Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect, Possible Browser Hijacking


  • This topic is locked This topic is locked
20 replies to this topic

#1 sherigo

sherigo

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 30 April 2012 - 02:21 PM

Any help would be greatly appreciated.. This one has me stumped, none of my typical methods are working. Trying to run the GMER again, and will post once that completes but want to send this off, because last time my computer shut down mid process.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Doug at 12:08:45 on 2012-04-30
.
============== Running Processes ===============
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Doug\My Documents\Downloads\dds (1).scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [SpybotDeletingB596] command.com /c del "c:\windows\system32\purgeieservice.dll_old"
uRunOnce: [SpybotDeletingD9182] cmd.exe /c del "c:\windows\system32\purgeieservice.dll_old"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [SpybotDeletingA2973] command.com /c del "c:\windows\system32\purgeieservice.dll_old"
mRunOnce: [SpybotDeletingC9719] cmd.exe /c del "c:\windows\system32\purgeieservice.dll_old"
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{3BA6742F-7581-412A-A678-CB3AD320A8FF} : DhcpNameServer = 24.116.2.50 24.116.2.34
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: intelUsb3Sevices - usbniw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - e:\documents and settings\doug\application data\mozilla\firefox\profiles\2prmaiqx.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: keyword.URL - hxxp://search.momentlook.com/?sid=10101074100&s=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51717
FF - prefs.js: network.proxy.type - 1
.
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Search
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.momentlook.com/?sid=10101074100&s=
============= SERVICES / DRIVERS ===============
.
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? fsssvc;Windows Live Family Safety Service
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? MBAMSwissArmy;MBAMSwissArmy
R? NEC Usb3;NEC USB3 Service
R? Roxio UPnP Renderer 11;Roxio UPnP Renderer 11
R? Wmipsg;Wmipsg
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
R? WRSVC;WRSVC
S? !SASCORE;SAS Core Service
S? fssfltr;fssfltr
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? WRkrn;WRkrn
.
=============== Created Last 30 ================
.
2012-04-30 02:05:53 -------- d-s---w- C:\ComboFix
2012-04-29 23:33:09 -------- d-sha-r- C:\cmdcons
2012-04-29 23:27:25 98816 ----a-w- c:\windows\sed.exe
2012-04-29 23:27:25 518144 ----a-w- c:\windows\SWREG.exe
2012-04-29 23:27:25 256000 ----a-w- c:\windows\PEV.exe
2012-04-29 23:27:25 208896 ----a-w- c:\windows\MBR.exe
2012-04-29 22:43:14 -------- d-----w- c:\program files\Webroot
2012-04-29 22:15:44 -------- d-----w- e:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-04-29 22:15:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-29 21:58:23 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-27 00:26:27 88064 ----a-w- e:\documents and settings\all users\application data\fV0lboEg.exe
2012-04-25 05:26:51 57344 ----a-w- c:\windows\system32\wscsvv32.dll
2012-04-25 03:26:41 57344 ----a-w- c:\windows\system32\WmdmPv32.dll
2012-04-25 01:26:37 57344 ----a-w- c:\windows\system32\NWCWov32.dll
2012-04-24 23:26:16 57344 ----a-w- c:\windows\system32\Irmonv32.dll
2012-04-24 21:26:05 57344 ----a-w- c:\windows\system32\Ipripv32.dll
2012-04-23 19:42:50 38400 ----a-w- c:\windows\system32\usbniw32.dll
2012-04-23 19:32:48 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-23 19:32:02 -------- d-----w- e:\documents and settings\doug\local settings\application data\MSoft
2012-04-14 12:20:06 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-06 01:57:52 -------- d-----w- c:\program files\PIXELA
2012-03-31 22:09:18 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-14 12:20:08 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 21:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-07 17:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2010-01-17 23:39:24 457 -c--a-w- c:\program files\0117201016392298.bat
2010-01-15 02:49:41 470 -c--a-w- c:\program files\0114201019494070.bat
2010-01-15 01:35:21 454 -c--a-w- c:\program files\0114201018352142.bat
2005-09-15 08:01:44 724992 -c--a-w- c:\program files\VoiceExplorer.exe
.
============= FINISH: 12:15:25.45 ===============

Thank you,

Sheri

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 PM

Posted 01 May 2012 - 01:02 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

<insert av's>

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 sherigo

sherigo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 01 May 2012 - 12:35 PM

WHen Running combofix, my computer keeps shutting down..About to try it again..Can you tell me which different antivirus programs you saw running, so i can make sure i address them all.


Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
CCleaner
Java™ 6 Update 15
Java version out of date!
Adobe Flash Player 11.2.202.233
Adobe Reader 9 Adobe Reader out of date!
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#4 sherigo

sherigo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 01 May 2012 - 03:08 PM

Tried Running Combofix again.. and it did not cause computer to reboot this time. .But appears to just hang..it gets to the point where it says Autoscan.. this process should take about 10 min, but nothing happens after that.. I checked to see if there is anything running, and as far as i can see everything is off.

Thanks for all your help,

Sheri

#5 sherigo

sherigo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 01 May 2012 - 06:18 PM

Scanning for infected files . . .
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double

Completed Stage_1
Completed Stage_2
Completed Stage_3
Completed Stage_4
Completed Stage_5
Completed Stage_6
Completed Stage_6A
Completed Stage_7
Completed Stage_8
Completed Stage_9
Completed Stage_10
Completed Stage_11
Completed Stage_12
Completed Stage_13
Completed Stage_14
Completed Stage_15
Completed Stage_16
Completed Stage_17
Completed Stage_18
Completed Stage_19
Completed Stage_19B
Completed Stage_20
Completed Stage_21
Completed Stage_22
Completed Stage_23
Completed Stage_24
Completed Stage_25
Completed Stage_26
Completed Stage_27
Completed Stage_28
Completed Stage_29
Completed Stage_30
Completed Stage_31
Completed Stage_32
Completed Stage_32A
Completed Stage_33
Completed Stage_34
Completed Stage_35
Completed Stage_36
Completed Stage_37
Completed Stage_38
Completed Stage_39
Completed Stage_40
Completed Stage_41
Completed Stage_42
Completed Stage_43
Completed Stage_44
Completed Stage_45
Completed Stage_46
Completed Stage_47
Completed Stage_48
Completed Stage_49
Completed Stage_50


Deleting Files:

C:\WINDOWS\system32\Ipripv32.dll
C:\WINDOWS\system32\Irmonv32.dll
C:\WINDOWS\system32\NWCWov32.dll
C:\WINDOWS\system32\usbniw32.dll
C:\WINDOWS\system32\win32x.exe
E:\Documents and Settings\All Users\Application Data\.wtav
E:\Documents and Settings\Doug\Application Data\.#\MBX@8E8@384180.###
E:\Documents and Settings\Doug\Application Data\.#\MBX@8E8@3841B0.###
E:\Documents and Settings\Doug\Application Data\.#\MBX@8E8@3841E0.###
E:\Documents and Settings\Doug\Application Data\chrtmp
E:\Documents and Settings\Doug\delme.bat

Deleting Folders:

E:\Documents and Settings\All Users\Application Data\TEMP
E:\Documents and Settings\All Users\Start Menu\AV7
E:\Documents and Settings\Doug\Application Data\.#

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 PM

Posted 01 May 2012 - 10:38 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 sherigo

sherigo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 02 May 2012 - 12:16 PM

