Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.Agent.LTGen


  • This topic is locked This topic is locked
19 replies to this topic

#1 TylerS19

TylerS19

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 09 May 2012 - 02:35 PM

Computer became infected so I posted a topic here: http://www.bleepingcomputer.com/forums/topic452011.html. Essentially I went to a site and while Malwarebytes popped up it seems something got through as I began to have a "Run as" popup jump onto my screen every once in a while - I was able to boot up into safe mode (though this was difficult as the computer keeps rebooting after a couple of minutes in safe mode; I overcame this through opening the task manager and keeping it on) and ran MBAM's quick scan which found a removed Trojan.Agent.LTGen

The "Run as" popup asks how I want to run the program (as admin or not) and provides no details as to what program it is. I also had an issue with Google redirecting me to Google ad pages.

After the aforementioned postings I was advised to follow the steps and post the required information here. All is pasted and/or attached.

DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_30
Run by Tyler at 22:34:40 on 2012-05-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.736 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\lxedcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\acquia-drupal\xmail\XMail.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark S600 Series\lxedmon.exe
C:\Program Files\Lexmark S600 Series\ezprint.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Tyler\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/welcome/thinkpad
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
uRun: [GBMLite8AgentLaCie] c:\program files\genie-soft\gbalite8lacie\GBMAgent.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\tyler\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [QQIntl] "c:\program files\tencent\qqintl\bin\QQ.exe" /background
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [GBMLite8AgentLaCie] c:\program files\genie-soft\gbalite8lacie\GBMAgent.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [lxedmon.exe] "c:\program files\lexmark s600 series\lxedmon.exe"
mRun: [EzPrint] "c:\program files\lexmark s600 series\ezprint.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [KeyScrambler] c:\program files\keyscrambler\getting_started.html
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.70.1193.0
StartupFolder: c:\docume~1\tyler\startm~1\programs\startup\autoru~1\micros~1.lnk - c:\program files\microsoft office\office12\GROOVE.EXE
StartupFolder: c:\docume~1\tyler\startm~1\programs\startup\autoru~1\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 64.71.255.198
TCP: Interfaces\{9A187E78-728A-4012-80B0-1ECC6847249D} : DhcpNameServer = 64.71.255.198
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: psfus - psqlpwd.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tyler\application data\mozilla\firefox\profiles\868np364.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en&tab=ww
FF - component: c:\documents and settings\tyler\application data\mozilla\firefox\profiles\868np364.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\tyler\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\tyler\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\tyler\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPInfotl.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-18 64512]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-20 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-20 27784]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-20 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
R2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe -service --> c:\windows\system32\lxedcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-2 654408]
R2 OS Selector;Acronis OS Selector activator;c:\program files\acronis\diskdirector\oss\reinstall_svc.exe [2010-5-25 2139400]
R2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
R2 smihlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2006-4-25 3456]
R2 XMail;XMail Server;c:\program files\acquia-drupal\xmail\XMail.exe [2012-1-22 397824]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-7-24 115312]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-2 22344]
S2 gupdate1c9e89826ac7d22;Google Update Service (gupdate1c9e89826ac7d22);c:\program files\google\update\GoogleUpdate.exe [2009-6-8 133104]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-1-8 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-1-8 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-8 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 129976]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
.
=============== File Associations ===============
.
chm.file="hh.exe" %1
txtfile=c:\windows\notepad.exe %1
.
=============== Created Last 30 ================
.
2012-05-03 20:02:49 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-03 20:02:35 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-03 20:02:35 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-30 22:06:48 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-28 16:12:26 -------- d-----w- c:\program files\SpywareBlaster
2012-04-25 15:49:29 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-04-19 15:35:38 -------- d-----w- C:\VMS
2012-04-11 03:17:47 -------- d-----w- c:\program files\Lame For Audacity
2012-04-10 00:31:02 -------- d-----w- c:\program files\Ffmpeg For Audacity
.
==================== Find3M ====================
.
2012-10-10 18:25:56 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2012-05-08 02:21:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 22:36:12.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 09 May 2012 - 11:39 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 TylerS19

TylerS19
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 11 May 2012 - 09:02 PM

Hey Gringo, thanks for the quick reply!

