Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happili Redirect


  • This topic is locked This topic is locked
22 replies to this topic

#1 Victoria GN

Victoria GN

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 10 April 2012 - 10:35 AM

I did a complete reformat of my computer a week ago. I have Windows XP Pro 2002 SP3. A couple days ago Google started to redirect to Happili search and some other suspicious search sites. I use Firefox as my main browser, but the problem also exists in Internet Explorer. I have AVG but it hasn't found anything. Any help is much appreciated!!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:50 PM

Posted 11 April 2012 - 06:09 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Victoria GN

Victoria GN
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 11 April 2012 - 09:35 AM

Thank you Gringo for the help! I had no problems. Here are the requested logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Victoria Weeks at 10:19:58 on 2012-04-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.269 [GMT -4:00]
.
AV: AVG Anti-Virus Business Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dentrix\DtxQuickLaunch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dentrix\eSyncReminder.exe
C:\Program Files\Dentrix\WebSyncReminder.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Dentrix\Apptbook.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
uRun: [DtxQuickLaunch.exe] c:\program files\dentrix\DtxQuickLaunch.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [ckshzi] rundll32.exe "c:\docume~1\victor~1\locals~1\temp\ckshzi.dll",EnumMCCustomSetNumberReset
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\esyncr~1.lnk - c:\program files\dentrix\eSyncReminder.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\websyn~1.lnk - c:\program files\dentrix\WebSyncReminder.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: DhcpNameServer = 69.57.112.10
TCP: Interfaces\{2C6C9C81-8D10-480C-B695-747524A9D827} : DhcpNameServer = 69.57.112.10
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: LMIinit - LMIinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\victoria weeks\application data\mozilla\firefox\profiles\lvlnod1z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2012-4-5 3456]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidsehx.sys [2011-12-23 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-2-22 299472]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-3-29 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-3-29 47640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S0 cerc6;cerc6; [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-2-14 5104992]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 253600]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2012-04-10 18:26:53 -------- d-sh--w- c:\documents and settings\victoria weeks\PrivacIE
2012-04-05 21:19:18 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2012-04-05 21:19:16 -------- d-----w- c:\program files\Belarc
2012-04-05 21:19:11 356352 ----a-w- c:\windows\system32\nvudisp.exe
2012-04-05 21:10:38 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2012-04-05 20:58:31 -------- d-----w- c:\windows\system32\ReinstallBackups
2012-04-05 20:58:19 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2012-04-05 20:58:19 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2012-04-05 20:58:19 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2012-04-05 20:58:19 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2012-04-05 20:58:19 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2012-04-05 20:58:18 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2012-04-05 20:58:18 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2012-04-05 20:58:17 3456 ----a-w- c:\windows\system32\drivers\atiide.sys
2012-04-05 20:56:51 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll
2012-04-05 15:52:18 -------- d-----w- c:\documents and settings\victoria weeks\local settings\application data\{4D498DFE-7F37-11E1-826D-B8AC6F996F26}
2012-04-05 14:47:17 -------- d-----w- c:\documents and settings\victoria weeks\.gimp-2.6
2012-04-05 14:44:39 -------- d-----w- c:\program files\GIMP-2.0
2012-04-03 16:15:32 -------- d-----w- C:\DtxTemp
2012-04-02 17:30:21 -------- d-sh--w- c:\documents and settings\victoria weeks\IETldCache
2012-03-29 23:13:31 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-03-29 23:13:11 -------- d-----w- c:\windows\ie8updates
2012-03-29 23:13:01 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-03-29 23:12:58 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-03-29 23:12:58 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-03-29 23:12:58 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-03-29 23:12:57 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-03-29 23:12:57 11082240 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-03-29 23:12:56 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-03-29 23:10:47 -------- dc-h--w- c:\windows\ie8
2012-03-29 22:23:36 -------- d-----w- c:\program files\MSXML 4.0
2012-03-29 19:57:23 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-03-29 19:57:23 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-03-29 19:52:24 -------- d-----w- c:\documents and settings\victoria weeks\application data\PDF reDirect
2012-03-29 19:52:17 -------- d-----w- c:\program files\PDF reDirect
2012-03-29 19:50:52 -------- d-----w- c:\documents and settings\victoria weeks\local settings\application data\LogMeIn
2012-03-29 19:50:52 -------- d-----w- c:\documents and settings\all users\application data\LogMeIn
2012-03-29 19:50:46 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-03-29 19:50:46 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-03-29 19:50:45 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-03-29 19:50:45 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2012-03-29 19:50:45 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-03-29 19:50:29 10144 ----a-w- c:\windows\system32\drivers\lmimirr.sys
2012-03-29 19:50:12 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-03-29 19:50:00 -------- d-----w- c:\program files\LogMeIn
2012-03-29 19:39:59 -------- d-----w- C:\EPSONREG
2012-03-29 19:39:42 33280 ----a-w- c:\windows\system32\esccm.dll
2012-03-29 19:39:42 32256 ----a-w- c:\windows\system32\escwiab.dll
2012-03-29 19:39:42 27648 ----a-w- c:\windows\system32\escimg.dll
2012-03-29 19:39:42 184320 ----a-w- c:\windows\system32\ESDTR.dll
2012-03-29 19:39:39 -------- d-----w- c:\program files\EPSON
2012-03-29 19:39:23 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-03-29 19:39:23 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-03-29 19:39:23 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2012-03-29 19:39:23 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-03-29 19:39:21 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2012-03-29 19:22:59 -------- d-----w- c:\documents and settings\victoria weeks\application data\AVG2012
2012-03-29 19:18:32 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-03-29 19:17:42 -------- d--h--w- C:\$AVG
2012-03-29 19:17:41 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-29 19:17:41 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2012-03-29 19:17:17 -------- d-----w- c:\program files\AVG
2012-03-29 19:16:42 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-03-29 19:12:02 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2012-03-29 17:12:41 -------- d-----w- c:\documents and settings\victoria weeks\local settings\application data\Pacific_Rim_Software_Inc
2012-03-29 17:12:32 -------- d-----w- c:\documents and settings\all users\application data\Pacific Rim Software Inc
2012-03-29 17:11:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-03-29 17:11:55 -------- d-----w- c:\program files\ShopClock-3
2012-03-29 17:11:52 -------- dc-h--w- c:\documents and settings\all users\application data\{D6D06521-3CB7-4D12-ADCC-FB430D2121D0}
2012-03-29 17:11:17 -------- d-----w- c:\documents and settings\victoria weeks\local settings\application data\PackageAware
2012-03-29 16:19:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-29 16:19:51 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 00:29:48 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-03-29 00:29:48 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-03-29 00:29:34 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-03-29 00:29:34 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-03-28 23:09:51 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-03-28 23:09:51 215920 ----a-w- c:\windows\system32\muweb.dll
2012-03-28 23:09:51 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-03-28 23:04:19 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-03-28 23:04:19 272128 ------w- c:\windows\system32\drivers\bthport.sys
2012-03-28 23:01:28 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-03-28 22:52:12 -------- d-----w- c:\documents and settings\all users\Microsoft
2012-03-28 22:49:17 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-03-28 22:49:17 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-28 22:47:43 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-03-28 22:47:11 -------- d-----w- c:\windows\SHELLNEW
2012-03-28 22:46:08 -------- d-----w- c:\documents and settings\victoria weeks\local settings\application data\Microsoft Help
2012-03-28 22:43:26 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-03-28 22:42:57 -------- d-----w- c:\windows\system32\PreInstall
2012-03-28 22:42:56 -------- d--h--w- c:\windows\$hf_mig$
2012-03-28 22:27:37 45568 ----a-r- c:\windows\system32\drivers\bcm4sbxp.sys
2012-03-28 22:27:29 -------- d-----w- c:\program files\Broadcom
2012-03-28 22:21:19 -------- d-----w- c:\program files\ATI Technologies
2012-03-28 22:21:17 -------- d-----w- c:\program files\ATI
2012-03-28 22:10:03 69632 ----a-r- c:\documents and settings\victoria weeks\application data\microsoft\installer\{2288be45-8868-47dd-a501-7f881c9184dd}\GURULite1_2288BE45886847DDA5017F881C9184DD.exe
2012-03-28 22:10:03 69632 ----a-r- c:\documents and settings\victoria weeks\application data\microsoft\installer\{2288be45-8868-47dd-a501-7f881c9184dd}\GURULite_2288BE45886847DDA5017F881C9184DD.exe
2012-03-28 22:10:03 69632 ----a-r- c:\documents and settings\victoria weeks\application data\microsoft\installer\{2288be45-8868-47dd-a501-7f881c9184dd}\ARPPRODUCTICON.exe
2012-03-28 22:09:52 -------- d-----w- c:\program files\GURU LE
2012-03-28 22:09:32 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-03-28 22:09:32 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-03-28 22:09:32 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-03-28 22:09:32 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-03-28 22:09:32 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-03-28 22:09:32 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-03-28 22:09:32 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-03-28 22:09:06 -------- d-----w- c:\documents and settings\victoria weeks\local settings\application data\Apple Computer
2012-03-28 22:07:44 -------- d-----w- c:\program files\Windows Journal Viewer
2012-03-28 22:07:26 21144 ----a-w- c:\windows\system32\novamnm5.dll
2012-03-28 22:07:26 18072 ----a-w- c:\windows\system32\novamim5.dll
2012-03-28 22:07:24 -------- d-----w- c:\program files\Softland
2012-03-28 22:07:23 -------- d-----w- c:\documents and settings\all users\application data\DtxDocCenter
2012-03-28 22:07:01 -------- d-----w- c:\program files\common files\Borland Shared
2012-03-28 22:06:34 -------- d-----w- c:\program files\Dentrix
.
==================== Find3M ====================
.
2012-03-28 21:48:58 21504 ----a-w- c:\windows\jestertb.dll
2012-02-22 10:25:52 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 10:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 09:46:50 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 10:20:48.31 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/28/2012 5:31:50 PM
System Uptime: 4/9/2012 1:16:58 PM (45 hours ago)
.
Motherboard: Dell Inc. | | 0TY915
Processor: Intel® Core™2 Duo CPU E4400 @ 2.00GHz | Microprocessor | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 60.749 GiB free.
D: is CDROM ()
E: is NetworkDisk (NTFS) - 200 GiB total, 148.56 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 3/28/2012 5:35:09 PM - System Checkpoint
RP2: 3/28/2012 6:27:18 PM - Installed Broadcom 440x 10/100 Integrated Controller
RP3: 3/28/2012 5:28:24 PM - Installed Broadcom Management Programs.
RP4: 3/28/2012 6:03:45 PM - Installed DENTRIX G4
RP5: 3/28/2012 6:04:50 PM - Installed DENTRIX G4
RP6: 3/28/2012 6:07:41 PM - Installed Microsoft Windows Journal Viewer
RP7: 3/28/2012 6:07:50 PM - Installed Adobe Reader 8.1.0
RP8: 3/28/2012 6:08:24 PM - Installed Adobe Flash Player 9 ActiveX.
RP9: 3/28/2012 6:08:42 PM - Installed DirectX
RP10: 3/28/2012 6:09:10 PM - Installed QuickTime
RP11: 3/28/2012 6:09:51 PM - Installed Guru Limited Edition.
RP12: 3/28/2012 6:22:21 PM - Installed Windows KB954550-v5.
RP13: 3/28/2012 6:22:27 PM - Printer Driver Microsoft XPS Document Writer Installed
RP14: 3/28/2012 6:27:23 PM - Printer Driver Microsoft XPS Document Writer Installed
RP15: 3/28/2012 6:42:53 PM - Software Distribution Service 3.0
RP16: 3/28/2012 6:45:11 PM - Installed Microsoft Office Home and Business 2010
RP17: 3/28/2012 6:55:29 PM - Printer Driver Send To Microsoft OneNote 2010 Driver Installed
RP18: 3/29/2012 3:17:15 PM - Installed AVG 2012
RP19: 3/29/2012 3:17:30 PM - Installed AVG 2012
RP20: 3/29/2012 3:39:39 PM - Installed EPSON Scan
RP21: 3/29/2012 3:49:59 PM - Installed LogMeIn
RP22: 3/29/2012 3:52:29 PM - Printer Driver PDF reDirect Pro Installed
RP23: 3/29/2012 3:53:29 PM - Printer Driver LogMeIn Printer Driver Installed
RP24: 3/29/2012 6:19:47 PM - Software Distribution Service 3.0
RP25: 4/2/2012 1:34:58 PM - Installed Windows XP WgaNotify.
RP26: 4/3/2012 3:00:28 AM - Software Distribution Service 3.0
RP27: 4/4/2012 3:40:06 AM - System Checkpoint
RP28: 4/5/2012 4:19:17 AM - System Checkpoint
RP29: 4/5/2012 4:56:55 PM - Installed SoundMAX
RP30: 4/5/2012 4:57:02 PM - Installed SoundMAX
RP31: 4/9/2012 5:17:44 PM - System Checkpoint
RP32: 4/10/2012 5:40:12 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.0
AVG 2012
Belarc Advisor 8.2
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
Crystal Reports Basic Runtime for Visual Studio 2008
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DENTRIX G4
EPSON EXP 1680 Guide
EPSON Scan
GIMP 2.6.11
Guru Limited Edition
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
LogMeIn
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC++9.0 redistributables
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows Journal Viewer
Mozilla Firefox 11.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
PDF reDirect (remove only)
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Send to Dentrix Document Center (novaPDF Professional Desktop O
ShopClock-3
SoundMAX
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
.
==== Event Viewer Messages From Past Week ========
.
4/5/2012 2:45:54 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.GdiPlus. Reference error message: The referenced assembly is not installed on your system. .
4/5/2012 2:45:54 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Microsoft Office\Office14\OImg.DLL. Reference error message: The operation completed successfully. .
4/5/2012 2:45:54 PM, error: SideBySide [32] - Dependent Assembly Microsoft.Windows.GdiPlus could not be found and Last Error was The referenced assembly is not installed on your system.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:50 PM

