.0416 0652 RemoteRegistry - ok
08:55:55.0425 0652 RFCOMM - ok
08:55:55.0435 0652 RimUsb - ok
08:55:55.0443 0652 RimVSerPort - ok
08:55:55.0455 0652 ROOTMODEM - ok
08:55:55.0464 0652 RpcEptMapper - ok
08:55:55.0473 0652 RpcLocator - ok
08:55:55.0482 0652 RpcSs - ok
08:55:55.0490 0652 rspndr - ok
08:55:55.0500 0652 s3cap - ok
08:55:55.0508 0652 SamSs - ok
08:55:55.0522 0652 sbp2port - ok
08:55:55.0530 0652 SCardSvr - ok
08:55:55.0539 0652 scfilter - ok
08:55:55.0548 0652 Schedule - ok
08:55:55.0558 0652 SCPolicySvc - ok
08:55:55.0566 0652 SDRSVC - ok
08:55:55.0575 0652 secdrv - ok
08:55:55.0580 0652 seclogon - ok
08:55:55.0589 0652 SENS - ok
08:55:55.0598 0652 SensrSvc - ok
08:55:55.0607 0652 Serenum - ok
08:55:55.0616 0652 Serial - ok
08:55:55.0625 0652 sermouse - ok
08:55:55.0647 0652 SessionEnv - ok
08:55:55.0656 0652 sffdisk - ok
08:55:55.0665 0652 sffp_mmc - ok
08:55:55.0675 0652 sffp_sd - ok
08:55:55.0684 0652 sfloppy - ok
08:55:55.0693 0652 SharedAccess - ok
08:55:55.0702 0652 ShellHWDetection - ok
08:55:55.0711 0652 sisagp - ok
08:55:55.0719 0652 SiSRaid2 - ok
08:55:55.0729 0652 SiSRaid4 - ok
08:55:55.0738 0652 Smb - ok
08:55:55.0756 0652 SNMPTRAP - ok
08:55:55.0765 0652 spldr - ok
08:55:55.0773 0652 Spooler - ok
08:55:55.0782 0652 sppsvc - ok
08:55:55.0792 0652 sppuinotify - ok
08:55:55.0800 0652 srv - ok
08:55:55.0809 0652 srv2 - ok
08:55:55.0818 0652 srvnet - ok
08:55:55.0827 0652 SSDPSRV - ok
08:55:55.0832 0652 SstpSvc - ok
08:55:55.0841 0652 stexstor - ok
08:55:55.0850 0652 StillCam - ok
08:55:55.0859 0652 StiSvc - ok
08:55:55.0868 0652 storflt - ok
08:55:55.0877 0652 StorSvc - ok
08:55:55.0886 0652 storvsc - ok
08:55:55.0895 0652 swenum - ok
08:55:55.0904 0652 swprv - ok
08:55:55.0913 0652 SysMain - ok
08:55:55.0921 0652 TabletInputService - ok
08:55:55.0930 0652 TapiSrv - ok
08:55:55.0939 0652 TBS - ok
08:55:55.0948 0652 Tcpip - ok
08:55:55.0957 0652 TCPIP6 - ok
08:55:55.0971 0652 tcpipreg - ok
08:55:55.0984 0652 TDPIPE - ok
08:55:55.0993 0652 TDTCP - ok
08:55:56.0002 0652 tdx - ok
08:55:56.0010 0652 TeamViewer5 - ok
08:55:56.0020 0652 TermDD - ok
08:55:56.0029 0652 TermService - ok
08:55:56.0037 0652 Themes - ok
08:55:56.0046 0652 THREADORDER - ok
08:55:56.0055 0652 TrkWks - ok
08:55:56.0064 0652 TrustedInstaller - ok
08:55:56.0078 0652 tssecsrv - ok
08:55:56.0083 0652 TsUsbFlt - ok
08:55:56.0092 0652 tunnel - ok
08:55:56.0100 0652 uagp35 - ok
08:55:56.0109 0652 udfs - ok
08:55:56.0127 0652 UI0Detect - ok
08:55:56.0136 0652 uliagpkx - ok
08:55:56.0145 0652 umbus - ok
08:55:56.0154 0652 UmPass - ok
08:55:56.0163 0652 UmRdpService - ok
08:55:56.0172 0652 upnphost - ok
08:55:56.0185 0652 usbccgp - ok
08:55:56.0194 0652 usbcir - ok
08:55:56.0203 0652 usbehci - ok
08:55:56.0212 0652 usbhub - ok
08:55:56.0221 0652 usbohci - ok
08:55:56.0259 0652 usbprint - ok
08:55:56.0274 0652 usbscan - ok
08:55:56.0287 0652 USBSTOR - ok
08:55:56.0297 0652 usbuhci - ok
08:55:56.0307 0652 usbvideo - ok
08:55:56.0316 0652 UxSms - ok
08:55:56.0324 0652 VaultSvc - ok
08:55:56.0333 0652 vdrvroot - ok
08:55:56.0342 0652 vds - ok
08:55:56.0352 0652 vga - ok
08:55:56.0360 0652 VgaSave - ok
08:55:56.0369 0652 vhdmp - ok
08:55:56.0406 0652 viaagp - ok
08:55:56.0421 0652 ViaC7 - ok
08:55:56.0435 0652 viaide - ok
08:55:56.0444 0652 vmbus - ok
08:55:56.0453 0652 VMBusHID - ok
08:55:56.0462 0652 volmgr - ok
08:55:56.0471 0652 volmgrx - ok
08:55:56.0480 0652 volsnap - ok
08:55:56.0489 0652 vsmraid - ok
08:55:56.0498 0652 VSS - ok
08:55:56.0507 0652 vwifibus - ok
08:55:56.0516 0652 vwififlt - ok
08:55:56.0552 0652 vwifimp - ok
08:55:56.0561 0652 W32Time - ok
08:55:56.0574 0652 WacomPen - ok
08:55:56.0583 0652 WANARP - ok
08:55:56.0588 0652 Wanarpv6 - ok
08:55:56.0597 0652 WatAdminSvc - ok
08:55:56.0606 0652 wbengine - ok
08:55:56.0615 0652 WbioSrvc - ok
08:55:56.0624 0652 wcncsvc - ok
08:55:56.0633 0652 WcsPlugInService - ok
08:55:56.0642 0652 Wd - ok
08:55:56.0651 0652 WDC_SAM - ok
08:55:56.0660 0652 Wdf01000 - ok
08:55:56.0669 0652 WdiServiceHost - ok
08:55:56.0678 0652 WdiSystemHost - ok
08:55:56.0687 0652 WebClient - ok
08:55:56.0696 0652 Wecsvc - ok
08:55:56.0705 0652 wercplsupport - ok
08:55:56.0714 0652 WerSvc - ok
08:55:56.0723 0652 WfpLwf - ok
08:55:56.0732 0652 WIMMount - ok
08:55:56.0741 0652 WinDefend - ok
08:55:56.0754 0652 WinHttpAutoProxySvc - ok
08:55:56.0763 0652 Winmgmt - ok
08:55:56.0772 0652 WinRM - ok
08:55:56.0790 0652 Wlansvc - ok
08:55:56.0799 0652 WmiAcpi - ok
08:55:56.0813 0652 wmiApSrv - ok
08:55:56.0822 0652 WMPNetworkSvc - ok
08:55:56.0831 0652 WPCSvc - ok
08:55:56.0840 0652 WPDBusEnum - ok
08:55:56.0849 0652 ws2ifsl - ok
08:55:56.0858 0652 wscsvc - ok
08:55:56.0872 0652 WSDPrintDevice - ok
08:55:56.0881 0652 WSearch - ok
08:55:56.0895 0652 wuauserv - ok
08:55:56.0904 0652 WudfPf - ok
08:55:56.0913 0652 WUDFRd - ok
08:55:56.0921 0652 wudfsvc - ok
08:55:56.0930 0652 WwanSvc - ok
08:55:56.0953 0652 XobniService - ok
08:55:57.0002 0652 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:55:57.0069 0652 \Device\Harddisk0\DR0 - ok
08:55:57.0077 0652 Boot (0x1200) (9e38fb1b7ae1c2bbf66adee373b09366) \Device\Harddisk0\DR0\Partition0
08:55:57.0078 0652 \Device\Harddisk0\DR0\Partition0 - ok
08:55:57.0101 0652 Boot (0x1200) (5fe78e120e03776b63221fa8167b4d2a) \Device\Harddisk0\DR0\Partition1
08:55:57.0102 0652 \Device\Harddisk0\DR0\Partition1 - ok
08:55:57.0107 0652 Boot (0x1200) (32bd7e7124812855877cffd526fc0574) \Device\Harddisk0\DR0\Partition2
08:55:57.0107 0652 \Device\Harddisk0\DR0\Partition2 - ok
08:55:57.0111 0652 ============================================================
08:55:57.0111 0652 Scan finished
08:55:57.0111 0652 ============================================================
08:55:57.0127 4552 Detected object count: 0
08:55:57.0127 4552 Actual detected object count: 0



ASW Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-01 08:59:57
-----------------------------
08:59:57.328 OS Version: Windows 6.1.7601 Service Pack 1
08:59:57.328 Number of processors: 2 586 0x170A
08:59:57.329 ComputerName: DANIELLE-PC UserName: Danielle
08:59:58.577 Initialize success
09:00:14.648 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:00:14.649 Disk 0 Vendor: WDC_WD6400AAKS-40H2B0 07.04C07 Size: 610480MB BusType: 3
09:00:14.662 Disk 0 MBR read successfully
09:00:14.664 Disk 0 MBR scan
09:00:14.665 Disk 0 Windows 7 default MBR code
09:00:14.667 Disk 0 Partition 1 00 EE GPT 200 MB offset 1
09:00:14.678 Disk 0 Partition 2 00 AF HFS / HFS+ 30592 MB offset 409640
09:00:14.695 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 579559 MB offset 63326208
09:00:14.698 Disk 0 scanning sectors +1250263040
09:00:14.768 Disk 0 scanning C:\Windows\system32\drivers
09:00:20.212 Service scanning
09:00:24.776 Service MpKsl3d6dcb91 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AF92B2ED-7402-431C-B4A8-13BDA8BE22A6}\MpKsl3d6dcb91.sys **LOCKED** 32
09:00:24.798 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
09:00:29.896 Service Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys **LOCKED** 32
09:00:31.079 Modules scanning
09:00:38.176 Disk 0 trace - called modules:
09:00:38.188 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS >>UNKNOWN [0x873dbb61]<<
09:00:38.190 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8697d030]
09:00:38.192 3 CLASSPNP.SYS[8af9859e] -> nt!IofCallDriver -> [0x85bc2640]
09:00:38.194 5 ACPI.sys[83c9c3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86878030]
09:00:38.196 Scan finished successfully
09:00:50.353 Disk 0 MBR has been saved successfully to "C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\MBR.dat"
09:00:50.358 The log file has been saved successfully to "C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\aswMBR.txt"



Attached is the MBR.dat(zip) file.