ComboFix 12-05-01.02 - Doug 05/02/2012 10:18:35.4.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.495.275 [GMT -6:00]
Running from: e:\documents and settings\Doug\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\documents and settings\Doug\Local Settings\Application Data\{C2BA7AAD-5884-4A0C-BC3E-DB4630D2AFA5}
e:\documents and settings\Doug\Local Settings\Application Data\{C2BA7AAD-5884-4A0C-BC3E-DB4630D2AFA5}\chrome.manifest
e:\documents and settings\Doug\Local Settings\Application Data\{C2BA7AAD-5884-4A0C-BC3E-DB4630D2AFA5}\chrome\content\_cfg.js
e:\documents and settings\Doug\Local Settings\Application Data\{C2BA7AAD-5884-4A0C-BC3E-DB4630D2AFA5}\chrome\content\overlay.xul
e:\documents and settings\Doug\Local Settings\Application Data\{C2BA7AAD-5884-4A0C-BC3E-DB4630D2AFA5}\install.rdf
.
---- Previous Run -------
.
c:\windows\system32\Ipripv32.dll
c:\windows\system32\Irmonv32.dll
c:\windows\system32\NWCWov32.dll
c:\windows\system32\usbniw32.dll
c:\windows\system32\win32x.exe
e:\documents and settings\All Users\Application Data\.wtav
e:\documents and settings\All Users\Application Data\TEMP
e:\documents and settings\All Users\Start Menu\AV7
e:\documents and settings\Doug\Application Data\.#
e:\documents and settings\Doug\Application Data\.#\MBX@8E8@384180.###
e:\documents and settings\Doug\Application Data\.#\MBX@8E8@3841B0.###
e:\documents and settings\Doug\Application Data\.#\MBX@8E8@3841E0.###
e:\documents and settings\Doug\Application Data\chrtmp
e:\documents and settings\Doug\delme.bat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_WIN32X
-------\Service_6to4
-------\Legacy_6TO4
-------\Legacy_WIN32X
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-04-30 23:09 . 2012-04-30 23:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-29 22:43 . 2012-04-29 22:58 -------- d-----w- c:\program files\Webroot
2012-04-29 22:15 . 2012-04-30 20:10 -------- d-----w- e:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-04-27 12:29 . 2012-04-27 12:29 -------- d-----w- e:\documents and settings\NetworkService.NT AUTHORITY.011\Local Settings\Application Data\Adobe
2012-04-27 12:29 . 2012-04-27 12:29 -------- d-----w- e:\documents and settings\NetworkService.NT AUTHORITY.011\Local Settings\Application Data\Temp
2012-04-27 00:31 . 2012-04-27 00:31 -------- d-sh--w- e:\documents and settings\NetworkService.NT AUTHORITY.011\PrivacIE
2012-04-27 00:31 . 2012-04-27 00:31 -------- d-----w- e:\documents and settings\NetworkService.NT AUTHORITY.011\Local Settings\Application Data\Citrix
2012-04-27 00:31 . 2012-04-27 00:31 -------- d-----w- e:\documents and settings\NetworkService.NT AUTHORITY.011\Application Data\ICAClient
2012-04-25 05:26 . 2012-04-25 05:26 57344 ----a-w- c:\windows\system32\wscsvv32.dll
2012-04-25 03:26 . 2012-04-25 03:26 57344 ----a-w- c:\windows\system32\WmdmPv32.dll
2012-04-23 19:32 . 2012-04-23 19:32 -------- d-----w- e:\documents and settings\Doug\Local Settings\Application Data\MSoft
2012-04-14 12:20 . 2012-04-14 12:20 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-06 01:57 . 2012-04-06 01:57 -------- d-----w- c:\program files\PIXELA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-30 23:12 . 2009-03-27 13:24 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-04-14 12:20 . 2012-03-31 22:09 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 12:20 . 2011-09-23 20:53 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2008-04-14 11:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:01 . 2008-04-14 11:42 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 11:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2008-04-14 11:42 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 11:41 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 06:07 385024 ----a-w- c:\windows\system32\html.iec
2012-02-07 17:02 . 2012-02-07 17:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22 . 2008-04-14 07:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2010-01-17 23:39 . 2010-01-17 23:39 457 -c--a-w- c:\program files\0117201016392298.bat
2010-01-15 02:49 . 2010-01-15 02:49 470 -c--a-w- c:\program files\0114201019494070.bat
2010-01-15 01:35 . 2010-01-15 01:35 454 -c--a-w- c:\program files\0114201018352142.bat
2005-09-15 08:01 . 2009-05-30 02:41 724992 -c--a-w- c:\program files\VoiceExplorer.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
.
[7] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[7] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[7] 2002-08-29 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[7] 2002-08-29 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[7] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[7] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[7] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
.
[7] 2002-08-29 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[7] 2002-08-29 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll
.
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
.
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
.
[7] 2008-04-14 11:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[7] 2008-04-14 11:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
.
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
.
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
.
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[7] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
.
[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
.
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
.
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
.
[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2002-08-29 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[7] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
.
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
.
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[7] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
.
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll
.
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
.
[7] 2012-03-01 . DADE53318D8E5335EE2E1745F1C3FC4D . 5978624 . . [8.00.6001.19222] . . c:\windows\system32\mshtml.dll
[7] 2012-03-01 . DADE53318D8E5335EE2E1745F1C3FC4D . 5978624 . . [8.00.6001.19222] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2012-03-01 . 5DBB0C997AD276BCE9D30CD609BDBF67 . 5980672 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\mshtml.dll
[7] 2011-12-17 . A9259CD226283CD4F798C00909754A94 . 5979136 . . [8.00.6001.19190] . . c:\windows\ie8updates\KB2675157-IE8\mshtml.dll
.
[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[7] 2002-08-29 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
.
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll
.
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
.
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
.
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
.
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
.
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll
.
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
.
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe
.
[7] 2012-03-01 . 009E7B4C284F080608D7286484015EE5 . 916992 . . [8.00.6001.19222] . . c:\windows\system32\wininet.dll
[7] 2012-03-01 . 009E7B4C284F080608D7286484015EE5 . 916992 . . [8.00.6001.19222] . . c:\windows\system32\dllcache\wininet.dll
[7] 2012-03-01 . 4EC67FAB39F37626AD6D9895FC094ABF . 919552 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll
[7] 2011-12-17 . F362D50FBDC6E34918DF41BDE1770E5C . 916992 . . [8.00.6001.19190] . . c:\windows\ie8updates\KB2675157-IE8\wininet.dll
[7] 2011-12-17 . 84A48E9818E8440DDBFD8EEC37C8A937 . 919552 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll
[7] 2011-11-04 . 552263502EA8C24D301A0C43FF90B3ED . 916992 . . [8.00.6001.19165] . . c:\windows\ie8updates\KB2647516-IE8\wininet.dll
[7] 2011-11-04 . 4E4716CAF514717814D07113AD0425B6 . 919552 . . [8.00.6001.23261] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
[7] 2011-08-22 . 1A377838B4B468E37C3EEB5BAA24F925 . 916480 . . [8.00.6001.19131] . . c:\windows\ie8updates\KB2618444-IE8\wininet.dll
[7] 2011-08-22 . 19630AEBBFAEB06984CAB91848270AAF . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
[7] 2011-06-23 . AF4EDDC6C0446FCE5681B5DED52B8F0E . 916480 . . [8.00.6001.19098] . . c:\windows\ie8updates\KB2586448-IE8\wininet.dll
[7] 2011-06-23 . 509CF67AE762A38E23A5455A0053853C . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[7] 2011-04-25 . CC951C2212A200475A587A440E0AA804 . 916480 . . [8.00.6001.19072] . . c:\windows\ie8updates\KB2559049-IE8\wininet.dll
[7] 2011-04-25 . 7F4F1697001B9E9A7924D219DC215903 . 919552 . . [8.00.6001.23165] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
[7] 2011-02-22 . A9FA95F0D7F511959AC721E4843E5967 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[7] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\ie8updates\KB2530548-IE8\wininet.dll
[7] 2010-12-20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll
[7] 2010-12-20 . 5504B4ECCE892EB82CD2C5FA71940AC1 . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
[7] 2010-11-06 . 9357C4249F4810FB0E49C13387A8A77C . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[7] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\ie8updates\KB2482017-IE8\wininet.dll
[7] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2416400-IE8\wininet.dll
[7] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[7] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[7] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