Posted 11 April 2012 - 09:39 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Victoria GN

Victoria GN
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 11 April 2012 - 04:52 PM

Ok ran combofix. It went to blue screen during the first run. Shut down and re-ran it. It completed. The log is below. Seems to being running okay. I did a couple of Google searches and clicked the links and there were no redirects...

ComboFix 12-04-11.03 - Victoria Weeks 04/11/2012 17:33:15.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.519 [GMT -4:00]
Running from: c:\documents and settings\Victoria Weeks\Desktop\ComboFix.exe
AV: AVG Anti-Virus Business Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\VICTOR~1\LOCALS~1\Temp\ckshzi.dll
c:\documents and settings\Victoria Weeks\Local Settings\Temp\ckshzi.dll
c:\windows\jestertb.dll
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-03 16:15 . 2012-04-10 15:01 -------- d-----w- C:\DtxTemp
2012-03-29 19:39 . 2012-03-29 19:40 -------- d-----w- C:\EPSONREG
2012-03-29 19:17 . 2012-03-29 19:17 -------- d-----w- C:\$AVG
2012-03-28 22:45 . 2012-03-28 22:45 -------- d-----r- C:\MSOCache
2012-03-28 22:22 . 2012-03-28 22:22 -------- d-----w- C:\523cac2ed82e568637c404
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 10:25 . 2012-02-22 10:25 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 10:25 . 2012-02-22 10:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-03 09:22 . 2008-04-13 23:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 09:46 . 2012-01-31 09:46 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-03-13 04:39 . 2012-03-28 21:40 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DtxQuickLaunch.exe"="c:\program files\Dentrix\DtxQuickLaunch.exe" [2010-11-11 89240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
eSync Reminder.lnk - c:\program files\Dentrix\eSyncReminder.exe [2009-1-28 222480]
WebSync Reminder.lnk - c:\program files\Dentrix\WebSyncReminder.exe [2009-1-28 86016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-02-01 02:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgwdsvc.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [4/5/2012 4:58 PM 3456]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidsehx.sys [12/23/2011 2:32 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 5:46 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 6:25 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/22/2012 6:25 AM 299472]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 5:53 AM 193288]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [3/29/2012 3:53 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 7:46 PM 12856]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 2:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 2:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 2:32 PM 17232]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S0 cerc6;cerc6; [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2/14/2012 5:52 AM 5104992]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/29/2012 12:19 PM 253600]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 16:19]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 69.57.112.10
FF - ProfilePath - c:\documents and settings\Victoria Weeks\Application Data\Mozilla\Firefox\Profiles\lvlnod1z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-11 17:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\LMIinit.dll
c:\windows\System32\NETUI1.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2012-04-11 17:42:32
ComboFix-quarantined-files.txt 2012-04-11 21:42
.
Pre-Run: 65,147,899,904 bytes free
Post-Run: 65,343,881,216 bytes free
.
- - End Of File - - DDADD1B9FB813C7CBD98DFA96FB8F786

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:50 PM

Posted 11 April 2012 - 06:34 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Victoria GN

Victoria GN
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 12 April 2012 - 10:28 AM

I ran TDSSKiller with no problems. Nothing was found, the report is below. I could not get the link for the aswMBR program to work.