Thanks!

Attached Files

  • Attached File  MBR.zip   564bytes   1 downloads


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:42 AM

Posted 01 April 2012 - 08:18 AM

Lets dig some more.

Download catchme.exe to your desktop.
http://www.gmer.net/catchme.php
This tool is from GMER.

Double click the catchme.exe to run it

Open the catchme.log with Notepad and post the results back here.

#11 leibtek

leibtek
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 01 April 2012 - 08:23 AM

catchme Log:

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:42 AM

Posted 01 April 2012 - 09:15 AM

The NDTLL code modification indicates a kernel modification. This is usually a dead giveaway that a rootkit is on board. Windows 7 is not susceptible to the traditional rootkit though so this is more likely a trojan.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

HOW TO: Enable the CD Emulators... <- do not enable this until your computer is clean.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Now please run the aswMBR tool and post a fresh log for my review.

#13 leibtek

leibtek
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 01 April 2012 - 10:16 AM

OTL.txt:

OTL logfile created on: 4/1/2012 10:57:39 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Danielle.ALLSTATEMEDICAL\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.73 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 44.26% Memory free
5.45 Gb Paging File | 4.05 Gb Available in Paging File | 74.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 565.98 Gb Total Space | 485.00 Gb Free Space | 85.69% Space Free | Partition Type: NTFS
Drive E: | 29.88 Gb Total Space | 12.82 Gb Free Space | 42.93% Space Free | Partition Type: HFS

Computer Name: DANIELLE-PC | User Name: Danielle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files\AIM\aim.exe (AOL Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
PRC - C:\Windows\System32\AppleOSSMgr.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\rdpclip.exe (Microsoft Corporation)
PRC - C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
PRC - C:\Windows\System32\AppleTimeSrv.exe (Apple Inc.)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\ProgramData\FLEXnet\Connect\11\agent.exe (Acresso Corporation)
PRC - C:\Program Files\Xobni\XobniService.exe (Xobni Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\DANIEL~1.ALL\AppData\Local\Temp\catchme.dll ()
MOD - C:\Program Files\AIM\nssckbi.dll ()
MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ()


========== Win32 Services (SafeList) ==========

SRV - (M4-Service) -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B06527J1\M4-Service.exe File not found
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (AppleOSSMgr) -- C:\Windows\System32\AppleOSSMgr.exe ()
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (PDFProFiltSrvPP) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (AppleTimeSrv) -- C:\Windows\System32\AppleTimeSrv.exe (Apple Inc.)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (QuickBooksDB19) -- C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (XobniService) -- C:\Program Files\Xobni\XobniService.exe (Xobni Corporation)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)


========== Driver Services (SafeList) ==========

DRV - (NVENETFD) -- system32\DRIVERS\nvmfdx32.sys File not found
DRV - (lmimirr) -- system32\DRIVERS\lmimirr.sys File not found
DRV - (catchme) -- C:\Users\DANIEL~1.ALL\AppData\Local\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\Users\DANIEL~1.ALL\AppData\Local\Temp\aswMBR.sys File not found
DRV - (MpKsl3d6dcb91) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AF92B2ED-7402-431C-B4A8-13BDA8BE22A6}\MpKsl3d6dcb91.sys (Microsoft Corporation)
DRV - (AX88178) -- C:\Windows\System32\drivers\ax88178.sys (ASIX Electronics Corp.)
DRV - (AppleHFS) -- C:\Windows\System32\drivers\AppleHFS.sys (Apple Inc.)
DRV - (AppleMNT) -- C:\Windows\System32\drivers\AppleMNT.sys (Apple Inc.)
DRV - (KeyAgent) -- C:\Windows\System32\drivers\KeyAgent.sys (Apple Inc.)
DRV - (AppleBtBc) -- C:\Windows\System32\drivers\AppleBtBc.sys (Apple Inc.)
DRV - (KeyMagic) -- C:\Windows\System32\drivers\KeyMagic.sys (Apple Inc.)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (MacHALDriver) -- C:\Windows\System32\drivers\MacHALDriver.sys (Apple Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (BrSerIb) Brother Serial Interface Driver(WDM) -- C:\Windows\System32\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV - (BrUsbSIb) Brother Serial USB Driver(WDM) -- C:\Windows\System32\drivers\BrUsbSib.sys (Brother Industries Ltd.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (IRRemoteFlt) -- C:\Windows\System32\drivers\IRFilter.sys (Apple Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20120105142636574&tb_oid=05-01-2012&tb_mrud=05-01-2012

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB B1 CB C6 9C 9F CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20120105142636574&tb_oid=05-01-2012&tb_mrud=05-01-2012
IE - HKCU\..\SearchScopes\{187DF00E-165D-4385-BDDC-1FEAC2F43ECA}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{6DDA0F1E-9F29-42C7-989C-97D3E8D52861}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{FE51D7C3-D0A0-4DA6-8AE7-6CA16D9E3A2D}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local,127.0.0.1:9421"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.RadioRage_4j.com/Plugin: C:\Program Files\RadioRage_4jEI\Installr\2.bin\NP4jEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/08 22:44:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/30 16:29:09 | 000,000,000 | ---D | M]