[7] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
.
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll
.
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll
.
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[7] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll
[7] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll
[7] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[7] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
.
[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[7] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
.
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
.
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
[7] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[7] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[7] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
.
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll
.
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2009-03-27 . 600D58665D16BFBB776EFEFB0E80532D . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
.
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll
.
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll
.
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[7] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[7] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll
.
[7] 2002-08-29 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[7] 2008-04-14 10:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[7] 2008-04-14 10:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[7] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[7] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[7] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
.
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
.
[7] 2008-04-14 11:42 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[7] 2006-10-19 03:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[7] 2006-10-19 03:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[7] 2011-10-25 . DB19FFF0C805664CB95062C027B11FE9 . 2069376 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[7] 2011-10-25 . CE1A2FEDBD001ECDC5AD1975AFAD040A . 2069376 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2011-10-25 . CE1A2FEDBD001ECDC5AD1975AFAD040A . 2069376 . . [5.1.2600.6165] . . c:\windows\system32\ntkrnlpa.exe
[7] 2011-10-25 . CE1A2FEDBD001ECDC5AD1975AFAD040A . 2069376 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2010-12-10 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[7] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[7] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntkrnlpa.exe
[7] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
.
[7] 2008-04-14 11:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[7] 2008-04-14 11:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
.
[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
.
[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll
.
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll
.
[7] 2008-04-14 11:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[7] 2008-04-14 11:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
.
[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
.
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll
.
[7] 2010-02-23 . B5116340B84824DDD0A641E36B126194 . 634648 . . [7.00.6000.17023] . . c:\windows\ie8\iexplore.exe
[7] 2010-02-23 . C8DDA4028065D5CE39CBE7A156B72AB9 . 634648 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iexplore.exe
[7] 2009-12-18 . 53C291F3B01EECECBD7FD358EA3ACC94 . 634648 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\iexplore.exe
[7] 2009-12-18 . D19E56D5930C37CF211867DF450C372A . 634632 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iexplore.exe
[7] 2009-04-25 . 092A7F2B49A19ECCE5369D3CB2276148 . 636088 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB978207-IE7\iexplore.exe
[7] 2009-04-25 . C0503FD8D163652735C1EE900672A75C . 636088 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[7] 2009-02-28 . A251068640DDB69FD7805B57D89D7FF7 . 636072 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2QFE\iexplore.exe
[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe
[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2GDR\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2QFE\iexplore.exe
[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2GDR\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ie7\iexplore.exe
[7] 2007-08-14 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe
.
.
[7] 2011-10-25 . F512C662874D7545E5BD8005E6800A44 . 2192768 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[7] 2011-10-25 . 892CDDFF7EF96951B9B0B50974070E47 . 2192768 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2011-10-25 . 892CDDFF7EF96951B9B0B50974070E47 . 2192768 . . [5.1.2600.6165] . . c:\windows\system32\ntoskrnl.exe
[7] 2011-10-25 . 892CDDFF7EF96951B9B0B50974070E47 . 2192768 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[7] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[7] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntoskrnl.exe
[7] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll
.
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll
.
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll
.
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-04-27 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\E:^Documents and Settings^Doug^Start Menu^Programs^Startup^Trillian.lnk]
path=e:\documents and settings\Doug\Start Menu\Programs\Startup\Trillian.lnk
backup=c:\windows\pss\Trillian.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 11:42 15360 -c----w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2011-07-27 11:13 434080 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 00:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Documents and Settings\\Doug\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 12:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 11:48 AM 116608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/25/2010 9:48 AM 135664]
S2 NEC Usb3;NEC USB3 Service;c:\windows\System32\svchost.exe -k NECUsb3s [4/14/2008 5:42 AM 14336]
S2 Wmipsg;Wmipsg;c:\windows\System32\svchost.exe -k netsvcs [4/14/2008 5:42 AM 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 4:09 PM 253088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/25/2010 9:48 AM 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S4 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"c:\program files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe" --> c:\program files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NECUsb3s REG_MULTI_SZ NEC Usb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NWUSBModem
LVCap138
ypcservice
Wmipsg
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 12:20]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 15:47]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 15:47]
.
2012-05-01 c:\windows\Tasks\HP Usg Daily FY04.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2009-03-28 04:54]
.
2012-05-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-688789844-1417001333-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
.
2012-04-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-688789844-1417001333-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
.
2012-05-02 c:\windows\Tasks\User_Feed_Synchronization-{22F5C556-B068-460D-87C3-9DEDE6F1A5FC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
FF - ProfilePath - e:\documents and settings\Doug\Application Data\Mozilla\Firefox\Profiles\2prmaiqx.default\
FF - prefs.js: keyword.URL - hxxp://search.momentlook.com/?sid=10101074100&s=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51717
FF - prefs.js: network.proxy.type - 1
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.momentlook.com/?sid=10101074100&s=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-intelUsb3Sevices - usbniw32.dll
MSConfigStartUp-506E7F42_0 - e:\docume~1\Doug\LOCALS~1\Temp\bmfdrgfs.exe
MSConfigStartUp-CE8SIIFGSU - e:\docume~1\Doug\LOCALS~1\Temp\Msc.exe
MSConfigStartUp-cftmon - c:\windows\system32\mcezt.exe
MSConfigStartUp-conhost - e:\documents and settings\Doug\Application Data\Microsoft\conhost.exe
MSConfigStartUp-Google Update - e:\documents and settings\Doug\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-Nkodoqev - c:\windows\mfrvd32.dll
MSConfigStartUp-RIMBBLaunchAgent - c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSConfigStartUp-Rwifiqijoy - c:\windows\ikuvipejidedu.dll
MSConfigStartUp-SmartIndex - c:\windows\Temp\_ex-08.exe
MSConfigStartUp-SmileboxTray - e:\documents and settings\Doug\Application Data\Smilebox\SmileboxTray.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-{1731BE95-E5AA-B33F-278A-ACE18C8E9FED} - e:\documents and settings\Doug\Application Data\Fiog\udtiy.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-02 10:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,fc,db,3c,96,eb,10,46,bc,69,95,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,fc,db,3c,96,eb,10,46,bc,69,95,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1272)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Intel\Intel® Active Monitor\imonnt.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2012-05-02 11:07:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-02 17:07
.
Pre-Run: 12,132,741,120 bytes free
Post-Run: 12,009,156,608 bytes free
.
- - End Of File - - 965A058054FB25F5185D4E5CCA3EE7BD