11:24:08.0296 0792 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
11:24:08.0437 0792 ============================================================
11:24:08.0437 0792 Current date / time: 2012/04/12 11:24:08.0437
11:24:08.0437 0792 SystemInfo:
11:24:08.0437 0792
11:24:08.0437 0792 OS Version: 5.1.2600 ServicePack: 3.0
11:24:08.0437 0792 Product type: Workstation
11:24:08.0437 0792 ComputerName: CONSULTROOM
11:24:08.0437 0792 UserName: Victoria Weeks
11:24:08.0437 0792 Windows directory: C:\WINDOWS
11:24:08.0437 0792 System windows directory: C:\WINDOWS
11:24:08.0437 0792 Processor architecture: Intel x86
11:24:08.0437 0792 Number of processors: 2
11:24:08.0437 0792 Page size: 0x1000
11:24:08.0437 0792 Boot type: Normal boot
11:24:08.0437 0792 ============================================================
11:24:10.0437 0792 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:24:10.0437 0792 Drive \Device\Harddisk1\DR3 - Size: 0x3C100000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:24:10.0437 0792 \Device\Harddisk0\DR0:
11:24:10.0437 0792 MBR used
11:24:10.0437 0792 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x94E3276
11:24:10.0437 0792 \Device\Harddisk1\DR3:
11:24:10.0437 0792 MBR used
11:24:10.0437 0792 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1E07E0
11:24:10.0453 0792 Initialize success
11:24:10.0453 0792 ============================================================
11:24:11.0609 2528 ============================================================
11:24:11.0609 2528 Scan started
11:24:11.0609 2528 Mode: Manual;
11:24:11.0609 2528 ============================================================
11:24:12.0546 2528 Abiosdsk - ok
11:24:12.0578 2528 abp480n5 - ok
11:24:12.0625 2528 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:24:12.0640 2528 ACPI - ok
11:24:12.0703 2528 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:24:12.0703 2528 ACPIEC - ok
11:24:12.0765 2528 ADIHdAudAddService (f959f333a01f5c109e9d644c3bd8301c) C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:24:12.0765 2528 ADIHdAudAddService - ok
11:24:12.0859 2528 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:24:12.0875 2528 AdobeFlashPlayerUpdateSvc - ok
11:24:12.0875 2528 adpu160m - ok
11:24:12.0906 2528 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:24:12.0921 2528 aec - ok
11:24:12.0968 2528 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:24:12.0984 2528 AFD - ok
11:24:13.0000 2528 Aha154x - ok
11:24:13.0015 2528 aic78u2 - ok
11:24:13.0031 2528 aic78xx - ok
11:24:13.0062 2528 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:24:13.0078 2528 Alerter - ok
11:24:13.0109 2528 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:24:13.0109 2528 ALG - ok
11:24:13.0109 2528 AliIde - ok
11:24:13.0125 2528 amsint - ok
11:24:13.0156 2528 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
11:24:13.0171 2528 AppMgmt - ok
11:24:13.0171 2528 asc - ok
11:24:13.0187 2528 asc3350p - ok
11:24:13.0187 2528 asc3550 - ok
11:24:13.0296 2528 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:24:13.0296 2528 aspnet_state - ok
11:24:13.0328 2528 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:24:13.0328 2528 AsyncMac - ok
11:24:13.0343 2528 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:24:13.0343 2528 atapi - ok
11:24:13.0343 2528 Atdisk - ok
11:24:13.0390 2528 atiide (1842b56b3d3f195c36f62708d266b95e) C:\WINDOWS\system32\DRIVERS\atiide.sys
11:24:13.0390 2528 atiide - ok
11:24:13.0390 2528 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:24:13.0406 2528 Atmarpc - ok
11:24:13.0437 2528 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:24:13.0437 2528 AudioSrv - ok
11:24:13.0500 2528 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:24:13.0500 2528 audstub - ok
11:24:13.0812 2528 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files\AVG\AVG2012\avgidsagent.exe
11:24:13.0984 2528 AVGIDSAgent - ok
11:24:14.0031 2528 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
11:24:14.0031 2528 AVGIDSDriver - ok
11:24:14.0078 2528 AVGIDSEH (f4050c31e6a83cf1e4cdc80d165f7f08) C:\WINDOWS\system32\DRIVERS\avgidsehx.sys
11:24:14.0078 2528 AVGIDSEH - ok
11:24:14.0093 2528 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
11:24:14.0093 2528 AVGIDSFilter - ok
11:24:14.0109 2528 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
11:24:14.0109 2528 AVGIDSShim - ok
11:24:14.0125 2528 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
11:24:14.0125 2528 Avgldx86 - ok
11:24:14.0140 2528 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
11:24:14.0140 2528 Avgmfx86 - ok
11:24:14.0156 2528 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
11:24:14.0156 2528 Avgrkx86 - ok
11:24:14.0171 2528 Avgtdix (b2fc9d4de6a2e57a4dfb5a11440c5b85) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
11:24:14.0187 2528 Avgtdix - ok
11:24:14.0234 2528 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
11:24:14.0234 2528 avgwd - ok
11:24:14.0296 2528 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
11:24:14.0296 2528 BANTExt - ok
11:24:14.0343 2528 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
11:24:14.0343 2528 bcm4sbxp - ok
11:24:14.0406 2528 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:24:14.0406 2528 Beep - ok
11:24:14.0484 2528 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:24:14.0546 2528 BITS - ok
11:24:14.0609 2528 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:24:14.0609 2528 Browser - ok
11:24:14.0875 2528 catchme - ok
11:24:15.0406 2528 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:24:15.0468 2528 cbidf2k - ok
11:24:15.0515 2528 cd20xrnt - ok
11:24:15.0531 2528 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:24:15.0531 2528 Cdaudio - ok
11:24:15.0562 2528 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:24:15.0562 2528 Cdfs - ok
11:24:15.0609 2528 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:24:15.0609 2528 Cdrom - ok
11:24:15.0609 2528 cerc6 - ok
11:24:15.0625 2528 Changer - ok
11:24:15.0656 2528 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:24:15.0656 2528 CiSvc - ok
11:24:15.0671 2528 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:24:15.0671 2528 ClipSrv - ok
11:24:15.0765 2528 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:24:15.0765 2528 clr_optimization_v2.0.50727_32 - ok
11:24:15.0796 2528 CmdIde - ok
11:24:15.0812 2528 COMSysApp - ok
11:24:15.0828 2528 Cpqarray - ok
11:24:15.0890 2528 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:24:15.0890 2528 CryptSvc - ok
11:24:15.0890 2528 dac2w2k - ok
11:24:15.0906 2528 dac960nt - ok
11:24:15.0984 2528 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:24:16.0000 2528 DcomLaunch - ok
11:24:16.0046 2528 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:24:16.0046 2528 Dhcp - ok
11:24:16.0062 2528 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:24:16.0062 2528 Disk - ok
11:24:16.0078 2528 dmadmin - ok
11:24:16.0140 2528 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:24:16.0171 2528 dmboot - ok
11:24:16.0234 2528 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:24:16.0234 2528 dmio - ok
11:24:16.0265 2528 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:24:16.0265 2528 dmload - ok
11:24:16.0296 2528 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:24:16.0296 2528 dmserver - ok
11:24:16.0343 2528 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:24:16.0343 2528 DMusic - ok
11:24:16.0375 2528 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:24:16.0375 2528 Dnscache - ok
11:24:16.0421 2528 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:24:16.0421 2528 Dot3svc - ok
11:24:16.0437 2528 dpti2o - ok
11:24:16.0468 2528 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:24:16.0468 2528 drmkaud - ok
11:24:16.0515 2528 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:24:16.0515 2528 EapHost - ok
11:24:16.0515 2528 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:24:16.0515 2528 ERSvc - ok
11:24:16.0578 2528 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:24:16.0578 2528 Eventlog - ok
11:24:16.0640 2528 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:24:16.0640 2528 EventSystem - ok
11:24:16.0671 2528 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:24:16.0687 2528 Fastfat - ok
11:24:16.0718 2528 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:24:16.0750 2528 FastUserSwitchingCompatibility - ok
11:24:16.0796 2528 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:24:16.0796 2528 Fdc - ok
11:24:16.0812 2528 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:24:16.0812 2528 Fips - ok
11:24:16.0843 2528 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:24:16.0843 2528 Flpydisk - ok
11:24:16.0921 2528 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:24:16.0921 2528 FltMgr - ok
11:24:17.0015 2528 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:24:17.0015 2528 FontCache3.0.0.0 - ok
11:24:17.0031 2528 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:24:17.0031 2528 Fs_Rec - ok
11:24:17.0046 2528 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:24:17.0046 2528 Ftdisk - ok
11:24:17.0093 2528 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:24:17.0093 2528 Gpc - ok
11:24:17.0140 2528 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:24:17.0156 2528 HDAudBus - ok
11:24:17.0203 2528 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:24:17.0203 2528 helpsvc - ok
11:24:17.0250 2528 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
11:24:17.0250 2528 HidServ - ok
11:24:17.0296 2528 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:24:17.0312 2528 hidusb - ok
11:24:17.0359 2528 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:24:17.0359 2528 hkmsvc - ok
11:24:17.0375 2528 hpn - ok
11:24:17.0437 2528 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:24:17.0437 2528 HTTP - ok
11:24:17.0500 2528 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:24:17.0500 2528 HTTPFilter - ok
11:24:17.0515 2528 i2omgmt - ok
11:24:17.0531 2528 i2omp - ok
11:24:17.0609 2528 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:24:17.0640 2528 idsvc - ok
11:24:17.0671 2528 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:24:17.0671 2528 Imapi - ok
11:24:17.0718 2528 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:24:17.0718 2528 ImapiService - ok
11:24:17.0734 2528 ini910u - ok
11:24:17.0750 2528 IntelIde - ok
11:24:17.0781 2528 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:24:17.0781 2528 intelppm - ok
11:24:17.0859 2528 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:24:17.0859 2528 Ip6Fw - ok
11:24:17.0921 2528 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:24:17.0921 2528 IpFilterDriver - ok
11:24:17.0953 2528 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:24:17.0953 2528 IpInIp - ok
11:24:18.0000 2528 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:24:18.0000 2528 IpNat - ok
11:24:18.0046 2528 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:24:18.0046 2528 IPSec - ok
11:24:18.0125 2528 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:24:18.0125 2528 IRENUM - ok
11:24:18.0187 2528 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:24:18.0187 2528 isapnp - ok
11:24:18.0218 2528 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:24:18.0218 2528 Kbdclass - ok
11:24:18.0218 2528 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:24:18.0218 2528 kbdhid - ok
11:24:18.0281 2528 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:24:18.0281 2528 kmixer - ok
11:24:18.0312 2528 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:24:18.0312 2528 KSecDD - ok
11:24:18.0343 2528 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:24:18.0343 2528 LanmanServer - ok
11:24:18.0406 2528 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:24:18.0406 2528 lanmanworkstation - ok
11:24:18.0421 2528 lbrtfdc - ok
11:24:18.0468 2528 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:24:18.0468 2528 LmHosts - ok
11:24:18.0578 2528 LMIGuardianSvc (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
11:24:18.0593 2528 LMIGuardianSvc - ok
11:24:18.0640 2528 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
11:24:18.0640 2528 LMIInfo - ok
11:24:18.0656 2528 LMIMaint (b9c127273eaba403311854a8dcb6d0aa) C:\Program Files\LogMeIn\x86\RaMaint.exe
11:24:18.0656 2528 LMIMaint - ok
11:24:18.0703 2528 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
11:24:18.0703 2528 lmimirr - ok
11:24:18.0718 2528 LMIRfsClientNP - ok
11:24:18.0718 2528 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
11:24:18.0734 2528 LMIRfsDriver - ok
11:24:18.0781 2528 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
11:24:18.0796 2528 LogMeIn - ok
11:24:18.0843 2528 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:24:18.0843 2528 Messenger - ok
11:24:18.0875 2528 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:24:18.0875 2528 mnmdd - ok
11:24:18.0921 2528 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:24:18.0921 2528 mnmsrvc - ok
11:24:19.0000 2528 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:24:19.0000 2528 Modem - ok
11:24:19.0046 2528 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:24:19.0046 2528 Mouclass - ok
11:24:19.0078 2528 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:24:19.0078 2528 mouhid - ok