Documents pasted as requested:

Checkup.txt

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

AVG Free 8.5
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
SpywareBlaster 4.6
CCleaner
Java DB 10.5.3.0
Java™ 6 Update 30
Java™ SE Development Kit 6 Update 21
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0.)
Mozilla Thunderbird (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbamservice.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
``````````End of Log````````````


log.txt from Combofix

ComboFix 12-05-11.03 - Tyler 11/05/2012 21:09:02.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1022 [GMT -4:00]
Running from: c:\documents and settings\Tyler\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\shs_setup_4059-354328.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Tyler\WINDOWS
c:\windows\system32\SET2053.tmp
c:\windows\system32\SET2058.tmp
c:\windows\system32\SET205F.tmp
c:\windows\system32\SET2068.tmp
c:\windows\system32\SET2069.tmp
c:\windows\system32\SET206A.tmp
c:\windows\system32\SET206D.tmp
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
c:\windows\system32\vrlogon.dll
c:\windows\TEMP\logishrd\LVPrcInj03.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-03 20:02 . 2012-05-03 20:02 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-03 20:02 . 2012-05-03 20:02 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-03 20:02 . 2012-05-03 20:02 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-30 22:06 . 2012-05-08 02:21 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-28 16:12 . 2012-04-28 16:28 -------- d-----w- c:\program files\SpywareBlaster
2012-04-25 15:49 . 2011-11-24 03:34 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-04-19 15:35 . 2012-04-19 18:00 -------- d-----w- C:\VMS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 18:25 . 2008-04-29 17:36 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2012-05-08 02:21 . 2011-11-23 19:50 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2010-07-02 17:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-05-03 20:02 . 2011-05-09 11:58 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056]
"QQIntl"="c:\program files\Tencent\QQIntl\Bin\QQ.exe" [2012-01-24 144760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
"TpShocks"="TpShocks.exe" [2006-03-16 106496]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-02 185872]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-17 2042208]
"GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"lxedmon.exe"="c:\program files\Lexmark S600 Series\lxedmon.exe" [2011-01-23 770728]
"EzPrint"="c:\program files\Lexmark S600 Series\ezprint.exe" [2011-01-23 148280]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KeyScrambler"="c:\program files\KeyScrambler\getting_started.html" [X]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2008-07-26 439568]
.
c:\documents and settings\Tyler\Start Menu\Programs\Startup\AutorunsDisabled
Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2011-1-12 337264]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-17 113664]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-5-31 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-29 24576]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2012-1-22 66864]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-10-24 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 19:17 11952 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 02:20 40448 ------w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ------w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ------w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-04-29 17:15 189952 -c----w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2006-03-15 23:07 421888 -c----w- c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\POWERPNT.EXE"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/10/2010 1:05 PM 64512]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/01/2009 3:03 PM 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/01/2009 3:02 PM 297752]
R2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe -service --> c:\windows\system32\lxedcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [02/07/2010 1:24 PM 654408]
R2 OS Selector;Acronis OS Selector activator;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [25/05/2010 7:53 PM 2139400]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [13/03/2006 7:05 PM 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [14/07/2006 6:55 PM 3968]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [25/04/2006 10:00 PM 3456]
R2 XMail;XMail Server;c:\program files\acquia-drupal\xmail\XMail.exe [22/01/2012 11:44 PM 397824]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [24/07/2010 4:10 PM 115312]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 8:11 AM 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 8:11 AM 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 8:11 AM 12928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [02/07/2010 1:24 PM 22344]