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 PM

Posted 02 May 2012 - 11:01 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 sherigo

sherigo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 03 May 2012 - 02:55 AM

01:15:54.0140 2528 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
01:15:54.0687 2528 ============================================================
01:15:54.0687 2528 Current date / time: 2012/05/03 01:15:54.0687
01:15:54.0687 2528 SystemInfo:
01:15:54.0687 2528
01:15:54.0687 2528 OS Version: 5.1.2600 ServicePack: 3.0
01:15:54.0687 2528 Product type: Workstation
01:15:54.0687 2528 ComputerName: SHERIS
01:15:54.0687 2528 UserName: Doug
01:15:54.0687 2528 Windows directory: C:\WINDOWS
01:15:54.0687 2528 System windows directory: C:\WINDOWS
01:15:54.0687 2528 Processor architecture: Intel x86
01:15:54.0687 2528 Number of processors: 1
01:15:54.0687 2528 Page size: 0x1000
01:15:54.0687 2528 Boot type: Normal boot
01:15:54.0687 2528 ============================================================
01:15:58.0328 2528 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
01:15:58.0359 2528 ============================================================
01:15:58.0359 2528 \Device\Harddisk0\DR0:
01:15:58.0359 2528 MBR partitions:
01:15:58.0359 2528 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A88DD1
01:15:58.0359 2528 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4A88E10, BlocksNum 0x4A85300
01:15:58.0359 2528 ============================================================
01:15:58.0390 2528 C: <-> \Device\Harddisk0\DR0\Partition0
01:15:58.0421 2528 E: <-> \Device\Harddisk0\DR0\Partition1
01:15:58.0421 2528 ============================================================
01:15:58.0421 2528 Initialize success
01:15:58.0421 2528 ============================================================
01:16:02.0578 3476 ============================================================
01:16:02.0578 3476 Scan started
01:16:02.0578 3476 Mode: Manual;
01:16:02.0578 3476 ============================================================
01:16:04.0437 3476 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
01:16:04.0468 3476 !SASCORE - ok
01:16:05.0015 3476 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
01:16:05.0031 3476 61883 - ok
01:16:05.0046 3476 Abiosdsk - ok
01:16:05.0062 3476 abp480n5 - ok
01:16:05.0171 3476 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:16:05.0234 3476 ACPI - ok
01:16:05.0296 3476 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
01:16:05.0296 3476 ACPIEC - ok
01:16:05.0468 3476 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:16:05.0562 3476 AdobeFlashPlayerUpdateSvc - ok
01:16:05.0578 3476 adpu160m - ok
01:16:05.0812 3476 aeaudio (cde1f62fe63631b932ace2249fb11da0) C:\WINDOWS\system32\drivers\aeaudio.sys
01:16:05.0859 3476 aeaudio - ok
01:16:05.0953 3476 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
01:16:06.0000 3476 aec - ok
01:16:06.0093 3476 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
01:16:06.0140 3476 AFD - ok
01:16:06.0156 3476 Aha154x - ok
01:16:06.0171 3476 aic78u2 - ok
01:16:06.0187 3476 aic78xx - ok
01:16:06.0234 3476 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
01:16:06.0250 3476 Alerter - ok
01:16:06.0296 3476 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
01:16:06.0312 3476 ALG - ok
01:16:06.0328 3476 AliIde - ok
01:16:06.0343 3476 amsint - ok
01:16:06.0515 3476 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:16:06.0531 3476 Apple Mobile Device - ok
01:16:06.0640 3476 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
01:16:06.0812 3476 AppMgmt - ok
01:16:06.0875 3476 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
01:16:06.0890 3476 Arp1394 - ok
01:16:06.0906 3476 asc - ok
01:16:06.0921 3476 asc3350p - ok
01:16:06.0937 3476 asc3550 - ok
01:16:07.0125 3476 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
01:16:07.0140 3476 aspnet_state - ok
01:16:07.0187 3476 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:16:07.0187 3476 AsyncMac - ok
01:16:07.0265 3476 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
01:16:07.0265 3476 atapi - ok
01:16:07.0296 3476 Atdisk - ok
01:16:07.0328 3476 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:16:07.0359 3476 Atmarpc - ok
01:16:07.0390 3476 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
01:16:07.0406 3476 AudioSrv - ok
01:16:07.0453 3476 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:16:07.0468 3476 audstub - ok
01:16:07.0531 3476 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
01:16:07.0546 3476 Avc - ok
01:16:07.0625 3476 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:16:07.0625 3476 Beep - ok
01:16:08.0000 3476 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
01:16:08.0125 3476 BITS - ok
01:16:08.0343 3476 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
01:16:08.0468 3476 Bonjour Service - ok
01:16:08.0531 3476 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
01:16:08.0562 3476 Browser - ok
01:16:08.0578 3476 catchme - ok
01:16:08.0625 3476 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:16:08.0625 3476 cbidf2k - ok
01:16:08.0671 3476 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
01:16:08.0687 3476 CCDECODE - ok
01:16:08.0703 3476 cd20xrnt - ok
01:16:08.0843 3476 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:16:08.0843 3476 Cdaudio - ok
01:16:08.0921 3476 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
01:16:08.0937 3476 Cdfs - ok
01:16:09.0000 3476 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:16:09.0015 3476 Cdrom - ok
01:16:09.0031 3476 Changer - ok
01:16:09.0062 3476 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
01:16:09.0062 3476 CiSvc - ok
01:16:09.0093 3476 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
01:16:09.0109 3476 ClipSrv - ok
01:16:09.0265 3476 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:16:09.0296 3476 clr_optimization_v2.0.50727_32 - ok
01:16:09.0484 3476 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:16:09.0515 3476 clr_optimization_v4.0.30319_32 - ok
01:16:09.0531 3476 CmdIde - ok
01:16:09.0562 3476 COMSysApp - ok
01:16:09.0578 3476 Cpqarray - ok
01:16:09.0656 3476 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
01:16:09.0687 3476 CryptSvc - ok
01:16:09.0890 3476 ctxusbm (4e08a98dba0b1249c2eb4b191978a9a4) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
01:16:09.0906 3476 ctxusbm - ok
01:16:09.0937 3476 dac2w2k - ok
01:16:09.0953 3476 dac960nt - ok
01:16:10.0125 3476 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
01:16:10.0265 3476 DcomLaunch - ok
01:16:10.0359 3476 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
01:16:10.0390 3476 Dhcp - ok
01:16:10.0421 3476 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
01:16:10.0437 3476 Disk - ok
01:16:11.0062 3476 Diskeeper (a52e0ebf719f379efd178c402b1ad7bb) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
01:16:11.0421 3476 Diskeeper - ok
01:16:11.0437 3476 dmadmin - ok
01:16:11.0843 3476 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
01:16:12.0203 3476 dmboot - ok
01:16:12.0281 3476 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
01:16:12.0328 3476 dmio - ok
01:16:12.0375 3476 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:16:12.0390 3476 dmload - ok
01:16:12.0406 3476 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
01:16:12.0421 3476 dmserver - ok
01:16:12.0500 3476 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
01:16:12.0531 3476 DMusic - ok
01:16:12.0593 3476 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
01:16:12.0609 3476 Dnscache - ok
01:16:12.0703 3476 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
01:16:12.0750 3476 Dot3svc - ok
01:16:12.0765 3476 dpti2o - ok
01:16:12.0921 3476 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
01:16:12.0937 3476 drmkaud - ok
01:16:13.0046 3476 E1000 (4de4bae4accb5a49fa85801d4f226355) C:\WINDOWS\system32\DRIVERS\e1000325.sys
01:16:13.0109 3476 E1000 - ok
01:16:13.0171 3476 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
01:16:13.0171 3476 EapHost - ok
01:16:13.0218 3476 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
01:16:13.0234 3476 ERSvc - ok
01:16:13.0312 3476 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
01:16:13.0359 3476 Eventlog - ok
01:16:13.0500 3476 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
01:16:13.0593 3476 EventSystem - ok
01:16:13.0687 3476 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
01:16:13.0734 3476 Fastfat - ok
01:16:13.0968 3476 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:16:14.0015 3476 FastUserSwitchingCompatibility - ok
01:16:14.0046 3476 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
01:16:14.0046 3476 Fdc - ok
01:16:14.0109 3476 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
01:16:14.0125 3476 Fips - ok
01:16:14.0156 3476 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
01:16:14.0171 3476 Flpydisk - ok