11:24:19.0140 2528 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:24:19.0140 2528 MountMgr - ok
11:24:19.0156 2528 mraid35x - ok
11:24:19.0171 2528 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:24:19.0171 2528 MRxDAV - ok
11:24:19.0234 2528 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:24:19.0250 2528 MRxSmb - ok
11:24:19.0312 2528 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:24:19.0312 2528 MSDTC - ok
11:24:19.0328 2528 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:24:19.0328 2528 Msfs - ok
11:24:19.0328 2528 MSIServer - ok
11:24:19.0375 2528 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:24:19.0375 2528 MSKSSRV - ok
11:24:19.0406 2528 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:24:19.0406 2528 MSPCLOCK - ok
11:24:19.0421 2528 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:24:19.0421 2528 MSPQM - ok
11:24:19.0468 2528 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:24:19.0468 2528 mssmbios - ok
11:24:19.0515 2528 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:24:19.0515 2528 Mup - ok
11:24:19.0593 2528 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:24:19.0593 2528 napagent - ok
11:24:19.0609 2528 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:24:19.0625 2528 NDIS - ok
11:24:19.0656 2528 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:24:19.0656 2528 NdisTapi - ok
11:24:19.0687 2528 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:24:19.0687 2528 Ndisuio - ok
11:24:19.0703 2528 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:24:19.0703 2528 NdisWan - ok
11:24:19.0750 2528 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:24:19.0750 2528 NDProxy - ok
11:24:19.0750 2528 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:24:19.0750 2528 NetBIOS - ok
11:24:19.0796 2528 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:24:19.0796 2528 NetBT - ok
11:24:19.0843 2528 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:24:19.0843 2528 NetDDE - ok
11:24:19.0859 2528 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:24:19.0859 2528 NetDDEdsdm - ok
11:24:19.0906 2528 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:24:19.0906 2528 Netlogon - ok
11:24:19.0937 2528 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:24:19.0937 2528 Netman - ok
11:24:20.0062 2528 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:24:20.0062 2528 NetTcpPortSharing - ok
11:24:20.0156 2528 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:24:20.0171 2528 Nla - ok
11:24:20.0203 2528 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:24:20.0203 2528 Npfs - ok
11:24:20.0250 2528 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:24:20.0265 2528 Ntfs - ok
11:24:20.0281 2528 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:24:20.0281 2528 NtLmSsp - ok
11:24:20.0328 2528 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:24:20.0343 2528 NtmsSvc - ok
11:24:20.0406 2528 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:24:20.0406 2528 Null - ok
11:24:20.0671 2528 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:24:20.0859 2528 nv - ok
11:24:20.0921 2528 NVSvc (9fe764d5eecca13b0932fab81a4a5a6f) C:\WINDOWS\system32\nvsvc32.exe
11:24:20.0921 2528 NVSvc - ok
11:24:21.0015 2528 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:24:21.0015 2528 NwlnkFlt - ok
11:24:21.0031 2528 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:24:21.0031 2528 NwlnkFwd - ok
11:24:21.0125 2528 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:24:21.0125 2528 ose - ok
11:24:21.0390 2528 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:24:21.0500 2528 osppsvc - ok
11:24:21.0562 2528 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:24:21.0562 2528 Parport - ok
11:24:21.0625 2528 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:24:21.0625 2528 PartMgr - ok
11:24:21.0640 2528 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:24:21.0640 2528 ParVdm - ok
11:24:21.0671 2528 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:24:21.0671 2528 PCI - ok
11:24:21.0703 2528 PCIDump - ok
11:24:21.0734 2528 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:24:21.0734 2528 PCIIde - ok
11:24:22.0015 2528 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:24:22.0015 2528 Pcmcia - ok
11:24:22.0031 2528 PDCOMP - ok
11:24:22.0046 2528 PDFRAME - ok
11:24:22.0046 2528 PDRELI - ok
11:24:22.0062 2528 PDRFRAME - ok
11:24:22.0062 2528 perc2 - ok
11:24:22.0078 2528 perc2hib - ok
11:24:22.0125 2528 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:24:22.0140 2528 PlugPlay - ok
11:24:22.0156 2528 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:24:22.0156 2528 PolicyAgent - ok
11:24:22.0171 2528 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:24:22.0171 2528 PptpMiniport - ok
11:24:22.0187 2528 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:24:22.0187 2528 ProtectedStorage - ok
11:24:22.0187 2528 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:24:22.0203 2528 PSched - ok
11:24:22.0234 2528 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:24:22.0234 2528 Ptilink - ok
11:24:22.0234 2528 ql1080 - ok
11:24:22.0250 2528 Ql10wnt - ok
11:24:22.0265 2528 ql12160 - ok
11:24:22.0265 2528 ql1240 - ok
11:24:22.0281 2528 ql1280 - ok
11:24:22.0312 2528 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:24:22.0312 2528 RasAcd - ok
11:24:22.0343 2528 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:24:22.0343 2528 RasAuto - ok
11:24:22.0390 2528 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:24:22.0390 2528 Rasl2tp - ok
11:24:22.0406 2528 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:24:22.0406 2528 RasMan - ok
11:24:22.0421 2528 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:24:22.0421 2528 RasPppoe - ok
11:24:22.0437 2528 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:24:22.0437 2528 Raspti - ok
11:24:22.0453 2528 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:24:22.0453 2528 Rdbss - ok
11:24:22.0468 2528 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:24:22.0468 2528 RDPCDD - ok
11:24:22.0531 2528 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:24:22.0531 2528 rdpdr - ok
11:24:22.0578 2528 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
11:24:22.0593 2528 RDPWD - ok
11:24:22.0671 2528 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:24:22.0671 2528 RDSessMgr - ok
11:24:22.0750 2528 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:24:22.0750 2528 redbook - ok
11:24:22.0828 2528 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:24:22.0828 2528 RemoteAccess - ok
11:24:22.0890 2528 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
11:24:22.0890 2528 RemoteRegistry - ok
11:24:22.0937 2528 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:24:22.0953 2528 RpcLocator - ok
11:24:23.0000 2528 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
11:24:23.0000 2528 RpcSs - ok
11:24:23.0062 2528 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:24:23.0062 2528 RSVP - ok
11:24:23.0156 2528 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:24:23.0156 2528 SamSs - ok
11:24:23.0234 2528 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:24:23.0250 2528 SCardSvr - ok
11:24:23.0296 2528 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:24:23.0312 2528 Schedule - ok
11:24:23.0390 2528 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:24:23.0390 2528 Secdrv - ok
11:24:23.0437 2528 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:24:23.0453 2528 seclogon - ok
11:24:23.0515 2528 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
11:24:23.0515 2528 SenFiltService - ok
11:24:23.0562 2528 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:24:23.0562 2528 SENS - ok
11:24:23.0625 2528 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:24:23.0625 2528 serenum - ok
11:24:23.0640 2528 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:24:23.0640 2528 Serial - ok
11:24:23.0656 2528 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:24:23.0656 2528 Sfloppy - ok
11:24:23.0718 2528 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:24:23.0718 2528 SharedAccess - ok
11:24:23.0765 2528 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:24:23.0765 2528 ShellHWDetection - ok
11:24:23.0781 2528 Simbad - ok
11:24:23.0796 2528 Sparrow - ok
11:24:23.0828 2528 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:24:23.0843 2528 splitter - ok
11:24:23.0890 2528 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:24:23.0890 2528 Spooler - ok
11:24:23.0953 2528 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:24:23.0953 2528 sr - ok
11:24:23.0984 2528 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:24:24.0000 2528 srservice - ok
11:24:24.0062 2528 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:24:24.0078 2528 Srv - ok
11:24:24.0125 2528 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:24:24.0125 2528 SSDPSRV - ok
11:24:24.0187 2528 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:24:24.0203 2528 stisvc - ok
11:24:24.0250 2528 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:24:24.0250 2528 swenum - ok
11:24:24.0296 2528 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:24:24.0296 2528 swmidi - ok
11:24:24.0343 2528 SwPrv - ok
11:24:24.0406 2528 symc810 - ok
11:24:24.0421 2528 symc8xx - ok
11:24:24.0437 2528 sym_hi - ok
11:24:24.0437 2528 sym_u3 - ok
11:24:24.0453 2528 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:24:24.0453 2528 sysaudio - ok
11:24:24.0531 2528 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:24:24.0531 2528 SysmonLog - ok
11:24:24.0562 2528 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:24:24.0578 2528 TapiSrv - ok
11:24:24.0640 2528 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:24:24.0656 2528 Tcpip - ok
11:24:24.0703 2528 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:24:24.0703 2528 TDPIPE - ok
11:24:24.0718 2528 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:24:24.0718 2528 TDTCP - ok
11:24:24.0781 2528 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:24:24.0781 2528 TermDD - ok
11:24:24.0843 2528 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:24:24.0859 2528 TermService - ok
11:24:24.0906 2528 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:24:24.0906 2528 Themes - ok
11:24:24.0953 2528 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
11:24:24.0953 2528 TlntSvr - ok
11:24:24.0984 2528 TosIde - ok
11:24:25.0046 2528 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:24:25.0046 2528 TrkWks - ok
11:24:25.0093 2528 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:24:25.0109 2528 Udfs - ok
11:24:25.0109 2528 ultra - ok
11:24:25.0171 2528 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:24:25.0187 2528 Update - ok
11:24:25.0250 2528 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:24:25.0265 2528 upnphost - ok
11:24:25.0359 2528 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:24:25.0359 2528 UPS - ok
11:24:25.0437 2528 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:24:25.0437 2528 usbccgp - ok
11:24:25.0500 2528 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:24:25.0500 2528 usbehci - ok
11:24:25.0515 2528 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:24:25.0515 2528 usbhub - ok
11:24:25.0562 2528 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:24:25.0562 2528 usbohci - ok
11:24:25.0625 2528 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:24:25.0625 2528 usbscan - ok
11:24:25.0656 2528 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:24:25.0656 2528 USBSTOR - ok
11:24:25.0687 2528 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:24:25.0687 2528 VgaSave - ok
11:24:25.0703 2528 ViaIde - ok
11:24:25.0781 2528 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:24:25.0781 2528 VolSnap - ok
11:24:25.0828 2528 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:24:25.0843 2528 VSS - ok
11:24:25.0906 2528 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:24:25.0906 2528 W32Time - ok
11:24:25.0953 2528 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:24:25.0968 2528 Wanarp - ok
11:24:25.0968 2528 WDICA - ok
11:24:26.0031 2528 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:24:26.0031 2528 wdmaud - ok
11:24:26.0093 2528 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:24:26.0109 2528 WebClient - ok
11:24:26.0203 2528 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:24:26.0203 2528 winmgmt - ok
11:24:26.0265 2528 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
11:24:26.0265 2528 WmdmPmSN - ok
11:24:26.0343 2528 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
11:24:26.0375 2528 Wmi - ok
11:24:26.0421 2528 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:24:26.0437 2528 WmiApSrv - ok
11:24:26.0515 2528 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:24:26.0515 2528 WS2IFSL - ok
11:24:26.0578 2528 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:24:26.0578 2528 wscsvc - ok
11:24:26.0671 2528 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:24:26.0671 2528 wuauserv - ok
11:24:26.0718 2528 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:24:26.0734 2528 WZCSVC - ok
11:24:26.0796 2528 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:24:26.0812 2528 xmlprov - ok
11:24:26.0859 2528 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:24:27.0046 2528 \Device\Harddisk0\DR0 - ok