[2012/03/12 14:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Roaming\mozilla\Extensions
[2012/03/30 16:29:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/30 16:29:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/16 10:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/30 16:29:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/29 14:32:33 | 000,000,761 | RHS- | M]) - C:\Windows\System32\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ALLSTATEMEDICAL.LOCAL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{978709DC-1B0F-460C-9E1A-2FDB244D4CBF}: DhcpNameServer = 192.168.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5CF7759-7214-4E0E-9FBD-0111FFE7C93D}: DhcpNameServer = 192.168.1.100
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49b2-880A-1F7738E5A384} - C:\ProEst Estimating\2011\owc11.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/01 10:55:40 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\OTL.exe
[2012/03/30 16:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/30 16:29:09 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/30 16:29:09 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/30 16:29:09 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/30 16:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/30 16:08:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/30 15:02:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/30 15:01:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/30 14:50:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/30 14:50:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/30 14:50:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/30 14:50:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/30 14:48:01 | 004,450,054 | R--- | C] (Swearware) -- C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\ComboFix.exe
[2012/03/27 04:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012/03/27 02:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/03/23 12:21:53 | 000,000,000 | ---D | C] -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Local\Xobni
[2012/03/23 12:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xobni
[2012/03/23 12:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Xobni
[2012/03/23 12:16:25 | 004,970,992 | ---- | C] (Xobni) -- C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\XobniSetup 1.7.exe
[2012/03/19 16:00:59 | 000,000,000 | ---D | C] -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Roaming\ControlCenter4
[2012/03/19 15:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012/03/19 15:48:24 | 000,000,000 | ---D | C] -- C:\Brother
[2012/03/19 15:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ControlCenter4
[2012/03/19 15:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02
[2012/03/19 15:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\ControlCenter4
[2012/03/19 15:47:57 | 000,225,280 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrfxD05c.dll
[2012/03/19 15:47:51 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll
[2012/03/19 15:47:51 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll
[2012/03/19 15:47:51 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll
[2012/03/19 15:47:16 | 000,000,000 | ---D | C] -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Roaming\InstallShield
[2012/03/19 15:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\ASIX Electronics Corporation
[2012/03/19 15:34:20 | 000,049,664 | ---- | C] (ASIX Electronics Corp.) -- C:\Windows\System32\drivers\ax88178.sys
[2012/03/19 11:39:03 | 000,000,000 | ---D | C] -- C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\AX88178_Win7_v1.x.3.8_Drivers_Setup_v1.0.1.0
[2012/03/19 09:26:24 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/03/16 11:07:53 | 000,000,000 | R--D | C] -- C:\Users\Danielle.ALLSTATEMEDICAL\Documents\Scanned Documents
[2012/03/16 11:07:52 | 000,000,000 | ---D | C] -- C:\Users\Danielle.ALLSTATEMEDICAL\Documents\Fax
[2012/03/16 10:56:31 | 000,000,000 | ---D | C] -- C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\printer
[2012/03/16 10:48:44 | 049,265,957 | ---- | C] (Macrovision Corporation) -- C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\ControlCenter4 Updater.exe
[2012/03/16 10:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\MSScanAppDataDir
[2012/03/15 09:35:16 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/03/15 09:35:16 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/03/14 19:56:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/03/14 19:56:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/03/14 19:53:17 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/03/14 19:53:16 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/03/14 19:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/14 11:20:41 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/14 11:20:38 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/14 11:20:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/03/14 11:20:12 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/03/14 10:05:39 | 000,000,000 | ---D | C] -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Roaming\Malwarebytes
[2012/03/14 09:40:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/03/13 03:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2012/03/12 14:41:33 | 000,000,000 | ---D | C] -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Roaming\Mozilla
[2012/03/12 14:41:33 | 000,000,000 | ---D | C] -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Local\Mozilla
[2012/03/12 12:43:11 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2012/03/12 12:43:08 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/12 12:43:08 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2012/03/12 12:43:07 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2012/03/12 12:43:05 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2012/03/12 12:43:04 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2012/03/12 12:43:03 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2012/03/12 12:43:02 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2012/03/12 12:43:00 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2012/03/12 12:42:58 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/03/12 12:42:57 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2012/03/12 12:42:57 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2012/03/12 12:42:55 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2012/03/12 12:42:55 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2012/03/12 12:42:53 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2012/03/12 12:42:52 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2012/03/12 12:42:50 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2012/03/12 12:42:48 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2012/03/12 12:42:47 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2012/03/12 12:42:46 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2012/03/12 12:42:46 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PushPrinterConnections.exe
[2012/03/12 12:42:45 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2012/03/12 12:42:45 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2012/03/12 12:42:45 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2012/03/12 12:42:44 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2012/03/12 12:42:43 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2012/03/12 12:42:42 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2012/03/12 12:42:42 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2012/03/12 12:42:41 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2012/03/12 12:42:41 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll
[2012/03/12 12:42:39 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2012/03/12 12:42:38 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2012/03/12 12:42:37 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2012/03/12 12:42:37 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2012/03/12 12:42:36 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\System32\DShowRdpFilter.dll
[2012/03/12 12:42:35 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2012/03/12 12:42:35 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2012/03/12 12:42:35 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2012/03/12 12:42:35 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2012/03/12 12:42:35 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2012/03/12 12:42:34 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppobjs.dll
[2012/03/12 12:42:34 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012/03/12 12:42:34 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2012/03/12 12:42:33 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2012/03/12 12:42:33 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2012/03/12 12:42:33 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2012/03/12 12:42:32 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012/03/12 12:42:32 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppwinob.dll
[2012/03/12 12:42:31 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2012/03/12 12:42:31 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll
[2012/03/12 12:42:31 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2012/03/12 12:42:30 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2012/03/12 12:42:30 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/03/12 12:42:30 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2012/03/12 12:42:29 | 002,414,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/03/12 12:42:29 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
[2012/03/12 12:42:29 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2012/03/12 12:42:29 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2012/03/12 12:42:29 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgr.dll
[2012/03/12 12:42:29 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2012/03/12 12:42:29 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012/03/12 12:42:25 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012/03/12 12:42:25 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2012/03/12 12:42:24 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2012/03/12 12:42:24 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012/03/12 12:42:24 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2012/03/12 12:42:24 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2012/03/12 12:42:23 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2012/03/12 12:42:23 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2012/03/12 12:42:22 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2012/03/12 12:42:22 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnike.dll
[2012/03/12 12:42:21 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2012/03/12 12:42:21 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2012/03/12 12:42:21 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2012/03/12 12:42:19 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgprint.dll
[2012/03/12 12:42:19 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prncache.dll
[2012/03/12 12:42:17 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2012/03/12 12:42:17 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2012/03/12 12:42:17 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2012/03/12 12:42:17 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2012/03/12 12:42:17 | 000,175,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys
[2012/03/12 12:42:17 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2012/03/12 12:42:17 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2012/03/12 12:42:17 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitagent.exe
[2012/03/12 12:42:16 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2012/03/12 12:42:15 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2012/03/12 12:42:15 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2012/03/12 12:42:15 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2012/03/12 12:42:15 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2012/03/12 12:42:15 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2012/03/12 12:42:14 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2012/03/12 12:42:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2012/03/12 12:42:14 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2012/03/12 12:42:13 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2012/03/12 12:42:13 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2012/03/12 12:42:13 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2012/03/12 12:42:13 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2012/03/12 12:42:13 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2012/03/12 12:42:12 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2012/03/12 12:42:12 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2012/03/12 12:42:12 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/03/12 12:42:12 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicsvc.exe
[2012/03/12 12:42:12 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2012/03/12 12:42:12 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2012/03/12 12:42:11 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2012/03/12 12:42:10 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2012/03/12 12:42:10 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2012/03/12 12:42:09 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2012/03/12 12:42:09 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXPTaskRingtone.dll
[2012/03/12 12:42:09 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2012/03/12 12:42:09 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2012/03/12 12:42:09 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2012/03/12 12:42:07 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2012/03/12 12:42:07 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2012/03/12 12:42:06 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2012/03/12 12:42:06 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vaultsvc.dll
[2012/03/12 12:42:06 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2012/03/12 12:42:05 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootres.dll
[2012/03/12 12:42:05 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe
[2012/03/12 12:42:05 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll
[2012/03/12 12:42:05 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hal.dll
[2012/03/12 12:42:05 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2012/03/12 12:42:05 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2012/03/12 12:42:05 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2012/03/12 12:42:04 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2012/03/12 12:42:04 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2012/03/12 12:42:04 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2012/03/12 12:42:04 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2012/03/12 12:42:03 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2012/03/12 12:42:03 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2012/03/12 12:42:03 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2012/03/12 12:42:03 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2012/03/12 12:42:03 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2012/03/12 12:42:03 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2012/03/12 12:42:03 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2012/03/12 12:42:02 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2012/03/12 12:42:02 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2012/03/12 12:42:02 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2012/03/12 12:42:01 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
[2012/03/12 12:42:01 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2012/03/12 12:42:01 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2012/03/12 12:42:00 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2012/03/12 12:42:00 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2012/03/12 12:41:59 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2012/03/12 12:41:59 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2012/03/12 12:41:59 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vault.dll
[2012/03/12 12:41:59 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2012/03/12 12:41:59 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2012/03/12 12:41:58 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2012/03/12 12:41:58 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2012/03/12 12:41:57 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DxpTaskSync.dll
[2012/03/12 12:41:57 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll
[2012/03/12 12:41:56 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2012/03/12 12:41:56 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012/03/12 12:41:55 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2012/03/12 12:41:55 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sharemediacpl.dll
[2012/03/12 12:41:55 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe
[2012/03/12 12:41:54 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DiagCpl.dll
[2012/03/12 12:41:54 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2012/03/12 12:41:54 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2012/03/12 12:41:54 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2012/03/12 12:41:54 | 000,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winhv.sys
[2012/03/12 12:41:53 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoncli.dll
[2012/03/12 12:41:53 | 000,040,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys
[2012/03/12 12:41:52 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2012/03/12 12:41:52 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.dll
[2012/03/12 12:41:52 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biocpl.dll
[2012/03/12 12:41:52 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2012/03/12 12:41:52 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2012/03/12 12:41:52 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppcomapi.dll
[2012/03/12 12:41:52 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2012/03/12 12:41:52 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys
[2012/03/12 12:41:51 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SensorsCpl.dll
[2012/03/12 12:41:51 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2012/03/12 12:41:51 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2012/03/12 12:41:50 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2012/03/12 12:41:50 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2012/03/12 12:41:50 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll
[2012/03/12 12:41:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscmmc.dll
[2012/03/12 12:41:49 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2012/03/12 12:41:48 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2012/03/12 12:41:48 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2012/03/12 12:41:48 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2012/03/12 12:41:48 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/03/12 12:41:48 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2012/03/12 12:41:48 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
[2012/03/12 12:41:48 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2012/03/12 12:41:48 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2012/03/12 12:41:47 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2012/03/12 12:41:47 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2012/03/12 12:41:47 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2012/03/12 12:41:47 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2012/03/12 12:41:47 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2012/03/12 12:41:47 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2012/03/12 12:41:47 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2012/03/12 12:41:46 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2012/03/12 12:41:46 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2012/03/12 12:41:46 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2012/03/12 12:41:46 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2012/03/12 12:41:46 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2012/03/12 12:41:46 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2012/03/12 12:41:45 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\main.cpl
[2012/03/12 12:41:45 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2012/03/12 12:41:45 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2012/03/12 12:41:45 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netjoin.dll
[2012/03/12 12:41:45 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2012/03/12 12:41:44 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2012/03/12 12:41:44 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbda.dll
[2012/03/12 12:41:44 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll
[2012/03/12 12:41:44 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2012/03/12 12:41:44 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2012/03/12 12:41:44 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCEWMDRMNDBootstrap.dll
[2012/03/12 12:41:44 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2012/03/12 12:41:43 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2012/03/12 12:41:43 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
[2012/03/12 12:41:43 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slui.exe
[2012/03/12 12:41:43 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2012/03/12 12:41:43 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskbarcpl.dll
[2012/03/12 12:41:43 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OnLineIDCpl.dll
[2012/03/12 12:41:42 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2012/03/12 12:41:42 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2012/03/12 12:41:42 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\defaultlocationcpl.dll
[2012/03/12 12:41:42 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2012/03/12 12:41:42 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halacpi.dll
[2012/03/12 12:41:42 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2012/03/12 12:41:42 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2012/03/12 12:41:42 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2012/03/12 12:41:42 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2012/03/12 12:41:41 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2012/03/12 12:41:41 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2012/03/12 12:41:41 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2012/03/12 12:41:41 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2012/03/12 12:41:41 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2012/03/12 12:41:41 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sisbkup.dll
[2012/03/12 12:41:40 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenterCPL.dll
[2012/03/12 12:41:40 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efscore.dll
[2012/03/12 12:41:40 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recovery.dll
[2012/03/12 12:41:39 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdcpl.dll
[2012/03/12 12:41:39 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2012/03/12 12:41:39 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2012/03/12 12:41:38 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2012/03/12 12:41:38 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceCenter.dll
[2012/03/12 12:41:38 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2012/03/12 12:41:38 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2012/03/12 12:41:37 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OobeFldr.dll
[2012/03/12 12:41:37 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2012/03/12 12:41:37 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2012/03/12 12:41:37 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2012/03/12 12:41:37 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2012/03/12 12:41:37 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2012/03/12 12:41:37 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2012/03/12 12:41:36 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2012/03/12 12:41:36 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2012/03/12 12:41:36 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2012/03/12 12:41:36 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2012/03/12 12:41:36 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2012/03/12 12:41:36 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdboot.exe
[2012/03/12 12:41:35 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012/03/12 12:41:35 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2012/03/12 12:41:35 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2012/03/12 12:41:35 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2012/03/12 12:41:35 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2012/03/12 12:41:35 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2012/03/12 12:41:35 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2012/03/12 12:41:34 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2012/03/12 12:41:34 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2012/03/12 12:41:34 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2012/03/12 12:41:34 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\isoburn.exe
[2012/03/12 12:41:34 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2012/03/12 12:41:33 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2012/03/12 12:41:33 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2012/03/12 12:41:33 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2012/03/12 12:41:33 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgent.dll
[2012/03/12 12:41:33 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2012/03/12 12:41:33 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/03/12 12:41:32 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2012/03/12 12:41:32 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AdmTmpl.dll
[2012/03/12 12:41:32 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimgapi.dll
[2012/03/12 12:41:32 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2012/03/12 12:41:32 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2012/03/12 12:41:32 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzutil.exe
[2012/03/12 12:41:31 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2012/03/12 12:41:31 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2012/03/12 12:41:31 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2012/03/12 12:41:31 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2012/03/12 12:41:31 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2012/03/12 12:41:31 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
[2012/03/12 12:41:30 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2012/03/12 12:41:30 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2012/03/12 12:41:30 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanconn.dll
[2012/03/12 12:41:30 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2012/03/12 12:41:30 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxlib.dll
[2012/03/12 12:41:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2012/03/12 12:41:29 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2012/03/12 12:41:29 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2012/03/12 12:41:29 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingFolder.dll
[2012/03/12 12:41:29 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2012/03/12 12:41:29 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2012/03/12 12:41:28 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2012/03/12 12:41:28 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimserv.exe
[2012/03/12 12:41:28 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2012/03/12 12:41:28 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/03/12 12:41:28 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2012/03/12 12:41:28 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acppage.dll
[2012/03/12 12:41:27 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2012/03/12 12:41:26 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onexui.dll
[2012/03/12 12:41:26 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe
[2012/03/12 12:41:26 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeResults.exe
[2012/03/12 12:41:26 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iTVData.dll
[2012/03/12 12:41:26 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetapi.dll
[2012/03/12 12:41:26 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UserAccountControlSettings.dll
[2012/03/12 12:41:26 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2012/03/12 12:41:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnikeapi.dll