01:16:14.0265 3476 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
01:16:14.0296 3476 FltMgr - ok
01:16:14.0468 3476 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:16:14.0484 3476 FontCache3.0.0.0 - ok
01:16:14.0562 3476 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
01:16:14.0578 3476 fssfltr - ok
01:16:15.0125 3476 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
01:16:15.0343 3476 fsssvc - ok
01:16:15.0406 3476 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:16:15.0421 3476 Fs_Rec - ok
01:16:15.0468 3476 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:16:15.0515 3476 Ftdisk - ok
01:16:15.0562 3476 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
01:16:15.0578 3476 GEARAspiWDM - ok
01:16:15.0640 3476 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:16:15.0656 3476 Gpc - ok
01:16:15.0828 3476 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
01:16:16.0046 3476 gupdate - ok
01:16:16.0062 3476 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
01:16:16.0062 3476 gupdatem - ok
01:16:16.0187 3476 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:16:16.0203 3476 helpsvc - ok
01:16:16.0234 3476 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
01:16:16.0250 3476 HidServ - ok
01:16:16.0296 3476 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:16:16.0312 3476 HidUsb - ok
01:16:16.0390 3476 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
01:16:16.0406 3476 hkmsvc - ok
01:16:16.0484 3476 HP Port Resolver (58176988fba04153d35d7eb92825a14f) C:\WINDOWS\system32\hpbpro.exe
01:16:16.0515 3476 HP Port Resolver - ok
01:16:16.0562 3476 HP Status Server (b00044476f6d091922da76a086ecc15b) C:\WINDOWS\system32\hpboid.exe
01:16:16.0578 3476 HP Status Server - ok
01:16:16.0593 3476 hpn - ok
01:16:16.0640 3476 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
01:16:16.0656 3476 HPZid412 - ok
01:16:16.0687 3476 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
01:16:16.0687 3476 HPZipr12 - ok
01:16:16.0734 3476 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
01:16:16.0750 3476 HPZius12 - ok
01:16:17.0000 3476 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
01:16:17.0078 3476 HTTP - ok
01:16:17.0125 3476 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
01:16:17.0140 3476 HTTPFilter - ok
01:16:17.0156 3476 i2omgmt - ok
01:16:17.0171 3476 i2omp - ok
01:16:17.0234 3476 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:16:17.0250 3476 i8042prt - ok
01:16:17.0750 3476 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
01:16:18.0343 3476 ialm - ok
01:16:18.0796 3476 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:16:19.0203 3476 idsvc - ok
01:16:19.0484 3476 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
01:16:19.0500 3476 Imapi - ok
01:16:19.0562 3476 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
01:16:19.0609 3476 ImapiService - ok
01:16:19.0765 3476 imonNT (863952bcb5e488ecbbeb7d177cb699bc) C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
01:16:19.0796 3476 imonNT - ok
01:16:19.0812 3476 ini910u - ok
01:16:19.0843 3476 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
01:16:19.0859 3476 IntelIde - ok
01:16:19.0906 3476 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:16:19.0921 3476 intelppm - ok
01:16:19.0953 3476 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
01:16:20.0046 3476 Ip6Fw - ok
01:16:20.0125 3476 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:16:20.0140 3476 IpFilterDriver - ok
01:16:20.0171 3476 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:16:20.0171 3476 IpInIp - ok
01:16:20.0265 3476 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:16:20.0312 3476 IpNat - ok
01:16:20.0656 3476 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
01:16:20.0906 3476 iPod Service - ok
01:16:21.0125 3476 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:16:21.0156 3476 IPSec - ok
01:16:21.0203 3476 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:16:21.0203 3476 IRENUM - ok
01:16:21.0250 3476 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:16:21.0265 3476 isapnp - ok
01:16:21.0406 3476 JavaQuickStarterService (112325f53ab720ca77825726d427fbdc) C:\Program Files\Java\jre6\bin\jqs.exe
01:16:21.0453 3476 JavaQuickStarterService - ok
01:16:21.0515 3476 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:16:21.0531 3476 Kbdclass - ok
01:16:21.0593 3476 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:16:21.0609 3476 kbdhid - ok
01:16:21.0734 3476 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
01:16:21.0796 3476 kmixer - ok
01:16:21.0875 3476 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
01:16:21.0906 3476 KSecDD - ok
01:16:22.0187 3476 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
01:16:22.0234 3476 LanmanServer - ok
01:16:22.0312 3476 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
01:16:22.0375 3476 lanmanworkstation - ok
01:16:22.0390 3476 lbrtfdc - ok
01:16:22.0453 3476 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
01:16:22.0453 3476 LmHosts - ok
01:16:22.0468 3476 LVCap138 - ok
01:16:22.0515 3476 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
01:16:22.0531 3476 Messenger - ok
01:16:22.0640 3476 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
01:16:22.0671 3476 Microsoft Office Groove Audit Service - ok
01:16:22.0781 3476 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys
01:16:22.0859 3476 MidiSyn - ok
01:16:22.0921 3476 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:16:22.0921 3476 mnmdd - ok
01:16:22.0984 3476 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
01:16:23.0109 3476 mnmsrvc - ok
01:16:23.0187 3476 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
01:16:23.0187 3476 Modem - ok
01:16:23.0265 3476 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:16:23.0265 3476 Mouclass - ok
01:16:23.0328 3476 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:16:23.0328 3476 mouhid - ok
01:16:23.0390 3476 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
01:16:23.0406 3476 MountMgr - ok
01:16:23.0421 3476 mraid35x - ok
01:16:23.0515 3476 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:16:23.0578 3476 MRxDAV - ok
01:16:23.0781 3476 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:16:23.0937 3476 MRxSmb - ok
01:16:24.0000 3476 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
01:16:24.0015 3476 MSDTC - ok
01:16:24.0187 3476 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
01:16:24.0218 3476 MSDV - ok
01:16:24.0250 3476 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
01:16:24.0265 3476 Msfs - ok
01:16:24.0281 3476 MSIServer - ok
01:16:24.0312 3476 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:16:24.0312 3476 MSKSSRV - ok
01:16:24.0328 3476 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:16:24.0343 3476 MSPCLOCK - ok
01:16:24.0359 3476 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
01:16:24.0359 3476 MSPQM - ok
01:16:24.0406 3476 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:16:24.0406 3476 mssmbios - ok
01:16:24.0453 3476 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
01:16:24.0453 3476 MSTEE - ok
01:16:24.0531 3476 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
01:16:24.0562 3476 Mup - ok
01:16:24.0625 3476 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
01:16:24.0656 3476 NABTSFEC - ok
01:16:24.0703 3476 NAL (2ea7a186289c2807ba2e8a5502c0d065) C:\WINDOWS\system32\Drivers\iqvw32.sys
01:16:24.0718 3476 NAL - ok
01:16:24.0843 3476 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
01:16:24.0937 3476 napagent - ok
01:16:25.0171 3476 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
01:16:25.0234 3476 NDIS - ok
01:16:25.0281 3476 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
01:16:25.0296 3476 NdisIP - ok
01:16:25.0343 3476 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:16:25.0359 3476 NdisTapi - ok
01:16:25.0406 3476 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:16:25.0421 3476 Ndisuio - ok
01:16:25.0468 3476 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:16:25.0484 3476 NdisWan - ok
01:16:25.0546 3476 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
01:16:25.0562 3476 NDProxy - ok
01:16:25.0578 3476 NEC Usb3 - ok
01:16:25.0640 3476 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:16:25.0656 3476 NetBIOS - ok
01:16:25.0734 3476 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:16:25.0781 3476 NetBT - ok
01:16:25.0859 3476 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:16:25.0890 3476 NetDDE - ok
01:16:25.0906 3476 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:16:25.0906 3476 NetDDEdsdm - ok
01:16:25.0984 3476 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:16:25.0984 3476 Netlogon - ok
01:16:26.0234 3476 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
01:16:26.0312 3476 Netman - ok
01:16:26.0500 3476 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:16:26.0546 3476 NetTcpPortSharing - ok
01:16:26.0640 3476 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