11:24:27.0062 2528 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR3
11:24:29.0609 2528 \Device\Harddisk1\DR3 - ok
11:24:29.0609 2528 Boot (0x1200) (48a8a9f24fce80d85fc1cbafa00774ea) \Device\Harddisk0\DR0\Partition0
11:24:29.0625 2528 \Device\Harddisk0\DR0\Partition0 - ok
11:24:29.0625 2528 Boot (0x1200) (5cb2e65f08ab1aab413e2072ff44fa89) \Device\Harddisk1\DR3\Partition0
11:24:29.0625 2528 \Device\Harddisk1\DR3\Partition0 - ok
11:24:29.0625 2528 ============================================================
11:24:29.0625 2528 Scan finished
11:24:29.0625 2528 ============================================================
11:24:29.0640 2128 Detected object count: 0
11:24:29.0640 2128 Actual detected object count: 0
11:25:16.0859 2788 ============================================================
11:25:16.0859 2788 Scan started
11:25:16.0859 2788 Mode: Manual;
11:25:16.0859 2788 ============================================================
11:25:17.0078 2788 Abiosdsk - ok
11:25:17.0093 2788 abp480n5 - ok
11:25:17.0140 2788 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:25:17.0156 2788 ACPI - ok
11:25:17.0218 2788 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:25:17.0218 2788 ACPIEC - ok
11:25:17.0281 2788 ADIHdAudAddService (f959f333a01f5c109e9d644c3bd8301c) C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:25:17.0281 2788 ADIHdAudAddService - ok
11:25:17.0343 2788 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:25:17.0343 2788 AdobeFlashPlayerUpdateSvc - ok
11:25:17.0343 2788 adpu160m - ok
11:25:17.0406 2788 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:25:17.0406 2788 aec - ok
11:25:17.0468 2788 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:25:17.0468 2788 AFD - ok
11:25:17.0500 2788 Aha154x - ok
11:25:17.0500 2788 aic78u2 - ok
11:25:17.0515 2788 aic78xx - ok
11:25:17.0562 2788 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:25:17.0562 2788 Alerter - ok
11:25:17.0593 2788 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:25:17.0593 2788 ALG - ok
11:25:17.0593 2788 AliIde - ok
11:25:17.0609 2788 amsint - ok
11:25:17.0640 2788 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
11:25:17.0640 2788 AppMgmt - ok
11:25:17.0656 2788 asc - ok
11:25:17.0671 2788 asc3350p - ok
11:25:17.0671 2788 asc3550 - ok
11:25:17.0765 2788 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:25:17.0765 2788 aspnet_state - ok
11:25:17.0812 2788 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:25:17.0812 2788 AsyncMac - ok
11:25:17.0828 2788 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:25:17.0828 2788 atapi - ok
11:25:17.0828 2788 Atdisk - ok
11:25:17.0875 2788 atiide (1842b56b3d3f195c36f62708d266b95e) C:\WINDOWS\system32\DRIVERS\atiide.sys
11:25:17.0875 2788 atiide - ok
11:25:17.0875 2788 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:25:17.0875 2788 Atmarpc - ok
11:25:17.0921 2788 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:25:17.0921 2788 AudioSrv - ok
11:25:17.0984 2788 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:25:17.0984 2788 audstub - ok
11:25:18.0296 2788 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files\AVG\AVG2012\avgidsagent.exe
11:25:18.0328 2788 AVGIDSAgent - ok
11:25:18.0375 2788 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
11:25:18.0375 2788 AVGIDSDriver - ok
11:25:18.0406 2788 AVGIDSEH (f4050c31e6a83cf1e4cdc80d165f7f08) C:\WINDOWS\system32\DRIVERS\avgidsehx.sys
11:25:18.0406 2788 AVGIDSEH - ok
11:25:18.0421 2788 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
11:25:18.0437 2788 AVGIDSFilter - ok
11:25:18.0437 2788 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
11:25:18.0453 2788 AVGIDSShim - ok
11:25:18.0468 2788 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
11:25:18.0468 2788 Avgldx86 - ok
11:25:18.0500 2788 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
11:25:18.0500 2788 Avgmfx86 - ok
11:25:18.0531 2788 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
11:25:18.0531 2788 Avgrkx86 - ok
11:25:18.0546 2788 Avgtdix (b2fc9d4de6a2e57a4dfb5a11440c5b85) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
11:25:18.0546 2788 Avgtdix - ok
11:25:18.0593 2788 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
11:25:18.0593 2788 avgwd - ok
11:25:18.0671 2788 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
11:25:18.0671 2788 BANTExt - ok
11:25:18.0718 2788 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
11:25:18.0718 2788 bcm4sbxp - ok
11:25:18.0781 2788 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:25:18.0781 2788 Beep - ok
11:25:18.0859 2788 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:25:18.0859 2788 BITS - ok
11:25:18.0921 2788 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:25:18.0921 2788 Browser - ok
11:25:19.0093 2788 catchme - ok
11:25:19.0156 2788 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:25:19.0171 2788 cbidf2k - ok
11:25:19.0171 2788 cd20xrnt - ok
11:25:19.0234 2788 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:25:19.0234 2788 Cdaudio - ok
11:25:19.0265 2788 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:25:19.0265 2788 Cdfs - ok
11:25:19.0296 2788 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:25:19.0296 2788 Cdrom - ok
11:25:19.0312 2788 cerc6 - ok
11:25:19.0328 2788 Changer - ok
11:25:19.0359 2788 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:25:19.0359 2788 CiSvc - ok
11:25:19.0375 2788 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:25:19.0375 2788 ClipSrv - ok
11:25:19.0484 2788 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:25:19.0484 2788 clr_optimization_v2.0.50727_32 - ok
11:25:19.0500 2788 CmdIde - ok
11:25:19.0500 2788 COMSysApp - ok
11:25:19.0515 2788 Cpqarray - ok
11:25:19.0562 2788 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:25:19.0578 2788 CryptSvc - ok
11:25:19.0593 2788 dac2w2k - ok
11:25:19.0609 2788 dac960nt - ok
11:25:19.0671 2788 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:25:19.0671 2788 DcomLaunch - ok
11:25:19.0734 2788 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:25:19.0734 2788 Dhcp - ok
11:25:19.0781 2788 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:25:19.0781 2788 Disk - ok
11:25:19.0781 2788 dmadmin - ok
11:25:19.0859 2788 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:25:19.0875 2788 dmboot - ok
11:25:19.0937 2788 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:25:19.0937 2788 dmio - ok
11:25:19.0968 2788 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:25:19.0968 2788 dmload - ok
11:25:20.0000 2788 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:25:20.0000 2788 dmserver - ok
11:25:20.0046 2788 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:25:20.0046 2788 DMusic - ok
11:25:20.0078 2788 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:25:20.0078 2788 Dnscache - ok
11:25:20.0125 2788 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:25:20.0125 2788 Dot3svc - ok
11:25:20.0140 2788 dpti2o - ok
11:25:20.0171 2788 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:25:20.0187 2788 drmkaud - ok
11:25:20.0218 2788 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:25:20.0218 2788 EapHost - ok
11:25:20.0234 2788 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:25:20.0234 2788 ERSvc - ok
11:25:20.0296 2788 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:25:20.0296 2788 Eventlog - ok
11:25:20.0343 2788 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:25:20.0359 2788 EventSystem - ok
11:25:20.0359 2788 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:25:20.0359 2788 Fastfat - ok
11:25:20.0421 2788 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:25:20.0421 2788 FastUserSwitchingCompatibility - ok
11:25:20.0437 2788 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:25:20.0437 2788 Fdc - ok
11:25:20.0484 2788 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:25:20.0484 2788 Fips - ok
11:25:20.0515 2788 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:25:20.0515 2788 Flpydisk - ok
11:25:20.0562 2788 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:25:20.0562 2788 FltMgr - ok
11:25:20.0671 2788 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:25:20.0671 2788 FontCache3.0.0.0 - ok
11:25:20.0718 2788 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:25:20.0718 2788 Fs_Rec - ok
11:25:20.0750 2788 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:25:20.0750 2788 Ftdisk - ok
11:25:20.0812 2788 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:25:20.0812 2788 Gpc - ok
11:25:20.0875 2788 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:25:20.0875 2788 HDAudBus - ok
11:25:20.0906 2788 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:25:20.0906 2788 helpsvc - ok
11:25:20.0984 2788 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
11:25:20.0984 2788 HidServ - ok
11:25:21.0046 2788 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:25:21.0046 2788 hidusb - ok
11:25:21.0109 2788 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:25:21.0109 2788 hkmsvc - ok
11:25:21.0140 2788 hpn - ok
11:25:21.0203 2788 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:25:21.0203 2788 HTTP - ok
11:25:21.0265 2788 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:25:21.0281 2788 HTTPFilter - ok
11:25:21.0281 2788 i2omgmt - ok
11:25:21.0296 2788 i2omp - ok
11:25:21.0375 2788 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:25:21.0390 2788 idsvc - ok
11:25:21.0421 2788 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:25:21.0421 2788 Imapi - ok
11:25:21.0468 2788 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:25:21.0468 2788 ImapiService - ok
11:25:21.0484 2788 ini910u - ok
11:25:21.0500 2788 IntelIde - ok
11:25:21.0515 2788 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:25:21.0515 2788 intelppm - ok
11:25:21.0562 2788 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:25:21.0562 2788 Ip6Fw - ok
11:25:21.0640 2788 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:25:21.0640 2788 IpFilterDriver - ok
11:25:21.0656 2788 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:25:21.0656 2788 IpInIp - ok
11:25:21.0718 2788 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:25:21.0718 2788 IpNat - ok
11:25:21.0765 2788 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:25:21.0765 2788 IPSec - ok
11:25:21.0828 2788 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:25:21.0828 2788 IRENUM - ok
11:25:21.0906 2788 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:25:21.0906 2788 isapnp - ok
11:25:21.0921 2788 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:25:21.0921 2788 Kbdclass - ok
11:25:21.0968 2788 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:25:21.0968 2788 kbdhid - ok
11:25:22.0015 2788 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:25:22.0015 2788 kmixer - ok
11:25:22.0046 2788 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:25:22.0062 2788 KSecDD - ok
11:25:22.0093 2788 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:25:22.0093 2788 LanmanServer - ok
11:25:22.0156 2788 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:25:22.0156 2788 lanmanworkstation - ok
11:25:22.0171 2788 lbrtfdc - ok
11:25:22.0218 2788 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:25:22.0218 2788 LmHosts - ok
11:25:22.0375 2788 LMIGuardianSvc (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
11:25:22.0375 2788 LMIGuardianSvc - ok
11:25:22.0421 2788 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
11:25:22.0421 2788 LMIInfo - ok
11:25:22.0437 2788 LMIMaint (b9c127273eaba403311854a8dcb6d0aa) C:\Program Files\LogMeIn\x86\RaMaint.exe
11:25:22.0437 2788 LMIMaint - ok
11:25:22.0484 2788 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
11:25:22.0484 2788 lmimirr - ok
11:25:22.0500 2788 LMIRfsClientNP - ok
11:25:22.0531 2788 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
11:25:22.0531 2788 LMIRfsDriver - ok
11:25:22.0562 2788 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
11:25:22.0578 2788 LogMeIn - ok
11:25:22.0609 2788 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:25:22.0609 2788 Messenger - ok
11:25:22.0640 2788 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:25:22.0640 2788 mnmdd - ok
11:25:22.0687 2788 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:25:22.0687 2788 mnmsrvc - ok
11:25:22.0765 2788 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:25:22.0765 2788 Modem - ok
11:25:22.0812 2788 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:25:22.0812 2788 Mouclass - ok
11:25:22.0859 2788 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:25:22.0859 2788 mouhid - ok
11:25:22.0906 2788 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:25:22.0906 2788 MountMgr - ok
11:25:22.0906 2788 mraid35x - ok
11:25:22.0921 2788 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:25:22.0921 2788 MRxDAV - ok
11:25:22.0984 2788 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:25:23.0000 2788 MRxSmb - ok
11:25:23.0031 2788 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:25:23.0031 2788 MSDTC - ok
11:25:23.0046 2788 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:25:23.0046 2788 Msfs - ok
11:25:23.0062 2788 MSIServer - ok
11:25:23.0109 2788 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:25:23.0109 2788 MSKSSRV - ok
11:25:23.0156 2788 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:25:23.0156 2788 MSPCLOCK - ok