S2 gupdate1c9e89826ac7d22;Google Update Service (gupdate1c9e89826ac7d22);c:\program files\Google\Update\GoogleUpdate.exe [08/06/2009 8:20 PM 133104]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [08/01/2011 10:50 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [08/01/2011 10:50 PM 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [08/06/2009 8:20 PM 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/11/2011 1:06 PM 2152688]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [03/11/2011 1:06 PM 15232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [03/05/2012 4:02 PM 129976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 23:50]
.
2012-05-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-09 00:20]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-09 00:20]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-946952493-1249314289-2389365056-1005Core.job
- c:\documents and settings\Tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-19 21:03]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-946952493-1249314289-2389365056-1005UA.job
- c:\documents and settings\Tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-19 21:03]
.
2012-05-12 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-04-29 16:13]
.
2008-07-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2008-04-29 00:32]
.
2012-05-12 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 02:18]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/welcome/thinkpad
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 64.71.255.198
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\868np364.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en&tab=ww
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam10\QuickCam10.exe
AddRemove-SysVer - c:\documents and settings\Tyler\Local Settings\Application Data\MSRebar\SysVer\SysVer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-11 21:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1932)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
c:\windows\system32\PROCHLP.DLL
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
.
- - - - - - - > 'lsass.exe'(1988)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
.
- - - - - - - > 'explorer.exe'(6280)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\PROCHLP.DLL
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\lxedcoms.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Lenovo\Client Security Solution\tvtpwm_tray.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2012-05-11 21:55:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-12 01:55
ComboFix2.txt 2010-07-24 00:27
.
Pre-Run: 14,621,876,224 bytes free
Post-Run: 14,926,462,976 bytes free
.
- - End Of File - - CC92C1639D254143A860F53EE617DFFA

General Running

I am now receiving a log error whenever I hit ctrl in notepad (was going to ctrl-c to copy):

Title: log.txt - Notepad: notepad.exe - Unable to Locate Component
Body: This application has failed to start because tvt_banner.dll was not found. Re-installing the application may fix this problem.

After running a GMER scan (as requested in my earlier post) the computer was incredibly slow (too slow to even play audio through itunes as it would stutter), it seems to be better after having run combofix though.

Thanks again!

Tyler

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 11 May 2012 - 09:09 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 TylerS19

TylerS19
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 13 May 2012 - 07:37 PM

I was able to run TDSS fine, but when I ran aswMBR the system froze when it was saving the log, not sure if it's saved anywhere; I'll attempt to run it again. Windows decided to install 69 updates, which took some time. Computer is still quite slow, same problem when running video/audio (video seems to work better, actually) as it's still choppy.

Pasted is the TDSS log:

17:00:26.0166 4996 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
17:00:26.0791 4996 ============================================================
17:00:26.0791 4996 Current date / time: 2012/05/12 17:00:26.0791
17:00:26.0791 4996 SystemInfo:
17:00:26.0791 4996
17:00:26.0791 4996 OS Version: 5.1.2600 ServicePack: 3.0
17:00:26.0791 4996 Product type: Workstation
17:00:26.0791 4996 ComputerName: LENOVO-64B6E920
17:00:26.0807 4996 UserName: Tyler
17:00:26.0807 4996 Windows directory: C:\WINDOWS
17:00:26.0807 4996 System windows directory: C:\WINDOWS
17:00:26.0807 4996 Processor architecture: Intel x86
17:00:26.0807 4996 Number of processors: 2
17:00:26.0807 4996 Page size: 0x1000
17:00:26.0807 4996 Boot type: Normal boot
17:00:26.0807 4996 ============================================================
17:00:31.0494 4996 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
17:00:31.0525 4996 ============================================================
17:00:31.0525 4996 \Device\Harddisk0\DR0:
17:00:31.0525 4996 MBR partitions:
17:00:31.0541 4996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAA106E1
17:00:31.0541 4996 ============================================================
17:00:31.0635 4996 C: <-> \Device\Harddisk0\DR0\Partition0