01:16:26.0656 3476 NIC1394 - ok
01:16:26.0796 3476 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
01:16:26.0875 3476 Nla - ok
01:16:26.0953 3476 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
01:16:26.0968 3476 Npfs - ok
01:16:27.0296 3476 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
01:16:27.0484 3476 Ntfs - ok
01:16:27.0500 3476 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:16:27.0500 3476 NtLmSsp - ok
01:16:27.0687 3476 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
01:16:27.0828 3476 NtmsSvc - ok
01:16:27.0875 3476 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:16:27.0875 3476 Null - ok
01:16:27.0906 3476 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:16:27.0906 3476 NwlnkFlt - ok
01:16:27.0937 3476 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:16:27.0953 3476 NwlnkFwd - ok
01:16:28.0031 3476 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
01:16:28.0062 3476 NwlnkIpx - ok
01:16:28.0109 3476 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
01:16:28.0218 3476 NwlnkNb - ok
01:16:28.0328 3476 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
01:16:28.0343 3476 NwlnkSpx - ok
01:16:28.0406 3476 NwSapAgent (4b83fcbbe72af5f99d109798653e8b78) C:\WINDOWS\System32\ipxsap.dll
01:16:28.0421 3476 NwSapAgent - ok
01:16:28.0453 3476 NWUSBModem - ok
01:16:28.0765 3476 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:16:28.0906 3476 odserv - ok
01:16:28.0968 3476 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
01:16:29.0000 3476 ohci1394 - ok
01:16:29.0093 3476 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:16:29.0250 3476 ose - ok
01:16:29.0343 3476 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
01:16:29.0375 3476 Parport - ok
01:16:29.0390 3476 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
01:16:29.0406 3476 PartMgr - ok
01:16:29.0468 3476 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
01:16:29.0468 3476 ParVdm - ok
01:16:29.0531 3476 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
01:16:29.0546 3476 PCI - ok
01:16:29.0562 3476 PCIDump - ok
01:16:29.0609 3476 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
01:16:29.0609 3476 PCIIde - ok
01:16:29.0703 3476 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
01:16:29.0734 3476 Pcmcia - ok
01:16:29.0750 3476 PDCOMP - ok
01:16:29.0765 3476 PDFRAME - ok
01:16:29.0781 3476 PDRELI - ok
01:16:29.0781 3476 PDRFRAME - ok
01:16:29.0796 3476 perc2 - ok
01:16:29.0812 3476 perc2hib - ok
01:16:29.0921 3476 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
01:16:29.0921 3476 PlugPlay - ok
01:16:30.0000 3476 Pml Driver HPZ12 (901c43516504cbe582e4c4193e00876a) C:\WINDOWS\system32\HPZipm12.exe
01:16:30.0015 3476 Pml Driver HPZ12 - ok
01:16:30.0078 3476 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:16:30.0078 3476 PolicyAgent - ok
01:16:30.0140 3476 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:16:30.0156 3476 PptpMiniport - ok
01:16:30.0265 3476 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:16:30.0265 3476 ProtectedStorage - ok
01:16:30.0328 3476 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
01:16:30.0359 3476 PSched - ok
01:16:30.0406 3476 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:16:30.0406 3476 Ptilink - ok
01:16:30.0421 3476 ql1080 - ok
01:16:30.0437 3476 Ql10wnt - ok
01:16:30.0453 3476 ql12160 - ok
01:16:30.0468 3476 ql1240 - ok
01:16:30.0484 3476 ql1280 - ok
01:16:30.0531 3476 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:16:30.0531 3476 RasAcd - ok
01:16:30.0593 3476 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
01:16:30.0625 3476 RasAuto - ok
01:16:30.0671 3476 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:16:30.0687 3476 Rasl2tp - ok
01:16:30.0796 3476 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
01:16:30.0859 3476 RasMan - ok
01:16:30.0890 3476 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:16:30.0906 3476 RasPppoe - ok
01:16:30.0968 3476 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:16:30.0968 3476 Raspti - ok
01:16:31.0093 3476 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:16:31.0140 3476 Rdbss - ok
01:16:31.0328 3476 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:16:31.0328 3476 RDPCDD - ok
01:16:31.0453 3476 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:16:31.0515 3476 rdpdr - ok
01:16:31.0625 3476 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
01:16:31.0671 3476 RDPWD - ok
01:16:31.0750 3476 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
01:16:31.0796 3476 RDSessMgr - ok
01:16:31.0890 3476 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:16:31.0906 3476 redbook - ok
01:16:31.0968 3476 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
01:16:31.0984 3476 RemoteAccess - ok
01:16:32.0046 3476 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
01:16:32.0078 3476 RemoteRegistry - ok
01:16:32.0140 3476 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
01:16:32.0156 3476 RimUsb - ok
01:16:32.0390 3476 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
01:16:32.0406 3476 RimVSerPort - ok
01:16:32.0468 3476 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
01:16:32.0468 3476 ROOTMODEM - ok
01:16:32.0609 3476 Roxio UPnP Renderer 11 - ok
01:16:32.0671 3476 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
01:16:32.0703 3476 RpcLocator - ok
01:16:32.0890 3476 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
01:16:32.0906 3476 RpcSs - ok
01:16:32.0984 3476 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
01:16:33.0000 3476 rspndr - ok
01:16:33.0093 3476 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
01:16:33.0140 3476 RSVP - ok
01:16:33.0218 3476 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:16:33.0218 3476 SamSs - ok
01:16:33.0421 3476 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
01:16:33.0437 3476 SASDIFSV - ok
01:16:33.0484 3476 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
01:16:33.0500 3476 SASKUTIL - ok
01:16:33.0578 3476 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
01:16:33.0625 3476 SCardSvr - ok
01:16:33.0734 3476 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
01:16:33.0796 3476 Schedule - ok
01:16:34.0000 3476 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
01:16:34.0078 3476 SeaPort - ok
01:16:34.0140 3476 Secdrv (7570380037993520842c2868121a01f9) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:16:34.0156 3476 Secdrv - ok
01:16:34.0187 3476 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
01:16:34.0203 3476 seclogon - ok
01:16:34.0625 3476 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\WINDOWS\system32\drivers\senfilt.sys
01:16:34.0750 3476 senfilt - ok
01:16:34.0828 3476 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
01:16:34.0828 3476 SENS - ok
01:16:34.0859 3476 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
01:16:34.0875 3476 serenum - ok
01:16:34.0921 3476 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
01:16:34.0937 3476 Serial - ok
01:16:35.0000 3476 sf (8da9c7feedba52cfd91ee2e2113df6a9) C:\WINDOWS\system32\drivers\sf.sys
01:16:35.0015 3476 sf - ok
01:16:35.0031 3476 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
01:16:35.0046 3476 Sfloppy - ok
01:16:35.0218 3476 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
01:16:35.0468 3476 SharedAccess - ok
01:16:35.0578 3476 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:16:35.0578 3476 ShellHWDetection - ok
01:16:35.0593 3476 Simbad - ok
01:16:35.0656 3476 SIODRV (20f6649d168567a66c25662171bf4fe8) C:\WINDOWS\system32\drivers\SIODRV.SYS
01:16:35.0656 3476 SIODRV - ok
01:16:35.0718 3476 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
01:16:35.0718 3476 SLIP - ok
01:16:35.0765 3476 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\WINDOWS\system32\DRIVERS\SMBios.sys
01:16:35.0765 3476 SMBios - ok
01:16:35.0796 3476 smbusp (067114712715d88e1fccaba33e418e24) C:\WINDOWS\system32\DRIVERS\smb.sys
01:16:35.0812 3476 smbusp - ok
01:16:35.0968 3476 smwdm (ce52bffebfaf1e59553e2885cab80b52) C:\WINDOWS\system32\drivers\smwdm.sys
01:16:36.0046 3476 smwdm - ok
01:16:36.0203 3476 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
01:16:36.0218 3476 SoundMAX Agent Service (default) - ok
01:16:36.0359 3476 Sparrow - ok
01:16:36.0421 3476 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
01:16:36.0421 3476 splitter - ok
01:16:36.0468 3476 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
01:16:36.0484 3476 Spooler - ok
01:16:36.0562 3476 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
01:16:36.0578 3476 sr - ok
01:16:36.0656 3476 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
01:16:36.0734 3476 srservice - ok
01:16:36.0906 3476 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
01:16:37.0031 3476 Srv - ok
01:16:37.0125 3476 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
01:16:37.0140 3476 SSDPSRV - ok
01:16:37.0156 3476 StarOpen - ok
01:16:37.0437 3476 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