11:25:23.0171 2788 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:25:23.0171 2788 MSPQM - ok
11:25:23.0250 2788 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:25:23.0250 2788 mssmbios - ok
11:25:23.0281 2788 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:25:23.0281 2788 Mup - ok
11:25:23.0343 2788 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:25:23.0343 2788 napagent - ok
11:25:23.0359 2788 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:25:23.0359 2788 NDIS - ok
11:25:23.0406 2788 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:25:23.0406 2788 NdisTapi - ok
11:25:23.0437 2788 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:25:23.0437 2788 Ndisuio - ok
11:25:23.0468 2788 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:25:23.0468 2788 NdisWan - ok
11:25:23.0500 2788 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:25:23.0500 2788 NDProxy - ok
11:25:23.0515 2788 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:25:23.0515 2788 NetBIOS - ok
11:25:23.0546 2788 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:25:23.0562 2788 NetBT - ok
11:25:23.0593 2788 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:25:23.0593 2788 NetDDE - ok
11:25:23.0593 2788 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:25:23.0593 2788 NetDDEdsdm - ok
11:25:23.0656 2788 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:25:23.0656 2788 Netlogon - ok
11:25:23.0687 2788 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:25:23.0687 2788 Netman - ok
11:25:23.0812 2788 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:25:23.0812 2788 NetTcpPortSharing - ok
11:25:23.0875 2788 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:25:23.0875 2788 Nla - ok
11:25:23.0937 2788 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:25:23.0937 2788 Npfs - ok
11:25:23.0968 2788 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:25:23.0984 2788 Ntfs - ok
11:25:23.0984 2788 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:25:23.0984 2788 NtLmSsp - ok
11:25:24.0046 2788 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:25:24.0046 2788 NtmsSvc - ok
11:25:24.0140 2788 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:25:24.0140 2788 Null - ok
11:25:24.0406 2788 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:25:24.0453 2788 nv - ok
11:25:24.0531 2788 NVSvc (9fe764d5eecca13b0932fab81a4a5a6f) C:\WINDOWS\system32\nvsvc32.exe
11:25:24.0531 2788 NVSvc - ok
11:25:24.0593 2788 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:25:24.0593 2788 NwlnkFlt - ok
11:25:24.0609 2788 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:25:24.0609 2788 NwlnkFwd - ok
11:25:24.0703 2788 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:25:24.0703 2788 ose - ok
11:25:24.0968 2788 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:25:25.0015 2788 osppsvc - ok
11:25:25.0062 2788 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:25:25.0062 2788 Parport - ok
11:25:25.0062 2788 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:25:25.0062 2788 PartMgr - ok
11:25:25.0078 2788 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:25:25.0078 2788 ParVdm - ok
11:25:25.0125 2788 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:25:25.0125 2788 PCI - ok
11:25:25.0125 2788 PCIDump - ok
11:25:25.0140 2788 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:25:25.0140 2788 PCIIde - ok
11:25:25.0203 2788 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:25:25.0203 2788 Pcmcia - ok
11:25:25.0234 2788 PDCOMP - ok
11:25:25.0250 2788 PDFRAME - ok
11:25:25.0250 2788 PDRELI - ok
11:25:25.0265 2788 PDRFRAME - ok
11:25:25.0265 2788 perc2 - ok
11:25:25.0281 2788 perc2hib - ok
11:25:25.0343 2788 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:25:25.0343 2788 PlugPlay - ok
11:25:25.0406 2788 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:25:25.0406 2788 PolicyAgent - ok
11:25:25.0453 2788 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:25:25.0453 2788 PptpMiniport - ok
11:25:25.0468 2788 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:25:25.0468 2788 ProtectedStorage - ok
11:25:25.0484 2788 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:25:25.0484 2788 PSched - ok
11:25:25.0515 2788 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:25:25.0515 2788 Ptilink - ok
11:25:25.0531 2788 ql1080 - ok
11:25:25.0531 2788 Ql10wnt - ok
11:25:25.0546 2788 ql12160 - ok
11:25:25.0546 2788 ql1240 - ok
11:25:25.0562 2788 ql1280 - ok
11:25:25.0578 2788 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:25:25.0578 2788 RasAcd - ok
11:25:25.0609 2788 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:25:25.0625 2788 RasAuto - ok
11:25:25.0703 2788 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:25:25.0703 2788 Rasl2tp - ok
11:25:25.0734 2788 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:25:25.0734 2788 RasMan - ok
11:25:25.0781 2788 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:25:25.0781 2788 RasPppoe - ok
11:25:25.0796 2788 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:25:25.0796 2788 Raspti - ok
11:25:25.0828 2788 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:25:25.0843 2788 Rdbss - ok
11:25:25.0890 2788 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:25:25.0890 2788 RDPCDD - ok
11:25:25.0953 2788 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:25:25.0953 2788 rdpdr - ok
11:25:26.0015 2788 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
11:25:26.0015 2788 RDPWD - ok
11:25:26.0093 2788 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:25:26.0093 2788 RDSessMgr - ok
11:25:26.0156 2788 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:25:26.0156 2788 redbook - ok
11:25:26.0218 2788 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:25:26.0218 2788 RemoteAccess - ok
11:25:26.0281 2788 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
11:25:26.0296 2788 RemoteRegistry - ok
11:25:26.0359 2788 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:25:26.0359 2788 RpcLocator - ok
11:25:26.0390 2788 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
11:25:26.0406 2788 RpcSs - ok
11:25:26.0468 2788 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:25:26.0468 2788 RSVP - ok
11:25:26.0500 2788 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:25:26.0500 2788 SamSs - ok
11:25:26.0562 2788 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:25:26.0562 2788 SCardSvr - ok
11:25:26.0640 2788 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:25:26.0656 2788 Schedule - ok
11:25:26.0687 2788 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:25:26.0687 2788 Secdrv - ok
11:25:26.0734 2788 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:25:26.0734 2788 seclogon - ok
11:25:26.0812 2788 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
11:25:26.0812 2788 SenFiltService - ok
11:25:26.0859 2788 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:25:26.0875 2788 SENS - ok
11:25:26.0937 2788 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:25:26.0937 2788 serenum - ok
11:25:26.0953 2788 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:25:26.0953 2788 Serial - ok
11:25:26.0968 2788 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:25:26.0968 2788 Sfloppy - ok
11:25:27.0031 2788 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:25:27.0031 2788 SharedAccess - ok
11:25:27.0078 2788 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:25:27.0078 2788 ShellHWDetection - ok
11:25:27.0093 2788 Simbad - ok
11:25:27.0109 2788 Sparrow - ok
11:25:27.0125 2788 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:25:27.0125 2788 splitter - ok
11:25:27.0187 2788 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:25:27.0187 2788 Spooler - ok
11:25:27.0203 2788 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:25:27.0218 2788 sr - ok
11:25:27.0234 2788 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:25:27.0234 2788 srservice - ok
11:25:27.0281 2788 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:25:27.0281 2788 Srv - ok
11:25:27.0359 2788 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:25:27.0359 2788 SSDPSRV - ok
11:25:27.0406 2788 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:25:27.0406 2788 stisvc - ok
11:25:27.0437 2788 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:25:27.0437 2788 swenum - ok
11:25:27.0453 2788 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:25:27.0453 2788 swmidi - ok
11:25:27.0468 2788 SwPrv - ok
11:25:27.0484 2788 symc810 - ok
11:25:27.0500 2788 symc8xx - ok
11:25:27.0515 2788 sym_hi - ok
11:25:27.0515 2788 sym_u3 - ok
11:25:27.0531 2788 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:25:27.0531 2788 sysaudio - ok
11:25:27.0593 2788 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:25:27.0609 2788 SysmonLog - ok
11:25:27.0640 2788 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:25:27.0640 2788 TapiSrv - ok
11:25:27.0750 2788 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:25:27.0750 2788 Tcpip - ok
11:25:27.0812 2788 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:25:27.0812 2788 TDPIPE - ok
11:25:27.0828 2788 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:25:27.0828 2788 TDTCP - ok
11:25:27.0875 2788 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:25:27.0875 2788 TermDD - ok
11:25:27.0921 2788 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:25:27.0921 2788 TermService - ok
11:25:27.0984 2788 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:25:27.0984 2788 Themes - ok
11:25:28.0015 2788 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
11:25:28.0015 2788 TlntSvr - ok
11:25:28.0015 2788 TosIde - ok
11:25:28.0093 2788 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:25:28.0093 2788 TrkWks - ok
11:25:28.0140 2788 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:25:28.0140 2788 Udfs - ok
11:25:28.0156 2788 ultra - ok
11:25:28.0218 2788 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:25:28.0218 2788 Update - ok
11:25:28.0296 2788 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:25:28.0296 2788 upnphost - ok
11:25:28.0343 2788 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:25:28.0359 2788 UPS - ok
11:25:28.0406 2788 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:25:28.0406 2788 usbccgp - ok
11:25:28.0468 2788 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:25:28.0468 2788 usbehci - ok
11:25:28.0500 2788 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:25:28.0500 2788 usbhub - ok
11:25:28.0531 2788 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:25:28.0531 2788 usbohci - ok
11:25:28.0578 2788 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:25:28.0578 2788 usbscan - ok
11:25:28.0609 2788 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:25:28.0625 2788 USBSTOR - ok
11:25:28.0656 2788 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:25:28.0656 2788 VgaSave - ok
11:25:28.0671 2788 ViaIde - ok
11:25:28.0687 2788 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:25:28.0687 2788 VolSnap - ok
11:25:28.0718 2788 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:25:28.0734 2788 VSS - ok
11:25:28.0828 2788 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:25:28.0828 2788 W32Time - ok
11:25:28.0875 2788 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:25:28.0875 2788 Wanarp - ok
11:25:28.0890 2788 WDICA - ok
11:25:28.0953 2788 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:25:28.0953 2788 wdmaud - ok
11:25:29.0000 2788 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:25:29.0000 2788 WebClient - ok
11:25:29.0046 2788 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:25:29.0046 2788 winmgmt - ok
11:25:29.0125 2788 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
11:25:29.0125 2788 WmdmPmSN - ok
11:25:29.0203 2788 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
11:25:29.0203 2788 Wmi - ok
11:25:29.0265 2788 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:25:29.0281 2788 WmiApSrv - ok
11:25:29.0328 2788 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:25:29.0328 2788 WS2IFSL - ok
11:25:29.0359 2788 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:25:29.0359 2788 wscsvc - ok
11:25:29.0421 2788 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:25:29.0421 2788 wuauserv - ok
11:25:29.0453 2788 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:25:29.0468 2788 WZCSVC - ok
11:25:29.0531 2788 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:25:29.0531 2788 xmlprov - ok
11:25:29.0562 2788 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:25:29.0718 2788 \Device\Harddisk0\DR0 - ok
11:25:29.0734 2788 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR3
11:25:32.0375 2788 \Device\Harddisk1\DR3 - ok
11:25:32.0390 2788 Boot (0x1200) (48a8a9f24fce80d85fc1cbafa00774ea) \Device\Harddisk0\DR0\Partition0
11:25:32.0390 2788 \Device\Harddisk0\DR0\Partition0 - ok
11:25:32.0390 2788 Boot (0x1200) (5cb2e65f08ab1aab413e2072ff44fa89) \Device\Harddisk1\DR3\Partition0
11:25:32.0390 2788 \Device\Harddisk1\DR3\Partition0 - ok
11:25:32.0390 2788 ============================================================
11:25:32.0390 2788 Scan finished
11:25:32.0390 2788 ============================================================
11:25:32.0406 3632 Detected object count: 0
11:25:32.0406 3632 Actual detected object count: 0