[2012/03/12 12:41:25 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2012/03/12 12:41:25 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2012/03/12 12:41:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2012/03/12 12:41:25 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2012/03/12 12:41:24 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2012/03/12 12:41:24 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2012/03/12 12:41:23 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/03/12 12:41:23 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2012/03/12 12:41:23 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFPlay.dll
[2012/03/12 12:41:23 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2012/03/12 12:41:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2012/03/12 12:41:22 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2012/03/12 12:41:22 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2012/03/12 12:41:22 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2012/03/12 12:41:22 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2012/03/12 12:41:22 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2012/03/12 12:41:22 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/03/12 12:41:22 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdmat.dll
[2012/03/12 12:41:22 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpd3d.dll
[2012/03/12 12:41:22 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2012/03/12 12:41:22 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2012/03/12 12:41:21 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012/03/12 12:41:21 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2012/03/12 12:41:21 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceSyncProvider.dll
[2012/03/12 12:41:21 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2012/03/12 12:41:21 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2012/03/12 12:41:21 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2012/03/12 12:41:21 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2012/03/12 12:41:20 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceStatus.dll
[2012/03/12 12:41:20 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2012/03/12 12:41:20 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2012/03/12 12:41:20 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2012/03/12 12:41:20 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012/03/12 12:41:20 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2012/03/12 12:41:20 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2012/03/12 12:41:20 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2012/03/12 12:41:20 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2012/03/12 12:41:20 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2012/03/12 12:41:20 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2012/03/12 12:41:20 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\djoin.exe
[2012/03/12 12:41:20 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2012/03/12 12:41:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2012/03/12 12:41:19 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2012/03/12 12:41:19 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2012/03/12 12:41:19 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012/03/12 12:41:19 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2012/03/12 12:41:19 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2012/03/12 12:41:19 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2012/03/12 12:41:19 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiavideo.dll
[2012/03/12 12:41:19 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2012/03/12 12:41:19 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2012/03/12 12:41:19 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapistub.dll
[2012/03/12 12:41:19 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll
[2012/03/12 12:41:19 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2012/03/12 12:41:19 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2012/03/12 12:41:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2012/03/12 12:41:18 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2012/03/12 12:41:18 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2012/03/12 12:41:18 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2012/03/12 12:41:18 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2012/03/12 12:41:18 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppinst.dll
[2012/03/12 12:41:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2012/03/12 12:41:17 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2012/03/12 12:41:17 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012/03/12 12:41:17 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2012/03/12 12:41:17 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2012/03/12 12:41:17 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2012/03/12 12:41:17 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2012/03/12 12:41:17 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2012/03/12 12:41:17 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cca.dll
[2012/03/12 12:41:17 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2012/03/12 12:41:17 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2012/03/12 12:41:17 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2012/03/12 12:41:17 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2012/03/12 12:41:17 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2012/03/12 12:41:17 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2012/03/12 12:41:17 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msg.exe
[2012/03/12 12:41:16 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2012/03/12 12:41:16 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2012/03/12 12:41:16 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2012/03/12 12:41:16 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2012/03/12 12:41:16 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationProxy.dll
[2012/03/12 12:41:16 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2012/03/12 12:41:16 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qwinsta.exe
[2012/03/12 12:41:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2012/03/12 12:41:16 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2012/03/12 12:41:15 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\itircl.dll
[2012/03/12 12:41:15 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2012/03/12 12:41:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2012/03/12 12:41:15 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2012/03/12 12:41:15 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2012/03/12 12:41:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2012/03/12 12:41:15 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MultiDigiMon.exe
[2012/03/12 12:41:15 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
[2012/03/12 12:41:15 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2012/03/12 12:41:15 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2012/03/12 12:41:15 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quser.exe
[2012/03/12 12:41:14 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2012/03/12 12:41:14 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSTIFF.dll
[2012/03/12 12:41:14 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpps.dll
[2012/03/12 12:41:14 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2012/03/12 12:41:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertPolEng.dll
[2012/03/12 12:41:14 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2012/03/12 12:41:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2012/03/12 12:41:14 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2012/03/12 12:41:14 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2012/03/12 12:41:14 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2012/03/12 12:41:14 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2012/03/12 12:41:14 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nrpsrv.dll
[2012/03/12 12:41:13 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2012/03/12 12:41:13 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2012/03/12 12:41:13 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tlscsp.dll
[2012/03/12 12:41:13 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2012/03/12 12:41:13 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/03/12 12:41:13 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2012/03/12 12:41:13 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2012/03/12 12:41:13 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2012/03/12 12:41:13 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgentc.exe
[2012/03/12 12:41:13 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2012/03/12 12:41:13 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2012/03/12 12:41:13 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
[2012/03/12 12:41:12 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2012/03/12 12:41:12 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppc.dll
[2012/03/12 12:41:12 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2012/03/12 12:41:12 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz32.dll
[2012/03/12 12:41:12 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2012/03/12 12:41:12 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2012/03/12 12:41:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\muifontsetup.dll
[2012/03/12 12:41:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\manage-bde.exe
[2012/03/12 12:41:11 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\repair-bde.exe
[2012/03/12 12:41:11 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2012/03/12 12:41:11 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2012/03/12 12:41:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2012/03/12 12:41:11 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdiasqmmodule.dll
[2012/03/12 12:41:11 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2012/03/12 12:41:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys
[2012/03/12 12:41:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2012/03/12 12:41:11 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2012/03/12 12:41:11 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2012/03/12 12:41:11 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2012/03/12 12:41:10 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicres.dll
[2012/03/12 12:41:10 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2012/03/12 12:41:10 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2012/03/12 12:41:10 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbusres.dll
[2012/03/12 12:41:10 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2012/03/12 12:41:10 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012/03/12 12:41:10 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmstorfltres.dll
[2012/03/12 12:41:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2012/03/12 12:41:10 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdprefdrvapi.dll
[2012/03/12 12:41:10 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2012/03/12 12:41:10 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2012/03/12 12:41:10 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2012/03/12 12:41:09 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2012/03/12 12:41:09 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012/03/12 12:41:09 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/03/12 12:41:09 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2012/03/12 12:41:08 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2012/03/12 12:41:08 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSMON.dll
[2012/03/12 12:41:08 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elsTrans.dll
[2012/03/12 12:41:08 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TRAPI.dll
[2012/03/12 12:41:08 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsperf.dll
[2012/03/12 12:41:07 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2012/03/12 12:41:07 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2012/03/12 12:41:07 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedcli.dll
[2012/03/12 12:41:06 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2012/03/12 12:41:06 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/03/12 12:41:06 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2012/03/12 12:41:06 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sscore.dll
[2012/03/12 12:41:06 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2012/03/12 12:41:05 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMBusHID.sys
[2012/03/12 12:41:05 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2012/03/12 12:41:03 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2012/03/12 12:41:03 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2012/03/12 12:41:03 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshirda.dll
[2012/03/12 12:41:02 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmbusCoinstaller.dll
[2012/03/12 12:41:02 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmdCoinstall.dll
[2012/03/12 12:41:02 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IcCoinstall.dll
[2012/03/12 12:41:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbuspipe.dll
[2012/03/12 12:41:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2012/03/12 12:41:01 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2012/03/12 12:41:01 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPREFDD.dll
[2012/03/12 12:41:01 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\C_ISCII.DLL
[2012/03/12 12:41:01 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shunimpl.dll
[2012/03/12 12:41:01 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2012/03/12 12:41:01 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2012/03/12 12:41:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbdlk41a.dll
[2012/03/12 12:41:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSF.DLL
[2012/03/12 12:41:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDNEPR.DLL
[2012/03/12 12:41:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUS.DLL
[2012/03/12 12:41:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUGHR1.DLL
[2012/03/12 12:41:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTURME.DLL
[2012/03/12 12:41:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAJIK.DLL
[2012/03/12 12:41:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMON.DLL
[2012/03/12 12:41:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMAORI.DLL
[2012/03/12 12:41:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDLT1.DLL
[2012/03/12 12:41:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTEL.DLL
[2012/03/12 12:41:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINORI.DLL
[2012/03/12 12:41:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINKAN.DLL
[2012/03/12 12:41:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBULG.DLL
[2012/03/12 12:41:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBLR.DLL
[2012/03/12 12:41:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2012/03/12 12:41:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGEO.DLL
[2012/03/12 12:40:59 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2012/03/12 12:40:59 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BlbEvents.dll
[2012/03/12 12:40:59 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pifmgr.dll
[2012/03/12 12:40:59 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2012/03/12 12:40:59 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSG.DLL
[2012/03/12 12:40:59 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDCZ1.DLL
[2012/03/12 12:40:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUQ.DLL
[2012/03/12 12:40:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUF.DLL
[2012/03/12 12:40:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDPO.DLL
[2012/03/12 12:40:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINBEN.DLL
[2012/03/12 12:40:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGR1.DLL
[2012/03/12 12:40:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGKL.DLL
[2012/03/12 12:40:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTAM.DLL
[2012/03/12 12:40:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINMAR.DLL
[2012/03/12 12:40:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINHIN.DLL
[2012/03/12 12:40:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vms3cap.sys
[2012/03/12 12:40:59 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnaddr.dll
[2012/03/12 12:40:52 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2012/03/12 12:40:27 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2012/03/12 12:05:31 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2012/03/12 12:05:30 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2012/03/12 12:05:27 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2012/03/12 12:05:27 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2012/03/12 12:05:21 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
[2012/03/12 11:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2012/03/09 01:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/09 00:57:08 | 000,018,944 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\AppleBtBc.sys
[2012/03/09 00:57:00 | 000,026,624 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\KeyMagic.sys
[2012/03/09 00:43:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012/03/09 00:10:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/03/09 00:10:01 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/03/09 00:10:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/03/09 00:10:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/03/09 00:10:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/03/09 00:09:58 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/03/08 23:57:06 | 000,000,000 | ---D | C] -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Local\temp
[2012/03/08 23:46:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/08 22:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/03/08 20:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/08 20:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/08 20:36:08 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/08 20:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/07 14:23:47 | 002,965,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2012/03/07 14:23:47 | 001,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012/03/07 14:23:47 | 001,305,632 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2012/03/07 14:23:47 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2012/03/07 14:23:47 | 000,353,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2012/03/07 14:23:47 | 000,345,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012/03/07 14:23:47 | 000,338,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2012/03/07 14:23:47 | 000,295,712 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2012/03/07 14:23:47 | 000,295,712 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2012/03/07 14:23:47 | 000,173,344 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012/03/07 14:23:47 | 000,170,272 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2012/03/07 14:23:47 | 000,140,576 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012/03/07 14:23:47 | 000,078,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2012/03/07 14:23:47 | 000,064,800 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2012/03/07 14:23:47 | 000,053,280 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2012/03/07 14:23:46 | 001,938,720 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012/03/07 14:23:46 | 000,311,584 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012/03/07 14:23:46 | 000,272,672 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012/03/07 14:23:46 | 000,148,256 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2012/03/07 14:23:46 | 000,132,384 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012/03/07 14:23:46 | 000,131,360 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2012/03/07 14:19:04 | 003,867,936 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\bcmihvsrv.dll
[2012/03/07 14:19:04 | 003,556,640 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\bcmihvui.dll
[2012/03/07 14:19:04 | 000,091,376 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\bcmwlcoi.dll
[2012/03/07 14:08:25 | 010,668,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/03/07 14:08:25 | 009,905,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/03/07 14:08:25 | 003,214,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2012/03/07 14:08:25 | 000,590,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvudisp.exe
[2012/03/07 14:08:24 | 001,748,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/03/07 14:08:24 | 001,530,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvencodemft.dll
[2012/03/07 14:08:24 | 001,317,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/03/07 14:08:24 | 000,678,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/03/07 14:08:24 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2012/03/07 14:08:24 | 000,217,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod189.dll
[2012/03/07 14:08:24 | 000,217,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2012/03/07 14:08:24 | 000,010,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2012/03/07 13:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/03/07 10:50:45 | 000,000,000 | ---D | C] -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Local\Mikogo4
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/01 10:55:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\OTL.exe
[2012/04/01 09:01:19 | 000,000,564 | ---- | M] () -- C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\MBR.zip
[2012/03/30 16:29:02 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/30 16:29:02 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/30 16:29:01 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/30 16:28:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/03/30 16:21:36 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/03/30 16:09:45 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/30 16:09:45 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/30 16:06:49 | 000,628,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/30 16:06:49 | 000,108,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/30 16:03:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/30 16:03:36 | 2195,468,288 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/30 14:48:52 | 004,450,054 | R--- | M] (Swearware) -- C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\ComboFix.exe
[2012/03/30 10:56:01 | 000,000,993 | ---- | M] () -- C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\fixme.reg
[2012/03/27 14:12:41 | 1665,319,275 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/23 13:17:59 | 000,596,261 | ---- | M] () -- C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\CCF03232012_0000.pdf
[2012/03/21 13:43:19 | 000,016,515 | ---- | M] () -- C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\Integra Development Proposal #11549 Manhattanville Cleaning and Maintenance 3-21-12.pdf
[2012/03/20 17:07:10 | 000,000,929 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2012/03/20 13:03:56 | 000,016,587 | ---- | M] () -- C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\Integra Development Proposal #11549 Manhattanville Cleaning and Maintenance.pdf
[2012/03/19 15:50:24 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2012/03/19 15:50:02 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini
[2012/03/19 15:48:57 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2012/03/19 15:36:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ax88178_01009.Wdf
[2012/03/19 15:34:20 | 000,049,664 | ---- | M] (ASIX Electronics Corp.) -- C:\Windows\System32\drivers\ax88178.sys
[2012/03/16 12:05:26 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/03/15 17:26:00 | 000,427,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/14 20:12:03 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2012/03/14 19:44:40 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/14 09:17:56 | 000,001,111 | ---- | M] () -- C:\Users\Danielle.ALLSTATEMEDICAL\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/03/12 11:57:16 | 000,000,718 | -H-- | M] () -- C:\IPH.PH
[2012/03/12 11:57:03 | 000,001,889 | ---- | M] () -- C:\Users\Danielle.ALLSTATEMEDICAL\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2012/03/12 11:57:03 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2012/03/12 11:54:40 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_KeyMagic_01005.Wdf
[2012/03/09 01:05:44 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/08 22:44:10 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/08 22:30:04 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2012/03/08 20:53:13 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/07 14:24:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_AppleBtBc_01005.Wdf
[2012/03/07 13:52:03 | 000,042,999 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/03/07 13:49:08 | 000,042,999 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/03/07 12:43:28 | 000,000,000 | -H-- | M] () -- C:\Users\Danielle.ALLSTATEMEDICAL\Documents\Default.rdp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/01 09:01:19 | 000,000,564 | ---- | C] () -- C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\MBR.zip
[2012/03/30 16:21:36 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/30 16:21:36 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/03/30 14:50:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/30 14:50:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/30 14:50:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/30 14:50:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/30 14:50:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/30 10:58:03 | 000,000,993 | ---- | C] () -- C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\fixme.reg
[2012/03/23 13:17:59 | 000,596,261 | ---- | C] () -- C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\CCF03232012_0000.pdf
[2012/03/21 13:44:51 | 000,016,515 | ---- | C] () -- C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\Integra Development Proposal #11549 Manhattanville Cleaning and Maintenance 3-21-12.pdf
[2012/03/20 13:13:36 | 000,016,587 | ---- | C] () -- C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\Integra Development Proposal #11549 Manhattanville Cleaning and Maintenance.pdf
[2012/03/19 15:50:24 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2012/03/19 15:47:58 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/03/19 15:47:57 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/03/19 15:36:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ax88178_01009.Wdf
[2012/03/14 09:40:45 | 1665,319,275 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/03/12 12:42:51 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012/03/12 12:41:13 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/03/12 12:41:09 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2012/03/12 12:40:58 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2012/03/12 11:54:40 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_KeyMagic_01005.Wdf
[2012/03/09 01:05:04 | 000,001,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/08 22:43:09 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/03/08 22:30:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012/03/08 22:30:00 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/08 22:30:00 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/08 20:53:13 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/07 14:24:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_AppleBtBc_01005.Wdf
[2012/03/07 14:08:24 | 000,021,060 | ---- | C] () -- C:\Windows\System32\nvdisp.nvu
[2012/03/07 12:43:28 | 000,000,000 | -H-- | C] () -- C:\Users\Danielle.ALLSTATEMEDICAL\Documents\Default.rdp
[2012/02/29 15:58:01 | 000,007,611 | ---- | C] () -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Local\Resmon.ResmonCfg
[2011/08/24 14:09:59 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2011/08/15 19:34:40 | 000,194,432 | ---- | C] () -- C:\Windows\System32\AppleOSSMgr.exe
[2011/06/28 13:15:55 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv
[2011/06/28 13:15:54 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2010/12/14 19:53:59 | 000,009,360 | ---- | C] () -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Roaming\Comma Separated Values (Windows).EML
[2010/12/14 19:50:29 | 000,038,493 | ---- | C] () -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/09/28 12:35:43 | 000,000,929 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/09/28 12:35:43 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/09/28 12:32:26 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bd8480dn.dat
[2010/04/22 14:26:16 | 000,033,998 | ---- | C] () -- C:\Windows\MAXLINK.INI