01:16:37.0562 3476 stisvc - ok
01:16:37.0609 3476 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
01:16:37.0609 3476 streamip - ok
01:16:37.0671 3476 SupportSoft RemoteAssist - ok
01:16:37.0718 3476 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
01:16:37.0718 3476 swenum - ok
01:16:37.0796 3476 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
01:16:37.0812 3476 swmidi - ok
01:16:37.0828 3476 SwPrv - ok
01:16:37.0843 3476 symc810 - ok
01:16:37.0875 3476 symc8xx - ok
01:16:37.0890 3476 sym_hi - ok
01:16:37.0906 3476 sym_u3 - ok
01:16:37.0937 3476 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
01:16:37.0968 3476 sysaudio - ok
01:16:38.0031 3476 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
01:16:38.0062 3476 SysmonLog - ok
01:16:38.0203 3476 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
01:16:38.0500 3476 TapiSrv - ok
01:16:38.0671 3476 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:16:38.0781 3476 Tcpip - ok
01:16:38.0843 3476 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
01:16:38.0843 3476 TDPIPE - ok
01:16:38.0875 3476 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
01:16:38.0875 3476 TDTCP - ok
01:16:38.0937 3476 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
01:16:38.0953 3476 TermDD - ok
01:16:39.0062 3476 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
01:16:39.0187 3476 TermService - ok
01:16:39.0265 3476 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:16:39.0265 3476 Themes - ok
01:16:39.0453 3476 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
01:16:39.0484 3476 TlntSvr - ok
01:16:39.0500 3476 TosIde - ok
01:16:39.0562 3476 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
01:16:39.0593 3476 TrkWks - ok
01:16:39.0656 3476 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
01:16:39.0687 3476 Udfs - ok
01:16:39.0703 3476 ultra - ok
01:16:39.0890 3476 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
01:16:40.0015 3476 Update - ok
01:16:40.0125 3476 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
01:16:40.0187 3476 upnphost - ok
01:16:40.0234 3476 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
01:16:40.0234 3476 UPS - ok
01:16:40.0468 3476 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
01:16:40.0484 3476 USBAAPL - ok
01:16:40.0546 3476 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
01:16:40.0546 3476 usbbus - ok
01:16:40.0609 3476 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:16:40.0625 3476 usbccgp - ok
01:16:40.0671 3476 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
01:16:40.0687 3476 UsbDiag - ok
01:16:40.0734 3476 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:16:40.0750 3476 usbehci - ok
01:16:40.0796 3476 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:16:40.0812 3476 usbhub - ok
01:16:40.0875 3476 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
01:16:40.0890 3476 USBModem - ok
01:16:40.0937 3476 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:16:40.0953 3476 usbprint - ok
01:16:41.0000 3476 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:16:41.0000 3476 usbscan - ok
01:16:41.0046 3476 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:16:41.0062 3476 USBSTOR - ok
01:16:41.0109 3476 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:16:41.0109 3476 usbuhci - ok
01:16:41.0171 3476 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
01:16:41.0171 3476 VgaSave - ok
01:16:41.0187 3476 ViaIde - ok
01:16:41.0234 3476 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
01:16:41.0250 3476 VolSnap - ok
01:16:41.0515 3476 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
01:16:41.0609 3476 VSS - ok
01:16:41.0687 3476 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
01:16:41.0750 3476 W32Time - ok
01:16:41.0796 3476 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:16:41.0812 3476 Wanarp - ok
01:16:42.0015 3476 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
01:16:42.0156 3476 Wdf01000 - ok
01:16:42.0187 3476 WDICA - ok
01:16:42.0281 3476 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
01:16:42.0390 3476 wdmaud - ok
01:16:42.0562 3476 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
01:16:42.0578 3476 WebClient - ok
01:16:42.0734 3476 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
01:16:42.0781 3476 winmgmt - ok
01:16:42.0859 3476 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
01:16:42.0875 3476 WmdmPmSN - ok
01:16:43.0125 3476 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
01:16:43.0437 3476 Wmi - ok
01:16:43.0562 3476 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
01:16:43.0609 3476 WmiApSrv - ok
01:16:44.0078 3476 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
01:16:44.0500 3476 WMPNetworkSvc - ok
01:16:44.0593 3476 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
01:16:44.0609 3476 WpdUsb - ok
01:16:45.0078 3476 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:16:45.0312 3476 WPFFontCache_v0400 - ok
01:16:45.0500 3476 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
01:16:45.0500 3476 WS2IFSL - ok
01:16:45.0593 3476 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
01:16:45.0625 3476 wscsvc - ok
01:16:45.0671 3476 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
01:16:45.0687 3476 WSTCODEC - ok
01:16:45.0734 3476 wuauserv (d29ad7484b98279ed21877de051a180f) C:\WINDOWS\system32\wuauserv.dll
01:16:45.0734 3476 wuauserv - ok
01:16:45.0828 3476 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:16:45.0843 3476 WudfPf - ok
01:16:45.0890 3476 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:16:45.0921 3476 WudfRd - ok
01:16:45.0984 3476 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
01:16:46.0000 3476 WudfSvc - ok
01:16:46.0218 3476 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
01:16:46.0671 3476 WZCSVC - ok
01:16:46.0765 3476 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
01:16:46.0796 3476 xmlprov - ok
01:16:46.0812 3476 ypcservice - ok
01:16:46.0875 3476 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
01:16:47.0109 3476 \Device\Harddisk0\DR0 - ok
01:16:47.0125 3476 Boot (0x1200) (f79e3b324b00ecdc71ae8bbc2b913863) \Device\Harddisk0\DR0\Partition0
01:16:47.0125 3476 \Device\Harddisk0\DR0\Partition0 - ok
01:16:47.0171 3476 Boot (0x1200) (d5b0d6fef3a065889a5ac3206503964a) \Device\Harddisk0\DR0\Partition1
01:16:47.0171 3476 \Device\Harddisk0\DR0\Partition1 - ok
01:16:47.0171 3476 ============================================================
01:16:47.0171 3476 Scan finished
01:16:47.0171 3476 ============================================================
01:16:47.0203 2196 Detected object count: 0
01:16:47.0203 2196 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-03 01:18:18
-----------------------------
01:18:18.375 OS Version: Windows 5.1.2600 Service Pack 3
01:18:18.375 Number of processors: 1 586 0x209
01:18:18.375 ComputerName: SHERIS UserName: Doug
01:18:20.250 Initialize success
01:20:11.906 AVAST engine defs: 12050201
01:20:19.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
01:20:19.640 Disk 0 Vendor: ST380020A 5.46 Size: 76319MB BusType: 3
01:20:19.640 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-1b
01:20:19.640 Disk 1 Vendor: IOMEGA_ZIP_250 42.S Size: 76319MB BusType: 2
01:20:19.703 Disk 0 MBR read successfully
01:20:19.703 Disk 0 MBR scan
01:20:19.906 Disk 0 Windows XP default MBR code
01:20:19.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38161 MB offset 63
01:20:19.937 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 38154 MB offset 78155280
01:20:19.953 Disk 0 scanning sectors +156295440
01:20:20.093 Disk 0 scanning C:\WINDOWS\system32\drivers
01:20:45.281 Service scanning
01:21:59.421 Modules scanning
01:23:00.953 Disk 0 trace - called modules:
01:23:00.984 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
01:23:00.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85735030]
01:23:00.984 3 CLASSPNP.SYS[f765ffd7] -> nt!IofCallDriver -> \Device\0000006a[0x85737f18]
01:23:01.000 5 ACPI.sys[f75b6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85785b58]
01:23:04.265 AVAST engine scan C:\WINDOWS
01:23:15.484 AVAST engine scan C:\WINDOWS\system32
01:28:51.828 File: C:\WINDOWS\system32\WmdmPv32.dll **INFECTED** Win32:Zbot-OEO [Trj]
01:29:10.093 File: C:\WINDOWS\system32\wscsvv32.dll **INFECTED** Win32:Zbot-OEO [Trj]
01:33:46.921 AVAST engine scan C:\WINDOWS\system32\drivers
01:34:14.218 AVAST engine scan E:\Documents and Settings\Doug
01:42:39.484 File: E:\Documents and Settings\Doug\Local Settings\Application Data\MSoft\VerCheck\VerCheck.exe **INFECTED** MSIL:Adware-A [Adw]
01:46:43.765 AVAST engine scan E:\Documents and Settings\All Users
01:48:33.015 Scan finished successfully
01:54:50.953 Disk 0 MBR has been saved successfully to "E:\Documents and Settings\Doug\Desktop\MBR.dat"
01:54:50.953 The log file has been saved successfully to "E:\Documents and Settings\Doug\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 PM