#8 Victoria GN

Victoria GN
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 12 April 2012 - 11:06 AM

Also the redirect happened again.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:50 PM

Posted 12 April 2012 - 01:15 PM

Hello


I would like to know which browsers are redirecting, EX.. firefox, Chrome or IE



please check all that are installed on the computer. and let me know



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Victoria GN

Victoria GN
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 12 April 2012 - 02:41 PM

I only have Firefox and Explorer installed. I mainly use Firefox. It is happening on Firefox still but not every time. I did some searches on Explorer and I didn't get any redirects.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:50 PM

Posted 12 April 2012 - 04:44 PM

Hello


I want you to uninstall FireFox and when asked about user data or settings then remove that also


reinstall firefox and see if it still redirects



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:50 PM

Posted 15 April 2012 - 12:00 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Victoria GN

Victoria GN
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 16 April 2012 - 11:02 AM

Sorry Gringo. I was away for a couple of days. I just uninstalled Firefox and reinstalled it. I will keep you posted if I receive the redirect. Thanks so much!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:50 PM

Posted 16 April 2012 - 08:07 PM

Greetings

OK let me know how things are going

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Victoria GN

Victoria GN
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 17 April 2012 - 01:32 PM

Everything is running fine. No more redirects and the computer is good after the script. Here is the log:

ComboFix 12-04-11.03 - Victoria Weeks 04/17/2012 14:23:02.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.645 [GMT -4:00]
Running from: c:\documents and settings\Victoria Weeks\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Victoria Weeks\Desktop\CFScript.txt
AV: AVG Anti-Virus Business Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-03 16:15 . 2012-04-10 15:01 -------- d-----w- C:\DtxTemp
2012-03-29 19:39 . 2012-03-29 19:40 -------- d-----w- C:\EPSONREG
2012-03-29 19:17 . 2012-03-29 19:17 -------- d-----w- C:\$AVG
2012-03-28 22:45 . 2012-03-28 22:45 -------- d-----r- C:\MSOCache
2012-03-28 22:22 . 2012-03-28 22:22 -------- d-----w- C:\523cac2ed82e568637c404
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 11:01 . 2008-04-13 23:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-13 23:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-13 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-13 23:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-13 23:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-13 23:00 385024 ------w- c:\windows\system32\html.iec
2012-02-22 10:25 . 2012-02-22 10:25 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 10:25 . 2012-02-22 10:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22 . 2008-04-13 23:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 09:46 . 2012-01-31 09:46 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-03-13 04:39 . 2012-04-16 15:00 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-11_21.40.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-13 23:00 . 2012-04-12 07:05 68156 c:\windows\system32\perfc009.dat
- 2008-04-13 23:00 . 2012-04-03 07:37 68156 c:\windows\system32\perfc009.dat
+ 2008-04-13 23:00 . 2012-03-01 11:01 66560 c:\windows\system32\mshtmled.dll
- 2008-04-13 23:00 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 08:31 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 08:31 . 2012-03-01 11:01 55296 c:\windows\system32\msfeedsbs.dll
- 2008-04-13 23:00 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-13 23:00 . 2012-03-01 11:01 25600 c:\windows\system32\jsproxy.dll
- 2012-03-29 23:13 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2012-03-29 23:13 . 2012-03-01 11:01 12800 c:\windows\system32\dllcache\xpshims.dll
- 2008-04-13 23:00 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-04-13 23:00 . 2012-03-01 11:01 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2012-03-29 23:12 . 2012-03-01 11:01 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2012-03-29 23:12 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-04-13 23:00 . 2012-03-01 11:01 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2008-04-13 23:00 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-04-13 23:00 . 2012-03-01 11:01 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2008-04-13 23:00 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2012-03-28 22:55 . 2012-04-03 07:14 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
+ 2012-03-28 22:55 . 2012-04-12 07:07 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
+ 2012-03-28 22:55 . 2012-04-12 07:07 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
- 2012-03-28 22:55 . 2012-04-03 07:14 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
- 2012-03-28 22:55 . 2012-04-03 07:14 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-03-28 22:55 . 2012-04-12 07:07 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-10-20 21:32 . 2010-10-20 21:32 32160 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\SOCIALPROVIDER.DLL
+ 2011-01-12 23:59 . 2011-01-12 23:59 43352 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\OUTLRPC.DLL
+ 2010-10-22 20:05 . 2010-10-22 20:05 28000 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\OUTLACCT.DLL
+ 2012-04-12 07:08 . 2011-12-17 19:46 12800 c:\windows\ie8updates\KB2675157-IE8\xpshims.dll
+ 2012-04-12 07:08 . 2011-12-17 19:46 66560 c:\windows\ie8updates\KB2675157-IE8\mshtmled.dll
+ 2012-04-12 07:08 . 2011-12-17 19:46 55296 c:\windows\ie8updates\KB2675157-IE8\msfeedsbs.dll
+ 2012-04-12 07:08 . 2011-12-17 19:46 43520 c:\windows\ie8updates\KB2675157-IE8\licmgr10.dll
+ 2012-04-12 07:08 . 2011-12-17 19:46 25600 c:\windows\ie8updates\KB2675157-IE8\jsproxy.dll
+ 2012-04-12 07:11 . 2012-04-12 07:11 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\36124bfc4baaa1c2063d699e77324080\System.Web.DynamicData.Design.ni.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-03-29 23:17 . 2012-04-03 07:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-04-03 07:03 . 2012-04-03 07:03 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-04-13 23:00 . 2012-03-01 11:01 105984 c:\windows\system32\url.dll
- 2008-04-13 23:00 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll
- 2008-04-13 23:00 . 2012-04-03 07:37 435260 c:\windows\system32\perfh009.dat
+ 2008-04-13 23:00 . 2012-04-12 07:05 435260 c:\windows\system32\perfh009.dat
- 2008-04-13 23:00 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll
+ 2008-04-13 23:00 . 2012-03-01 11:01 206848 c:\windows\system32\occache.dll
- 2008-04-13 23:00 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll
+ 2008-04-13 23:00 . 2012-03-01 11:01 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 08:32 . 2012-03-01 11:01 602112 c:\windows\system32\msfeeds.dll
- 2009-03-08 08:32 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll
+ 2012-04-16 14:58 . 2012-04-16 14:58 353440 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_Plugin.exe
+ 2012-03-29 16:19 . 2012-04-16 14:58 253088 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2008-04-13 23:00 . 2012-03-01 11:01 184320 c:\windows\system32\iepeers.dll
- 2008-04-13 23:00 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll
+ 2008-04-13 23:00 . 2012-03-01 11:01 387584 c:\windows\system32\iedkcs32.dll
- 2008-04-13 23:00 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-13 23:00 . 2012-02-29 12:17 174080 c:\windows\system32\ie4uinit.exe
- 2008-04-13 23:00 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe
+ 2012-03-29 16:19 . 2012-04-16 14:58 418464 c:\windows\system32\FlashPlayerApp.exe
- 2012-03-29 16:19 . 2012-03-29 16:19 418464 c:\windows\system32\FlashPlayerApp.exe
- 2008-04-13 23:00 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-04-13 23:00 . 2012-02-29 14:10 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-04-13 23:00 . 2012-03-01 11:01 916992 c:\windows\system32\dllcache\wininet.dll
- 2008-04-13 23:00 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-13 23:00 . 2012-03-01 11:01 105984 c:\windows\system32\dllcache\url.dll
- 2008-04-13 23:00 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll
- 2008-04-13 23:00 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-13 23:00 . 2012-03-01 11:01 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-13 23:00 . 2012-03-01 11:01 611840 c:\windows\system32\dllcache\mstime.dll
- 2008-04-13 23:00 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll
- 2012-03-29 23:12 . 2011-12-17 19:46 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2012-03-29 23:12 . 2012-03-01 11:01 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-04-13 23:00 . 2012-02-29 14:10 148480 c:\windows\system32\dllcache\imagehlp.dll
+ 2012-03-29 23:12 . 2012-03-01 11:01 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2012-03-29 23:12 . 2011-12-17 19:46 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2008-04-13 23:00 . 2012-03-01 11:01 184320 c:\windows\system32\dllcache\iepeers.dll
- 2008-04-13 23:00 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2012-03-29 23:12 . 2012-03-01 11:01 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2012-03-29 23:12 . 2011-12-17 19:46 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2008-04-13 23:00 . 2012-03-01 11:01 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-13 23:00 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-13 23:00 . 2012-02-29 12:17 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-04-13 23:00 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2012-01-31 07:38 . 2012-01-31 07:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-02-09 11:27 . 2012-02-09 11:27 206848 c:\windows\Installer\1fc9be1.msp
+ 2012-02-03 03:56 . 2012-02-03 03:56 963584 c:\windows\Installer\1fc9ba9.msp
+ 2012-03-21 09:58 . 2012-03-21 09:58 133120 c:\windows\Installer\1fc9b78.msp
+ 2012-03-28 22:55 . 2012-04-12 07:07 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
- 2012-03-28 22:55 . 2012-04-03 07:14 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
- 2012-03-28 22:55 . 2012-04-03 07:14 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
+ 2012-03-28 22:55 . 2012-04-12 07:07 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
+ 2012-03-28 22:55 . 2012-04-12 07:07 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
- 2012-03-28 22:55 . 2012-04-03 07:14 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
+ 2012-03-28 22:55 . 2012-04-12 07:07 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
- 2012-03-28 22:55 . 2012-04-03 07:14 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-10-20 20:10 . 2010-10-20 20:10 105344 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\TRANSMGR.DLL
+ 2010-12-21 06:58 . 2010-12-21 06:58 294768 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\SHAREPOINTPROVIDER.DLL
+ 2010-10-22 20:05 . 2010-10-22 20:05 423280 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\RTFHTML.DLL
+ 2011-03-19 04:08 . 2011-03-19 04:08 329616 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\OUTLPH.DLL
+ 2010-10-20 21:08 . 2010-10-20 21:08 122720 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\OUTLCTL.DLL
+ 2010-12-28 05:52 . 2010-12-28 05:52 233360 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\OMSXP32.DLL
+ 2010-12-28 05:52 . 2010-12-28 05:52 724864 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\OMSMAIN.DLL
+ 2010-10-20 21:08 . 2010-10-20 21:08 135528 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\IMPMAIL.DLL
+ 2011-03-17 15:34 . 2011-03-17 15:34 155008 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\ENVELOPE.DLL
+ 2010-10-22 20:05 . 2010-10-22 20:05 135032 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\CONTAB32.DLL
+ 2012-04-12 07:08 . 2011-12-17 19:46 916992 c:\windows\ie8updates\KB2675157-IE8\wininet.dll
+ 2012-04-12 07:08 . 2011-12-17 19:46 105984 c:\windows\ie8updates\KB2675157-IE8\url.dll
+ 2012-04-12 07:08 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2675157-IE8\spuninst\updspapi.dll
+ 2012-04-12 07:08 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2675157-IE8\spuninst\spuninst.exe
+ 2012-04-12 07:08 . 2011-12-17 19:46 206848 c:\windows\ie8updates\KB2675157-IE8\occache.dll
+ 2012-04-12 07:08 . 2011-12-17 19:46 611840 c:\windows\ie8updates\KB2675157-IE8\mstime.dll
+ 2012-04-12 07:08 . 2011-12-17 19:46 602112 c:\windows\ie8updates\KB2675157-IE8\msfeeds.dll
+ 2012-04-12 07:08 . 2011-12-17 19:46 247808 c:\windows\ie8updates\KB2675157-IE8\ieproxy.dll
+ 2012-04-12 07:08 . 2011-12-17 19:46 184320 c:\windows\ie8updates\KB2675157-IE8\iepeers.dll
+ 2012-04-12 07:08 . 2011-12-17 19:46 743424 c:\windows\ie8updates\KB2675157-IE8\iedvtool.dll
+ 2012-04-12 07:08 . 2011-12-17 19:46 387584 c:\windows\ie8updates\KB2675157-IE8\iedkcs32.dll
+ 2012-04-12 07:08 . 2011-12-16 12:23 174080 c:\windows\ie8updates\KB2675157-IE8\ie4uinit.exe
+ 2012-04-12 07:08 . 2012-04-12 07:08 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\5be064066858620a8aa628fca459a888\WindowsFormsIntegration.ni.dll
+ 2012-04-12 07:11 . 2012-04-12 07:11 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\1107b3a711bab40c83e2561ba2431d62\System.Web.Routing.ni.dll
+ 2012-04-12 07:11 . 2012-04-12 07:11 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d7c8c294920cfe79765215e242308d28\System.Web.Extensions.Design.ni.dll
+ 2012-04-12 07:11 . 2012-04-12 07:11 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\5176923a8264305118a299419e1c7bde\System.Web.Entity.ni.dll
+ 2012-04-12 07:11 . 2012-04-12 07:11 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d746c0f0ed36226efb2e0115de42cdd6\System.Web.Entity.Design.ni.dll
+ 2012-04-12 07:11 . 2012-04-12 07:11 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\df5542604898c9ea3fda32c8619ae0e5\System.Web.DynamicData.ni.dll
+ 2012-04-12 07:11 . 2012-04-12 07:11 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\b9c8715157536097b489132574ad5c17\System.Web.Abstractions.ni.dll
+ 2012-04-12 07:10 . 2012-04-12 07:10 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll
+ 2012-04-12 07:08 . 2012-04-12 07:08 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\cc2cd3bc46c9c2b30e47281e404a3230\System.Drawing.Design.ni.dll
+ 2012-04-12 07:10 . 2012-04-12 07:10 617472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b15cfcce5cbf5f4bd4b7f5ed67e8a68c\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
+ 2012-04-12 07:10 . 2012-04-12 07:10 196608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a70cf7e61bcd41434c11223fec839585\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
+ 2012-04-12 07:10 . 2012-04-12 07:10 215040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\74a5d1df0e8c5ab27942832bad414665\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
+ 2012-04-12 07:10 . 2012-04-12 07:10 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\25c7a29be783804673985acf3c3322d4\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll
+ 2012-04-12 07:10 . 2012-04-12 07:10 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\02f951a9600d8642258e79c0997528e7\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
+ 2012-04-12 07:10 . 2012-04-12 07:10 815616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\ec0a7af83a8349e00ceb522fb72d426a\Microsoft.Office.Tools.Common.v9.0.ni.dll
+ 2012-04-12 07:10 . 2012-04-12 07:10 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\eb23befd4741d87be2217af90397aaed\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
+ 2012-04-12 07:10 . 2012-04-12 07:10 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\4aa3440477bee83f0dc2a68a132150f2\Microsoft.Office.Tools.v9.0.ni.dll
+ 2012-04-12 07:10 . 2012-04-12 07:10 854528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\318346092558b0e3eaaaa8f4a66a18e8\Microsoft.Office.Tools.Word.v9.0.ni.dll
+ 2012-04-12 07:10 . 2012-04-12 07:10 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\8d6cd6a93f679608d52b6c874088b963\AspNetMMCExt.ni.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2008-04-13 23:00 . 2011-12-17 19:46 1212416 c:\windows\system32\urlmon.dll
+ 2008-04-13 23:00 . 2012-03-01 11:01 1212416 c:\windows\system32\urlmon.dll
+ 2008-04-13 23:00 . 2012-03-01 11:01 5978624 c:\windows\system32\mshtml.dll
+ 2012-04-16 14:58 . 2012-04-16 14:58 8797344 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
- 2009-03-08 08:32 . 2011-12-17 19:46 2000384 c:\windows\system32\iertutil.dll
+ 2009-03-08 08:32 . 2012-03-01 11:01 2000384 c:\windows\system32\iertutil.dll
+ 2008-04-13 23:00 . 2012-03-01 11:01 1212416 c:\windows\system32\dllcache\urlmon.dll
- 2008-04-13 23:00 . 2011-12-17 19:46 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-13 23:00 . 2012-03-01 11:01 5978624 c:\windows\system32\dllcache\mshtml.dll
- 2012-03-29 23:12 . 2011-12-17 19:46 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2012-03-29 23:12 . 2012-03-01 11:01 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2012-03-07 19:01 . 2012-03-07 19:01 1907712 c:\windows\Installer\1fc9bcc.msp
+ 2012-04-01 20:27 . 2012-04-01 20:27 3463168 c:\windows\Installer\1fc9ba2.msp
+ 2012-02-17 07:50 . 2012-02-17 07:50 1236480 c:\windows\Installer\1fc9b8d.msp
+ 2012-03-21 09:57 . 2012-03-21 09:57 1591808 c:\windows\Installer\1fc9b72.msp
- 2012-03-28 22:55 . 2012-04-03 07:14 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
+ 2012-03-28 22:55 . 2012-04-12 07:07 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
- 2012-03-28 22:55 . 2012-04-03 07:14 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
+ 2012-03-28 22:55 . 2012-04-12 07:07 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
+ 2012-03-28 22:55 . 2012-04-12 07:07 4525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe
- 2012-03-28 22:55 . 2012-04-03 07:14 4525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe
- 2012-03-28 22:55 . 2012-04-03 07:14 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
+ 2012-03-28 22:55 . 2012-04-12 07:07 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
+ 2012-03-28 22:55 . 2012-04-12 07:07 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
- 2012-03-28 22:55 . 2012-04-03 07:14 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-04-12 07:08 . 2011-12-17 19:46 1212416 c:\windows\ie8updates\KB2675157-IE8\urlmon.dll
+ 2012-04-12 07:08 . 2011-12-17 19:46 5979136 c:\windows\ie8updates\KB2675157-IE8\mshtml.dll
+ 2012-04-12 07:08 . 2011-12-17 19:46 2000384 c:\windows\ie8updates\KB2675157-IE8\iertutil.dll
+ 2012-04-12 07:11 . 2012-04-12 07:11 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\d31d2eb0a862d3c1d3561be5f1570c3e\System.WorkflowServices.ni.dll
+ 2012-04-12 07:11 . 2012-04-12 07:11 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\53c2336db392bfa5484850780048e37a\System.Workflow.ComponentModel.ni.dll
+ 2012-04-12 07:11 . 2012-04-12 07:11 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\f243723cda77dd647b250dd9c42c35e2\System.Workflow.Activities.ni.dll
+ 2012-04-12 07:11 . 2012-04-12 07:11 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d1dacd5cb445b242b70bf7d606464293\System.Web.Mobile.ni.dll
+ 2012-04-12 07:11 . 2012-04-12 07:11 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6acbb8bb1a43fab0fdcf55bedd1fbcc3\System.Web.Extensions.ni.dll
+ 2012-04-12 07:08 . 2012-04-12 07:08 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\44d507a702c1623810e094adf751f687\System.Printing.ni.dll
+ 2012-04-12 07:08 . 2012-04-12 07:08 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
+ 2012-04-12 07:10 . 2012-04-12 07:10 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3d253a2235f7c03630003bc1fbaf34a3\System.Deployment.ni.dll
+ 2012-04-12 07:07 . 2012-04-12 07:07 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\c73e109dbac6b099786cc68fe36e3d0b\ReachFramework.ni.dll
+ 2012-04-12 07:07 . 2012-04-12 07:07 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\20d72aeac1109863b77532d37d3f4fa2\PresentationUI.ni.dll
+ 2012-04-12 07:10 . 2012-04-12 07:10 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c\Microsoft.VisualBasic.ni.dll
+ 2012-04-12 07:10 . 2012-04-12 07:10 1354240 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\66e22ead181d2c8dac52a28d62736f64\Microsoft.Office.Tools.Excel.v9.0.ni.dll
+ 2012-04-12 07:10 . 2012-04-12 07:10 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\876b7280cf4e81fd65b120f60d38a7d9\Microsoft.Build.Tasks.ni.dll
+ 2012-04-12 07:10 . 2012-04-12 07:10 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\64ba53308e90fa3837fe47977e2d37b6\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-03-29 23:17 . 2012-04-03 07:03 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-03-29 23:17 . 2012-04-03 07:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-03-29 23:17 . 2012-04-03 07:03 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-04-12 07:04 . 2012-04-12 07:04 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-04-12 07:05 . 2012-04-12 07:05 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-04-03 07:03 . 2012-04-03 07:03 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-03-29 23:17 . 2012-04-03 07:03 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-03-29 23:17 . 2012-04-12 07:05 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-03-29 23:05 . 2012-04-12 07:02 55154568 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2012-03-02 10:01 11082752 c:\windows\system32\ieframe.dll
+ 2012-03-29 23:12 . 2012-03-02 10:01 11082752 c:\windows\system32\dllcache\ieframe.dll
+ 2012-03-07 19:03 . 2012-03-07 19:03 23710208 c:\windows\Installer\1fc9bc4.msp
+ 2012-04-12 07:08 . 2011-12-18 18:46 11082240 c:\windows\ie8updates\KB2675157-IE8\ieframe.dll
+ 2012-04-12 07:08 . 2012-04-12 07:08 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
+ 2012-04-12 07:11 . 2012-04-12 07:11 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
+ 2012-04-12 07:08 . 2012-04-12 07:08 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\561138d8d199861578c197c4d24e3934\System.Design.ni.dll
+ 2012-04-12 07:07 . 2012-04-12 07:07 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\029d1d9e6495065aa4f38bcf2315ee8c\PresentationFramework.ni.dll
+ 2012-04-12 07:06 . 2012-04-12 07:06 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0a059ecfca6e421629a8298b03a7814c\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DtxQuickLaunch.exe"="c:\program files\Dentrix\DtxQuickLaunch.exe" [2010-11-11 89240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
eSync Reminder.lnk - c:\program files\Dentrix\eSyncReminder.exe [2009-1-28 222480]
Name Grabber.LNK - \\Server\d\Apteryx\CliniView\Name Grabber.exe [2007-1-23 507904]
WebSync Reminder.lnk - c:\program files\Dentrix\WebSyncReminder.exe [2009-1-28 86016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-02-01 02:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgwdsvc.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Documents and Settings\\Victoria Weeks\\Local Settings\\Application Data\\LogMeIn Rescue Applet\\LMIR0001.tmp\\lmi_rescue.exe"=
"c:\\Documents and Settings\\Victoria Weeks\\Local Settings\\Application Data\\LogMeIn Rescue Applet\\LMIR0003.tmp\\lmi_rescue.exe"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [4/5/2012 4:58 PM 3456]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidsehx.sys [12/23/2011 2:32 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 5:46 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 6:25 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/22/2012 6:25 AM 299472]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 5:53 AM 193288]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [3/29/2012 3:53 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 7:46 PM 12856]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 2:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 2:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 2:32 PM 17232]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S0 cerc6;cerc6; [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2/14/2012 5:52 AM 5104992]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/29/2012 12:19 PM 253088]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 14:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 69.57.112.10
FF - ProfilePath - c:\documents and settings\Victoria Weeks\Application Data\Mozilla\Firefox\Profiles\mkrm6skh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-17 14:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\LMIinit.dll
c:\windows\System32\NETUI0.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(2556)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-04-17 14:28:05
ComboFix-quarantined-files.txt 2012-04-17 18:28
ComboFix2.txt 2012-04-11 21:42
.
Pre-Run: 65,411,743,744 bytes free
Post-Run: 65,460,068,352 bytes free
.
- - End Of File - - 6DE8662C493D06D21FAB2B18EA7EE6B5




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users