========== LOP Check ==========

[2012/01/05 10:32:18 | 000,000,000 | ---D | M] -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Roaming\acccore
[2011/08/05 12:04:26 | 000,000,000 | ---D | M] -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Roaming\Blackberry Desktop
[2010/12/13 16:38:09 | 000,000,000 | ---D | M] -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Roaming\COMcheck
[2012/03/19 16:00:09 | 000,000,000 | ---D | M] -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Roaming\ControlCenter4
[2011/07/13 16:52:40 | 000,000,000 | ---D | M] -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Roaming\ICAClient
[2010/01/27 19:48:52 | 000,000,000 | ---D | M] -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Roaming\Leadertech
[2011/08/24 13:43:43 | 000,000,000 | ---D | M] -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Roaming\Nuance
[2012/03/20 17:07:10 | 000,000,000 | ---D | M] -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Roaming\PC-FAX TX
[2011/08/25 15:34:32 | 000,000,000 | ---D | M] -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Roaming\pdf995
[2011/08/05 11:40:57 | 000,000,000 | ---D | M] -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Roaming\Research In Motion
[2012/03/14 10:04:47 | 000,000,000 | ---D | M] -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Roaming\TeamViewer
[2010/01/27 18:37:33 | 000,000,000 | ---D | M] -- C:\Users\Danielle.ALLSTATEMEDICAL\AppData\Roaming\Western Digital
[2012/03/07 20:11:36 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/03/19 15:34:20 | 000,049,664 | ---- | M] (ASIX Electronics Corp.) -- C:\Windows\system32\drivers\ax88178.sys
[2012/02/17 00:14:08 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpwd.sys
[2012/02/17 00:13:22 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tdtcp.sys