17:00:31.0635 4996 ============================================================
17:00:31.0635 4996 Initialize success
17:00:31.0635 4996 ============================================================
17:00:48.0041 1660 ============================================================
17:00:48.0041 1660 Scan started
17:00:48.0041 1660 Mode: Manual;
17:00:48.0041 1660 ============================================================
17:00:48.0947 1660 Abiosdsk - ok
17:00:48.0979 1660 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:00:49.0025 1660 abp480n5 - ok
17:00:49.0104 1660 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
17:00:49.0197 1660 ac97intc - ok
17:00:49.0369 1660 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:00:49.0494 1660 ACPI - ok
17:00:49.0510 1660 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:00:49.0557 1660 ACPIEC - ok
17:00:49.0775 1660 AcPrfMgrSvc (f8c80392fe8e82a6f18a4d9af8e57f88) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
17:00:49.0791 1660 AcPrfMgrSvc - ok
17:00:49.0947 1660 AcSvc (0a5201cb7e5e65a340ee1348532aa454) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
17:00:50.0057 1660 AcSvc - ok
17:00:50.0197 1660 ADIHdAudAddService (66614b9fdc7e74ab736a84d89f7b06b6) C:\WINDOWS\system32\drivers\ADIHdAud.sys
17:00:50.0322 1660 ADIHdAudAddService - ok
17:00:50.0432 1660 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
17:00:50.0494 1660 Adobe LM Service - ok
17:00:50.0588 1660 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:00:50.0682 1660 adpu160m - ok
17:00:50.0760 1660 AEAudioService (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys
17:00:50.0838 1660 AEAudioService - ok
17:00:50.0979 1660 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:00:51.0072 1660 aec - ok
17:00:51.0150 1660 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:00:51.0182 1660 AegisP - ok
17:00:51.0307 1660 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
17:00:51.0416 1660 AFD - ok
17:00:51.0463 1660 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:00:51.0510 1660 agp440 - ok
17:00:51.0557 1660 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:00:51.0604 1660 agpCPQ - ok
17:00:51.0650 1660 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:00:51.0682 1660 Aha154x - ok
17:00:51.0744 1660 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:00:51.0791 1660 aic78u2 - ok
17:00:51.0838 1660 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:00:51.0900 1660 aic78xx - ok
17:00:51.0947 1660 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:00:52.0010 1660 Alerter - ok
17:00:52.0072 1660 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:00:52.0088 1660 ALG - ok
17:00:52.0119 1660 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:00:52.0150 1660 AliIde - ok
17:00:52.0213 1660 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:00:52.0260 1660 alim1541 - ok
17:00:52.0307 1660 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:00:52.0400 1660 amdagp - ok
17:00:52.0447 1660 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:00:52.0479 1660 amsint - ok
17:00:52.0525 1660 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
17:00:52.0557 1660 ANC - ok
17:00:52.0697 1660 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:00:52.0729 1660 Apple Mobile Device - ok
17:00:52.0900 1660 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:00:53.0057 1660 AppMgmt - ok
17:00:53.0104 1660 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:00:53.0135 1660 asc - ok
17:00:53.0166 1660 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:00:53.0197 1660 asc3350p - ok
17:00:53.0229 1660 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:00:53.0260 1660 asc3550 - ok
17:00:53.0479 1660 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:00:53.0572 1660 aspnet_state - ok
17:00:53.0619 1660 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:00:53.0635 1660 AsyncMac - ok
17:00:53.0760 1660 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:00:53.0760 1660 atapi - ok
17:00:53.0775 1660 Atdisk - ok
17:00:54.0150 1660 Ati HotKey Poller (eedac720ac52a12edbe1d1f9933b59e7) C:\WINDOWS\system32\Ati2evxx.exe
17:00:54.0416 1660 Ati HotKey Poller - ok
17:00:55.0666 1660 ati2mtag (e150424208c8a91deed8c45019a6cdd2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:00:56.0791 1660 ati2mtag - ok
17:00:57.0510 1660 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:00:57.0572 1660 Atmarpc - ok
17:00:57.0619 1660 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
17:00:57.0650 1660 atmeltpm - ok
17:00:57.0744 1660 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:00:57.0775 1660 AudioSrv - ok
17:00:57.0807 1660 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:00:57.0822 1660 audstub - ok
17:00:58.0182 1660 avg8wd (db338a6bd3976904eb0f8343f51e64eb) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
17:00:58.0369 1660 avg8wd - ok
17:00:58.0650 1660 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
17:00:58.0885 1660 AvgLdx86 - ok
17:00:58.0916 1660 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
17:00:58.0963 1660 AvgMfx86 - ok