Posted 03 May 2012 - 03:21 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\WINDOWS\system32\WmdmPv32.dll
C:\WINDOWS\system32\wscsvv32.dll

FireFox::
FF - ProfilePath - e:\documents and settings\Doug\Application Data\Mozilla\Firefox\Profiles\2prmaiqx.default\
FF - prefs.js: keyword.URL - hxxp://search.momentlook.com/?sid=10101074100&s=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51717
FF - prefs.js: network.proxy.type - 1
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.momentlook.com/?sid=10101074100&s=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 sherigo

sherigo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 03 May 2012 - 12:00 PM

Ran this in safe mode again to get it to work

ComboFix 12-05-03.01 - Doug 05/03/2012 9:51.6.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.495.283 [GMT -6:00]
Running from: e:\documents and settings\Doug\My Documents\Downloads\ComboFix.exe
Command switches used :: e:\documents and settings\Doug\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\WmdmPv32.dll"
"c:\windows\system32\wscsvv32.dll"
.
.
((((((((((((((((((((((((( Files Created from 2012-04-03 to 2012-05-03 )))))))))))))))))))))))))))))))
.
.
2012-05-02 18:01 . 2012-05-02 18:01 -------- d-----w- e:\documents and settings\All Users\Application Data\Citrix
2012-05-02 17:59 . 2012-05-02 17:59 -------- d-----w- c:\program files\Common Files\Citrix
2012-04-30 23:09 . 2012-04-30 23:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-29 22:43 . 2012-04-29 22:58 -------- d-----w- c:\program files\Webroot
2012-04-29 22:15 . 2012-04-30 20:10 -------- d-----w- e:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-04-27 12:29 . 2012-04-27 12:29 -------- d-----w- e:\documents and settings\NetworkService.NT AUTHORITY.011\Local Settings\Application Data\Adobe
2012-04-27 12:29 . 2012-04-27 12:29 -------- d-----w- e:\documents and settings\NetworkService.NT AUTHORITY.011\Local Settings\Application Data\Temp
2012-04-27 00:31 . 2012-04-27 00:31 -------- d-sh--w- e:\documents and settings\NetworkService.NT AUTHORITY.011\PrivacIE
2012-04-27 00:31 . 2012-04-27 00:31 -------- d-----w- e:\documents and settings\NetworkService.NT AUTHORITY.011\Local Settings\Application Data\Citrix
2012-04-27 00:31 . 2012-04-27 00:31 -------- d-----w- e:\documents and settings\NetworkService.NT AUTHORITY.011\Application Data\ICAClient
2012-04-25 05:26 . 2012-04-25 05:26 57344 ----a-w- c:\windows\system32\wscsvv32.dll
2012-04-25 03:26 . 2012-04-25 03:26 57344 ----a-w- c:\windows\system32\WmdmPv32.dll
2012-04-23 19:32 . 2012-04-23 19:32 -------- d-----w- e:\documents and settings\Doug\Local Settings\Application Data\MSoft
2012-04-14 12:20 . 2012-04-14 12:20 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-06 01:57 . 2012-04-06 01:57 -------- d-----w- c:\program files\PIXELA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-30 23:12 . 2009-03-27 13:24 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-04-14 12:20 . 2012-03-31 22:09 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 12:20 . 2011-09-23 20:53 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2008-04-14 11:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:01 . 2008-04-14 11:42 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 11:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2008-04-14 11:42 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 11:41 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 06:07 385024 ----a-w- c:\windows\system32\html.iec
2012-02-07 17:02 . 2012-02-07 17:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-01-17 23:39 . 2010-01-17 23:39 457 -c--a-w- c:\program files\0117201016392298.bat
2010-01-15 02:49 . 2010-01-15 02:49 470 -c--a-w- c:\program files\0114201019494070.bat
2010-01-15 01:35 . 2010-01-15 01:35 454 -c--a-w- c:\program files\0114201018352142.bat
2005-09-15 08:01 . 2009-05-30 02:41 724992 -c--a-w- c:\program files\VoiceExplorer.exe
2011-08-11 18:18 . 2011-08-11 18:18 128960 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2011-08-11 05:16 . 2011-08-11 05:16 96192 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2011-08-11 18:18 . 2011-08-11 18:18 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2011-08-11 18:18 . 2011-08-11 18:18 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2011-08-11 18:18 . 2011-08-11 18:18 370624 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2011-08-11 18:18 . 2011-08-11 18:18 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2011-08-11 18:18 . 2011-08-11 18:18 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2011-08-11 05:18 . 2011-08-11 05:18 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2011-08-11 05:16 . 2011-08-11 05:16 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-02_16.47.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-11 05:20 . 2011-08-11 05:20 66776 c:\windows\system32\drivers\ctxusbm.sys
+ 2012-05-02 18:01 . 2012-05-02 18:01 77824 c:\windows\Installer\{AE2E0F4A-E08F-4A15-B4DC-D8FC9CEFF9C7}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
+ 2012-05-02 18:02 . 2012-05-02 18:02 139264 c:\windows\Installer\387e13.msi
+ 2012-05-02 18:02 . 2012-05-02 18:02 282624 c:\windows\Installer\387e0d.msi
+ 2012-05-02 18:02 . 2012-05-02 18:02 192000 c:\windows\Installer\387e07.msi
+ 2012-05-02 18:02 . 2012-05-02 18:02 517120 c:\windows\Installer\387e01.msi
+ 2012-05-02 18:01 . 2012-05-02 18:01 1448448 c:\windows\Installer\387dfb.msi
+ 2012-05-02 17:59 . 2012-05-02 17:59 1277952 c:\windows\Installer\387df3.msi
+ 2011-12-26 15:02 . 2011-12-26 15:02 19677184 c:\windows\Installer\1b99067.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\redirector.exe" [2011-08-11 128960]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-04-27 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Citrix\ICACLI~1\RSHook.dll
.
[HKLM\~\startupfolder\E:^Documents and Settings^Doug^Start Menu^Programs^Startup^Trillian.lnk]
path=e:\documents and settings\Doug\Start Menu\Programs\Startup\Trillian.lnk
backup=c:\windows\pss\Trillian.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 11:42 15360 -c----w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2011-07-27 11:13 434080 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 00:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Documents and Settings\\Doug\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-11 66776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2012-04-27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2012-04-27 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-04-27 116608]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 135664]
R2 NEC Usb3;NEC USB3 Service;c:\windows\System32\svchost.exe [2008-04-14 14336]
R2 Wmipsg;Wmipsg;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NECUsb3s REG_MULTI_SZ NEC Usb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NWUSBModem
LVCap138
ypcservice
Wmipsg
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 12:20]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 15:47]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 15:47]
.
2012-05-03 c:\windows\Tasks\HP Usg Daily FY04.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2009-03-28 04:54]
.
2012-05-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-688789844-1417001333-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
.
2012-05-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-688789844-1417001333-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
.
2012-05-03 c:\windows\Tasks\User_Feed_Synchronization-{22F5C556-B068-460D-87C3-9DEDE6F1A5FC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
FF - ProfilePath - e:\documents and settings\Doug\Application Data\Mozilla\Firefox\Profiles\2prmaiqx.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-03 10:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,fc,db,3c,96,eb,10,46,bc,69,95,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,fc,db,3c,96,eb,10,46,bc,69,95,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(232)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1624)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
Completion time: 2012-05-03 10:20:03
ComboFix-quarantined-files.txt 2012-05-03 16:20
ComboFix2.txt 2012-05-02 17:07
.
Pre-Run: 11,862,986,752 bytes free
Post-Run: 11,849,805,824 bytes free
.
- - End Of File - - DC3225B59D767639B872789A5B1BBAB9

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 PM

Posted 03 May 2012 - 12:57 PM

How are things running at this time?
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 sherigo

sherigo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 03 May 2012 - 01:01 PM

Faster than they were.. still a little bit slower when opening up a browser, but nothing like it was before.. No more Redirecting ;)

Thank you for all your help.. Is this able to stay open for a few days, so I can make a donation to you on my payday ?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 PM

Posted 03 May 2012 - 01:33 PM

Hello

glad things are better - we are not done yet just wanted to know where we stood


Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.1.2
Java™ 6 Update 15
Yontoo Layers Client 1.10.01
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 sherigo

sherigo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 03 May 2012 - 03:28 PM

Looks like one of the original symptoms have come back.. Sometimes I have to reboot a couple times to be able to type.. ALmost like my keyboard is getting disabled..


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.03.06

Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 8.0.6001.18702
Doug :: SHERIS [administrator]

5/3/2012 1:49:07 PM
mbam-log-2012-05-03 (13-49-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 521884
Time elapsed: 17 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:12:56 PM, on 5/3/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Citrix\ICA Client\redirector.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: CtxIEInterceptorBHO - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files\Citrix\ICA Client\IEInterceptor.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\redirector.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5962 bytes




Things are extremely slow right now.. windows slowly tile open and tile closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users