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2012/03/30 15:01:54 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-1509814436-128713629-2402815506-1164\desktop.ini

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-21 07:00:42

< MD5 for: AGP440.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\Users\Danielle.ALLSTATEMEDICAL\Documents\Retrieved Contents\C_\I386\sp3.cab:AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\Users\Danielle.ALLSTATEMEDICAL\Documents\Retrieved Contents\C_\I386\sp3.cab:atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/07/13 21:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010/11/20 08:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010/11/20 08:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: BEEP.SYS >
[2009/07/13 19:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\ERDNT\cache\beep.sys
[2009/07/13 19:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys
[2009/07/13 19:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: IASTORV.SYS >
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 01:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 01:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 01:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

< MD5 for: KERNEL32.DLL >
[2011/05/14 02:26:31 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=02D5E2D9D9497F314C97E082A1CB9808 -- C:\Windows\SoftwareDistribution\Download\788eedced9cfc84fccce5b1e461f84da\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_95c851f0b48aeae5\kernel32.dll
[2011/05/14 02:26:31 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=02D5E2D9D9497F314C97E082A1CB9808 -- C:\Windows\SoftwareDistribution\Download\a761b4972c9a24b897517ef05212a73f\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_95c851f0b48aeae5\kernel32.dll
[2009/12/08 07:33:31 | 000,857,088 | ---- | M] (Microsoft Corporation) MD5=0369BA73CE6D918745579B24339765E8 -- C:\Windows\SoftwareDistribution\Download\db819f29bde9cba63c745d88615133a9\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16481_none_93903c22b7a2b5ea\kernel32.dll
[2009/12/08 07:33:31 | 000,857,088 | ---- | M] (Microsoft Corporation) MD5=0369BA73CE6D918745579B24339765E8 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16481_none_93903c22b7a2b5ea\kernel32.dll
[2011/06/03 02:01:43 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=11826814AA8C1177CBF6BC40105E9A87 -- C:\Windows\SoftwareDistribution\Download\788eedced9cfc84fccce5b1e461f84da\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_942bb277d0b1dfc0\kernel32.dll
[2011/06/03 02:01:43 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=11826814AA8C1177CBF6BC40105E9A87 -- C:\Windows\SoftwareDistribution\Download\a761b4972c9a24b897517ef05212a73f\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_942bb277d0b1dfc0\kernel32.dll
[2011/07/16 00:25:25 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=12DD18C6ECADEDB922E40B494D315206 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_946467d1d088a0a4\kernel32.dll
[2009/07/13 21:15:35 | 000,857,088 | ---- | M] (Microsoft Corporation) MD5=4605F7EE9805F7E1C98D6C959DD2949C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_93943b64b79f1e1f\kernel32.dll
[2011/05/14 02:35:39 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=4F9C07F0D68E135F1E07C20647FC54F9 -- C:\Windows\SoftwareDistribution\Download\788eedced9cfc84fccce5b1e461f84da\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_93e0f4a0b76565a2\kernel32.dll
[2011/05/14 02:35:39 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=4F9C07F0D68E135F1E07C20647FC54F9 -- C:\Windows\SoftwareDistribution\Download\a761b4972c9a24b897517ef05212a73f\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_93e0f4a0b76565a2\kernel32.dll
[2010/11/20 08:19:26 | 000,857,600 | ---- | M] (Microsoft Corporation) MD5=5553784D774CA845380650E010BBDA2C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_95c54f2cb48da1b9\kernel32.dll
[2011/05/14 03:40:52 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=5717FC9D2A1DAA0596DC7D940F2D613C -- C:\Windows\SoftwareDistribution\Download\788eedced9cfc84fccce5b1e461f84da\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_96481f19cdafbff7\kernel32.dll
[2011/05/14 03:40:52 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=5717FC9D2A1DAA0596DC7D940F2D613C -- C:\Windows\SoftwareDistribution\Download\a761b4972c9a24b897517ef05212a73f\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_96481f19cdafbff7\kernel32.dll
[2011/07/16 00:34:28 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=7E99A20C758ABB5AE89C7AEEA3A9AEB2 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_93afb334b78b3d5c\kernel32.dll
[2011/07/16 00:54:28 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=921F8B3FF01501C9934CCB3C270833D7 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_960c0dc1cdddb3a2\kernel32.dll
[2011/07/16 00:27:30 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=E570CBD732848438EAC574EB3442A2A8 -- C:\Windows\ERDNT\cache\kernel32.dll
[2009/12/08 07:57:44 | 000,857,088 | ---- | M] (Microsoft Corporation) MD5=EB7B2309A2B16EEB73C2C13477FEF8FB -- C:\Windows\SoftwareDistribution\Download\db819f29bde9cba63c745d88615133a9\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20591_none_940f0901d0c871a5\kernel32.dll
[2009/12/08 07:57:44 | 000,857,088 | ---- | M] (Microsoft Corporation) MD5=EB7B2309A2B16EEB73C2C13477FEF8FB -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20591_none_940f0901d0c871a5\kernel32.dll
[2011/07/16 00:27:30 | 000,868,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\kernel32.dll
[2011/07/16 00:27:30 | 000,868,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_95971084b4b0c29f\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2009/07/13 21:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\ERDNT\cache\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\System32\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NDIS.SYS >
[2009/07/13 21:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2010/11/20 08:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\ERDNT\cache\ndis.sys
[2010/11/20 08:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\System32\drivers\ndis.sys
[2010/11/20 08:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NTFS.SYS >
[2011/03/11 01:44:01 | 001,210,240 | ---- | M] (Microsoft Corporation) MD5=187002CE05693C306F43C873F821381F -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16778_none_a65558427e3453b4\ntfs.sys
[2010/11/20 08:30:06 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=33C3093D09017CFE2E219F2472BFF6EB -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_a87893a87b2db29e\ntfs.sys
[2009/07/13 21:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) MD5=3795DCD21F740EE799FB7223234215AF -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_a6477fe07e3f2f04\ntfs.sys
[2011/03/11 01:39:00 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=81189C3D7763838E55C397759D49007A -- C:\Windows\ERDNT\cache\ntfs.sys
[2011/03/11 01:39:00 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=81189C3D7763838E55C397759D49007A -- C:\Windows\System32\drivers\ntfs.sys
[2011/03/11 01:39:00 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=81189C3D7763838E55C397759D49007A -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_a83ab4fe7b5ba649\ntfs.sys
[2011/03/11 01:52:25 | 001,210,752 | ---- | M] (Microsoft Corporation) MD5=A7266D82DB9675AFBDED39695B69EDAC -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys
[2011/03/11 01:28:10 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=E2EDE3F02F95B896A1C7C6F0CC0C4083 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_a8b27fd79487b0a3\ntfs.sys

< MD5 for: NVSTOR.SYS >
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 01:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 01:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 01:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2010/11/20 08:17:30 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\System32\proquota.exe
[2010/11/20 08:17:30 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_29ce61c2f0a740f4\proquota.exe
[2009/07/13 21:14:29 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=8CDF71E78469BE54C29C1AD2FC8DE611 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7600.16385_none_279d4dfaf3b8bd5a\proquota.exe

< MD5 for: QMGR.DLL >
[2009/07/13 21:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
[2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\ERDNT\cache\qmgr.dll
[2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/20 00:25:14 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=2FB4CE429488156B19C0D8E5C4552043 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe
[2009/07/13 21:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=49B6DD6AB3715B7A67965F17194E98A9 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe
[2010/11/20 08:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\ERDNT\cache\spoolsv.exe
[2010/11/20 08:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\System32\spoolsv.exe
[2010/11/20 08:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe
[2010/08/21 01:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TERMSRV.DLL >
[2010/11/20 08:21:28 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\ERDNT\cache\termsrv.dll
[2010/11/20 08:21:28 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\System32\termsrv.dll
[2010/11/20 08:21:28 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll
[2009/07/13 21:16:15 | 000,543,232 | ---- | M] (Microsoft Corporation) MD5=A01E50A04D7B1960B33E92B9080E6A94 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< End of report >


Extras.txt:

OTL Extras logfile created on: 4/1/2012 10:57:39 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Danielle.ALLSTATEMEDICAL\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.73 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 44.26% Memory free
5.45 Gb Paging File | 4.05 Gb Available in Paging File | 74.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 565.98 Gb Total Space | 485.00 Gb Free Space | 85.69% Space Free | Partition Type: NTFS
Drive E: | 29.88 Gb Total Space | 12.82 Gb Free Space | 42.93% Space Free | Partition Type: HFS

Computer Name: DANIELLE-PC | User Name: Danielle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7360N
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A2F0810-3626-4E86-9072-973FBE1679C5}" = QuickBooks Premier: Contractor Edition 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D210D79-AEC5-453B-960C-4DD2C73931E1}" = Bonjour Print Services
"{A9C5A51D-BC22-41E0-8C0A-E85E74B810CE}" = AX88178 Windows 7 Drivers
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{ACCA8CC9-DF7D-446F-A914-D7362211CEE6}" = ProEst Estimating 2011
"{ACDA0C2F-85F6-49C5-9077-22CE28987F93}" = ProEst Estimating 2011
"{B56ACF7B-D7B5-442B-8E1D-6B41347D88B2}" = Boot Camp Services
"{D46700F8-9753-44C6-82A5-7F30C207D2F3}" = Contractor's Office 6.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"065B919FD23D12E588F6E2BFB21F7836E2F0E704" = Windows Driver Package - Intel (e1yexpress) Net (07/16/2008 9.52.10.0)
"07170A155D5587C8782EABA10E94E4127A86F6E4" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.8.3.10)
"0A86889A63334895E2898E1C618451C13E8BEC74" = Windows Driver Package - Atheros Communications Inc. (athr) Net (09/18/2008 7.6.1.122)
"0A8E69CB2299FB82BA54D1D4C0F3B1810146DBAB" = Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (04/27/2011 4.0.0.1)
"111E266FDD1556398EFC13BE47678F96E8497682" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
"1D68F7A8B8397256B162B831457A6775BD17F3F4" = Windows Driver Package - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3)
"1E934494E1FDB938ED1D9B958D5D5D465A07F06A" = Windows Driver Package - Intel (e1qexpress) Net (08/05/2008 10.3.49.0)
"20CF1F4786CB13A83CD2EC358929609A9B7A205C" = Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)
"2A220AD1D71245D60F803E0D8C463ABFFE7C6244" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (02/19/2009 3.0.0.0)
"2AC97D2605162B73D046D68013D1030CB7CFB87E" = Windows Driver Package - Intel (E1G60) Net (01/08/2008 8.3.9.0)
"2E2B6DCC02509BB8D2629A009DE8B5C3055B6779" = Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
"3A712FAD839A90C4CD37CE06FA695DCC4E91A52F" = Windows Driver Package - Apple Inc. Apple Trackpad (03/05/2009 3.0.0.0)
"44E2556E81BCB991055DD976642491906DD3B8A0" = Windows Driver Package - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1)
"4B114013DDC5858DB929CE55F363AB88CDE1F78C" = Windows Driver Package - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1)
"4D00971668041EDAD7097C5827D1739F03B9E5D7" = Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"5405F83664E016638462F8F8C1DAE59D04942778" = Windows Driver Package - Apple Inc. Bluetooth (11/23/2009 3.0.0.4)
"5A42EC04483B9307C1A29CDA2199268A7A8FA52D" = Windows Driver Package - Atheros Communications Inc. Net (09/18/2008 7.6.1.122)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"627745F8E8BB901B043047C3E308B4A76C1194FE" = Windows Driver Package - Intel Net (11/07/2007 8.10.1.0)
"675AAC36E980D647C94EAFFB2F929F247E711708" = Windows Driver Package - Intel Net (07/22/2008 10.3.45.0)
"680D5EED614F3F01A9AD4547E9D81CFE9B0E4902" = Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (08/16/2010 6.6001.1.26)
"68446A4387EFABF44AE4C69CC9B6F9EDF8F10D7A" = Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1)
"695F4B9353FEE9320C20D297713F8828693D8AF3" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112)
"6B401A4481C0B1B07B5D7425378A5C00FF7D75DE" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)
"75B57AFB407D191B0DAEF05EE9665A5A86701A9A" = Windows Driver Package - Broadcom (BCM43XX) Net (10/22/2008 5.10.38.26)
"78C67451B87511098A9A0EC86E75B99B12298F5C" = Windows Driver Package - Intel Net (02/06/2008 9.12.18.0)
"7BD968405DE73C7E0F8E489DB5A5853A6CCB8D1D" = Windows Driver Package - Intel Net (08/05/2008 10.3.49.0)
"7C4C70065E755397913A9698B9D9DF16D7345D18" = Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (01/02/2010 6.6001.1.21)
"82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
"8D5DC06C9163DD58555F626F30703DA7B27EB8EB" = Windows Driver Package - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"950F5FEDF7BEABD19AAE5CEA69570873BE2A99DA" = Windows Driver Package - Atheros Communications Inc. (athr) Net (11/18/2009 8.0.0.258)
"9747248FCA6A074E791AABC17F527823A8225756" = Windows Driver Package - Intel (e1kexpress) Net (07/22/2008 10.3.45.0)
"9AA5295F27284963423D072C7FC59D57CDE15ACA" = Windows Driver Package - Broadcom (b57nd60x) Net (05/28/2009 12.2.0.3)
"A06888013552B918232820F81FDBA706F5CAAD39" = Windows Driver Package - Intel Net (06/13/2008 9.52.9.0)
"A0DAD483951AB3046050D68A2A1D8CEB4A7C61EE" = Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
"A7A7D84907D2DCB34930D77C6BA911E3834C1E34" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1)
"AD3493E108434977125BBF78F47699626F8AF64B" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AEB482706002E9220FBFB86D4A1D24257F71A3D4" = Windows Driver Package - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1)
"AIM_7" = AIM 7
"B345101E6CC8B2FD9765620B9C7BCD3D7002BE6D" = Windows Driver Package - Intel (e1express) Net (02/06/2008 9.12.17.0)
"B4AC4F962DDC0DD6B71FCF20B8F2F694214FAE69" = Windows Driver Package - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)
"B9491C5C199D7236FCDCB76367922461FADC80C7" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1)
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"C5CE3BA75A23622D2140C5D5D0998C07DDC4CF1C" = Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
"CD6212024668E03491C257CA53617893F2E8E924" = Windows Driver Package - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)
"CFC3D985EA69596C8BE0A30313010FCC8CE2C70F" = Windows Driver Package - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7)
"ComputerEase 9.0 Network Client" = ComputerEase 9.0 Network Client
"DCEFA559AE3275AB4F80389685E1BD3D978A5707" = Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (04/29/2009 6.6001.1.8)
"DD660B87FBFA46A1E99C15466EA26AA41E678250" = Windows Driver Package - Apple Inc. Apple Keyboard (03/05/2009 3.0.0.0)
"DE32692B1421420518B0CA8EEDD6DF2A494F279F" = Windows Driver Package - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)
"E9575EA5D430B59D0CFF29323C74D0FBA1898F3B" = Windows Driver Package - Broadcom (BCM43XX) Net (08/21/2009 5.60.18.8)
"F24CB85E5983448F6319803791DEACED91E6565B" = Windows Driver Package - Apple Inc. System (08/22/2008 2.1.1.1)
"F2AE684ADF164A03D9FFABF28F04DDE05ED67BC5" = Windows Driver Package - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)
"F46F6C2CF86ECDFF2CE25B508923B04E2F23F1CE" = Windows Driver Package - Apple Inc. Apple System Device (04/05/2011 3.2.0.8)
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{A9C5A51D-BC22-41E0-8C0A-E85E74B810CE}" = AX88178 Windows 7 Drivers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"Pdf995" = Pdf995
"PDF-XChange 3_is1" = PDF-XChange 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunchClock Client 2.20" = PunchClock Client 2.20
"RS Means Sample Data" = RS Means Sample Data
"TeamViewer 5" = TeamViewer 5
"XobniMain" = Xobni

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"AOL Messaging Toolbar" = AOL Messaging Toolbar
"COMcheck 3.8.1 " = COMcheck 3.8.1 (Current User)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/22/2011 2:01:12 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2011/11/22 13:01:12.714]: [00001448]: ##### Fatal ERROR!!
Create STI-device failed! #####

Error - 11/22/2011 2:01:12 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2011/11/22 13:01:12.714]: [00001448]: Initialize TwdsMain
Class failed!

Error - 11/22/2011 2:03:26 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2011/11/22 13:03:26.528]: [00001448]: ##### Fatal ERROR!!
Create STI-device failed! #####

Error - 11/22/2011 2:03:26 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2011/11/22 13:03:26.528]: [00001448]: Initialize TwdsMain
Class failed!

Error - 11/22/2011 2:14:13 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2011/11/22 13:14:13.130]: [00001448]: ##### Fatal ERROR!!
Create STI-device failed! #####

Error - 11/22/2011 2:14:13 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2011/11/22 13:14:13.130]: [00001448]: Initialize TwdsMain
Class failed!

Error - 11/22/2011 2:21:19 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/11/22 13:21:19.852]: [00002224]: CBrUsbSti: GetDevCapa
Failed.

Error - 11/22/2011 2:21:21 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/11/22 13:21:21.163]: [00002224]: CBrUsbSti: GetDevCapa
Failed.

Error - 11/22/2011 2:21:21 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/11/22 13:21:21.272]: [00002224]: CBrUsbSti: GetDevCapa
Failed.

Error - 11/22/2011 2:21:47 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = Brother BrLog | ID = 1001
Description = WIA BrtWIA: [2011/11/22 13:21:47.510]: [00002224]: Unlinking WIA item
tree

[ Media Center Events ]
Error - 8/15/2011 2:50:59 AM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = MCUpdate | ID = 0
Description = 2:50:59 AM - Error connecting to the internet. 2:50:59 AM - Unable
to contact server..

Error - 8/15/2011 2:51:23 AM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = MCUpdate | ID = 0
Description = 2:51:20 AM - Error connecting to the internet. 2:51:20 AM - Unable
to contact server..

Error - 8/15/2011 3:52:06 AM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = MCUpdate | ID = 0
Description = 3:52:06 AM - Error connecting to the internet. 3:52:06 AM - Unable
to contact server..

Error - 8/15/2011 3:52:30 AM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = MCUpdate | ID = 0
Description = 3:52:27 AM - Error connecting to the internet. 3:52:27 AM - Unable
to contact server..

Error - 8/15/2011 4:53:01 AM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = MCUpdate | ID = 0
Description = 4:53:01 AM - Error connecting to the internet. 4:53:01 AM - Unable
to contact server..

Error - 8/15/2011 4:53:23 AM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = MCUpdate | ID = 0
Description = 4:53:22 AM - Error connecting to the internet. 4:53:22 AM - Unable
to contact server..

Error - 8/15/2011 5:53:55 AM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = MCUpdate | ID = 0
Description = 5:53:55 AM - Error connecting to the internet. 5:53:55 AM - Unable
to contact server..

Error - 8/15/2011 5:54:16 AM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = MCUpdate | ID = 0
Description = 5:54:15 AM - Error connecting to the internet. 5:54:15 AM - Unable
to contact server..

Error - 8/15/2011 6:54:48 AM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = MCUpdate | ID = 0
Description = 6:54:48 AM - Error connecting to the internet. 6:54:48 AM - Unable
to contact server..

Error - 8/15/2011 6:55:09 AM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = MCUpdate | ID = 0
Description = 6:55:08 AM - Error connecting to the internet. 6:55:08 AM - Unable
to contact server..

[ OSession Events ]
Error - 3/29/2010 3:22:19 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20934
seconds with 2820 seconds of active time. This session ended with a crash.

Error - 6/25/2010 3:26:16 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13365
seconds with 4620 seconds of active time. This session ended with a crash.

Error - 9/8/2010 1:35:48 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14964
seconds with 7260 seconds of active time. This session ended with a crash.

Error - 2/29/2012 2:50:22 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 254
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/30/2012 3:53:35 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = UmrdpService | ID = 1111
Description = Driver Amyuni Document Converter 2.50 required for printer Extended
Solutions PDF Converter is unknown. Contact the administrator to install the driver
before you log in again.

Error - 3/30/2012 4:03:46 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain ALLSTATEMEDICAL due to the following: %%1311 This may lead to authentication
problems. Make sure that this computer is connected to the network. If the problem
persists, please contact your domain administrator. ADDITIONAL INFO If this computer
is a domain controller for the specified domain, it sets up the secure session to
the primary domain controller emulator in the specified domain. Otherwise, this
computer sets up the secure session to any domain controller in the specified domain.

Error - 3/30/2012 4:03:47 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = Service Control Manager | ID = 7000
Description = The M4-Service service failed to start due to the following error:
%%2

Error - 3/30/2012 4:03:48 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 3/30/2012 4:03:12 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = NetBT | ID = 4321
Description = The name "ALLSTATEMEDICAL:1d" could not be registered on the interface
with IP address 192.168.1.130. The computer with the IP address 192.168.1.100 did
not allow the name to be claimed by this computer.

Error - 3/30/2012 4:03:12 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = NetBT | ID = 4321
Description = The name "ALLSTATEMEDICAL:1d" could not be registered on the interface
with IP address 192.168.1.130. The computer with the IP address 192.168.1.100 did
not allow the name to be claimed by this computer.

Error - 3/30/2012 4:05:30 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = DCOM | ID = 10016
Description =

Error - 3/30/2012 4:05:31 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = DCOM | ID = 10016
Description =

Error - 3/30/2012 4:05:44 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = UmrdpService | ID = 1111
Description = Driver Amyuni Document Converter 2.50 required for printer Extended
Solutions PDF Converter is unknown. Contact the administrator to install the driver
before you log in again.

Error - 3/30/2012 4:25:26 PM | Computer Name = DANIELLE-PC.ALLSTATEMEDICAL.LOCAL | Source = UmrdpService | ID = 1111
Description = Driver Amyuni Document Converter 2.50 required for printer Extended
Solutions PDF Converter is unknown. Contact the administrator to install the driver
before you log in again.


< End of report >



asrMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-01 11:14:44
-----------------------------
11:14:44.360 OS Version: Windows 6.1.7601 Service Pack 1
11:14:44.360 Number of processors: 2 586 0x170A
11:14:44.361 ComputerName: DANIELLE-PC UserName: Danielle
11:14:45.541 Initialize success
11:14:49.309 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:14:49.310 Disk 0 Vendor: WDC_WD6400AAKS-40H2B0 07.04C07 Size: 610480MB BusType: 3
11:14:49.350 Disk 0 MBR read successfully
11:14:49.351 Disk 0 MBR scan
11:14:49.353 Disk 0 Windows 7 default MBR code
11:14:49.355 Disk 0 Partition 1 00 EE GPT 200 MB offset 1
11:14:49.373 Disk 0 Partition 2 00 AF HFS / HFS+ 30592 MB offset 409640
11:14:49.390 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 579559 MB offset 63326208
11:14:49.393 Disk 0 scanning sectors +1250263040
11:14:49.502 Disk 0 scanning C:\Windows\system32\drivers
11:15:02.438 Service scanning
11:15:07.866 Service MpKsl1d58b14b c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AF92B2ED-7402-431C-B4A8-13BDA8BE22A6}\MpKsl1d58b14b.sys **LOCKED** 32
11:15:07.882 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
11:15:13.027 Service Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys **LOCKED** 32
11:15:14.204 Modules scanning
11:15:21.699 Disk 0 trace - called modules:
11:15:21.730 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS >>UNKNOWN [0x87639851]<<
11:15:21.733 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8697d030]
11:15:21.735 3 CLASSPNP.SYS[8af8059e] -> nt!IofCallDriver -> [0x868bc888]
11:15:21.736 5 ACPI.sys[83ca63d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85bc2610]
11:15:21.738 Scan finished successfully
11:15:30.363 Disk 0 MBR has been saved successfully to "C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\MBR.dat"
11:15:30.371 The log file has been saved successfully to "C:\Users\Danielle.ALLSTATEMEDICAL\Desktop\aswMBR.txt"



Thanks!

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:42 AM

Posted 01 April 2012 - 12:48 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    ataport.sys
    kernel32.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
===

Please run aswMRB tool again.
Just let me know if the option to Fix and or FixMRB is (are available to you.)
Do not execute any for the moment.

#15 leibtek

leibtek
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 01 April 2012 - 12:59 PM

SystenLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 13:55 on 01/04/2012 by Danielle
Administrator - Elevation successful

========== filefind ==========

Searching for "ataport.sys"
C:\Windows\System32\drivers\ataport.sys --a---- 132992 bytes [16:41 12/03/2012] [12:29 20/11/2010] 4B55C9F9A93B3BFD01ED7366EB0B9D2E
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\ataport.sys --a---- 132992 bytes [16:41 12/03/2012] [12:29 20/11/2010] 4B55C9F9A93B3BFD01ED7366EB0B9D2E
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\ataport.sys --a---- 133200 bytes [23:11 13/07/2009] [01:26 14/07/2009] BCA15585EFDDE7EBA8568BDFB75983A3
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\ataport.sys --a---- 132992 bytes [16:41 12/03/2012] [12:29 20/11/2010] 4B55C9F9A93B3BFD01ED7366EB0B9D2E

Searching for "kernel32.dll"
C:\Windows\ERDNT\cache\kernel32.dll --a---- 868352 bytes [03:55 09/03/2012] [04:27 16/07/2011] E570CBD732848438EAC574EB3442A2A8
C:\Windows\SoftwareDistribution\Download\788eedced9cfc84fccce5b1e461f84da\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_93e0f4a0b76565a2\kernel32.dll --a---- 868352 bytes [21:39 12/07/2011] [06:35 14/05/2011] 4F9C07F0D68E135F1E07C20647FC54F9
C:\Windows\SoftwareDistribution\Download\788eedced9cfc84fccce5b1e461f84da\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_942bb277d0b1dfc0\kernel32.dll --a---- 868352 bytes [21:39 12/07/2011] [06:01 03/06/2011] 11826814AA8C1177CBF6BC40105E9A87
C:\Windows\SoftwareDistribution\Download\788eedced9cfc84fccce5b1e461f84da\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_95c851f0b48aeae5\kernel32.dll --a---- 868352 bytes [21:39 12/07/2011] [06:26 14/05/2011] 02D5E2D9D9497F314C97E082A1CB9808
C:\Windows\SoftwareDistribution\Download\788eedced9cfc84fccce5b1e461f84da\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_96481f19cdafbff7\kernel32.dll --a---- 868352 bytes [21:39 12/07/2011] [07:40 14/05/2011] 5717FC9D2A1DAA0596DC7D940F2D613C
C:\Windows\SoftwareDistribution\Download\a761b4972c9a24b897517ef05212a73f\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_93e0f4a0b76565a2\kernel32.dll --a---- 868352 bytes [21:39 12/07/2011] [06:35 14/05/2011] 4F9C07F0D68E135F1E07C20647FC54F9
C:\Windows\SoftwareDistribution\Download\a761b4972c9a24b897517ef05212a73f\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_942bb277d0b1dfc0\kernel32.dll --a---- 868352 bytes [21:39 12/07/2011] [06:01 03/06/2011] 11826814AA8C1177CBF6BC40105E9A87
C:\Windows\SoftwareDistribution\Download\a761b4972c9a24b897517ef05212a73f\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_95c851f0b48aeae5\kernel32.dll --a---- 868352 bytes [21:39 12/07/2011] [06:26 14/05/2011] 02D5E2D9D9497F314C97E082A1CB9808
C:\Windows\SoftwareDistribution\Download\a761b4972c9a24b897517ef05212a73f\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_96481f19cdafbff7\kernel32.dll --a---- 868352 bytes [21:39 12/07/2011] [07:40 14/05/2011] 5717FC9D2A1DAA0596DC7D940F2D613C
C:\Windows\SoftwareDistribution\Download\db819f29bde9cba63c745d88615133a9\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16481_none_93903c22b7a2b5ea\kernel32.dll --a---- 857088 bytes [20:08 10/02/2010] [11:33 08/12/2009] 0369BA73CE6D918745579B24339765E8
C:\Windows\SoftwareDistribution\Download\db819f29bde9cba63c745d88615133a9\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20591_none_940f0901d0c871a5\kernel32.dll --a---- 857088 bytes [20:08 10/02/2010] [11:57 08/12/2009] EB7B2309A2B16EEB73C2C13477FEF8FB
C:\Windows\System32\kernel32.dll --a---- 868352 bytes [01:27 10/08/2011] [04:27 16/07/2011] E570CBD732848438EAC574EB3442A2A8
C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_93943b64b79f1e1f\kernel32.dll --a---- 857088 bytes [23:16 13/07/2009] [01:15 14/07/2009] 4605F7EE9805F7E1C98D6C959DD2949C
C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16481_none_93903c22b7a2b5ea\kernel32.dll --a---- 857088 bytes [01:57 09/03/2010] [11:33 08/12/2009] 0369BA73CE6D918745579B24339765E8
C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_93afb334b78b3d5c\kernel32.dll --a---- 868352 bytes [01:27 10/08/2011] [04:34 16/07/2011] 7E99A20C758ABB5AE89C7AEEA3A9AEB2
C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20591_none_940f0901d0c871a5\kernel32.dll --a---- 857088 bytes [01:57 09/03/2010] [11:57 08/12/2009] EB7B2309A2B16EEB73C2C13477FEF8FB
C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_946467d1d088a0a4\kernel32.dll --a---- 868352 bytes [01:27 10/08/2011] [04:25 16/07/2011] 12DD18C6ECADEDB922E40B494D315206
C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_95c54f2cb48da1b9\kernel32.dll --a---- 857600 bytes [16:42 12/03/2012] [12:19 20/11/2010] 5553784D774CA845380650E010BBDA2C
C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_95971084b4b0c29f\kernel32.dll --a---- 868352 bytes [01:27 10/08/2011] [04:27 16/07/2011] E570CBD732848438EAC574EB3442A2A8
C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_960c0dc1cdddb3a2\kernel32.dll --a---- 868352 bytes [01:27 10/08/2011] [04:54 16/07/2011] 921F8B3FF01501C9934CCB3C270833D7

-= EOF =-


In the aswMBR, the "FIXMBR" is available before scanning and stays available after scanning. The "FIX" button is not available.

Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users