17:00:58.0994 1660 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:00:59.0010 1660 Beep - ok
17:00:59.0369 1660 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:00:59.0729 1660 BITS - ok
17:01:00.0104 1660 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:01:00.0338 1660 Bonjour Service - ok
17:01:00.0494 1660 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:01:00.0541 1660 Browser - ok
17:01:01.0275 1660 BTKRNL (dbd408226b00c20158864f30a5a84451) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
17:01:01.0916 1660 BTKRNL - ok
17:01:02.0307 1660 btwdins (cb2a3bae9aad6b42f7b6473363bbc168) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
17:01:02.0510 1660 btwdins - ok
17:01:02.0619 1660 BTWUSB (7cd8e4303fda5b11da325340778d99d9) C:\WINDOWS\system32\Drivers\btwusb.sys
17:01:02.0697 1660 BTWUSB - ok
17:01:02.0744 1660 catchme - ok
17:01:02.0822 1660 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:01:02.0838 1660 cbidf - ok
17:01:02.0854 1660 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:01:02.0854 1660 cbidf2k - ok
17:01:02.0979 1660 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:01:03.0010 1660 CCDECODE - ok
17:01:03.0041 1660 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:01:03.0057 1660 cd20xrnt - ok
17:01:03.0119 1660 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:01:03.0166 1660 Cdaudio - ok
17:01:03.0229 1660 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:01:03.0275 1660 Cdfs - ok
17:01:03.0354 1660 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:01:03.0400 1660 Cdrom - ok
17:01:03.0416 1660 Changer - ok
17:01:03.0463 1660 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:01:03.0479 1660 CiSvc - ok
17:01:03.0541 1660 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:01:03.0635 1660 ClipSrv - ok
17:01:03.0838 1660 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:01:03.0916 1660 clr_optimization_v2.0.50727_32 - ok
17:01:03.0947 1660 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:01:03.0979 1660 CmBatt - ok
17:01:04.0025 1660 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:01:04.0041 1660 CmdIde - ok
17:01:04.0088 1660 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:01:04.0119 1660 Compbatt - ok
17:01:04.0119 1660 COMSysApp - ok
17:01:04.0166 1660 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:01:04.0197 1660 Cpqarray - ok
17:01:04.0275 1660 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:01:04.0322 1660 CryptSvc - ok
17:01:04.0369 1660 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
17:01:04.0385 1660 CVirtA - ok
17:01:05.0932 1660 CVPND (08d8fa119f2ad6ac0377fb667523482e) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
17:01:07.0307 1660 CVPND - ok
17:01:09.0182 1660 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
17:01:09.0541 1660 CVPNDRVA - ok
17:01:10.0104 1660 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:01:10.0275 1660 dac2w2k - ok
17:01:10.0307 1660 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:01:10.0369 1660 dac960nt - ok
17:01:10.0963 1660 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:01:11.0338 1660 DcomLaunch - ok
17:01:11.0541 1660 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:01:11.0635 1660 Dhcp - ok
17:01:11.0729 1660 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:01:11.0775 1660 Disk - ok
17:01:12.0775 1660 Diskeeper (0711d2e0f17b31e537b2770a618da41f) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
17:01:13.0244 1660 Diskeeper - ok
17:01:13.0510 1660 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
17:01:13.0557 1660 DLABOIOM - ok
17:01:13.0697 1660 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
17:01:13.0744 1660 DLACDBHM - ok
17:01:13.0838 1660 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS
17:01:13.0885 1660 DLADResN - ok
17:01:14.0525 1660 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
17:01:14.0697 1660 DLAIFS_M - ok
17:01:14.0791 1660 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
17:01:14.0885 1660 DLAOPIOM - ok
17:01:15.0010 1660 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
17:01:15.0041 1660 DLAPoolM - ok
17:01:15.0182 1660 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
17:01:15.0244 1660 DLARTL_N - ok
17:01:15.0869 1660 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
17:01:16.0041 1660 DLAUDFAM - ok
17:01:16.0447 1660 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
17:01:16.0682 1660 DLAUDF_M - ok
17:01:16.0682 1660 dmadmin - ok
17:01:22.0979 1660 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:01:24.0119 1660 dmboot - ok
17:01:25.0150 1660 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:01:25.0338 1660 dmio - ok
17:01:25.0416 1660 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:01:25.0463 1660 dmload - ok
17:01:25.0729 1660 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:01:25.0760 1660 dmserver - ok
17:01:26.0057 1660 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:01:26.0166 1660 DMusic - ok
17:01:27.0088 1660 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
17:01:27.0307 1660 DNE - ok
17:01:27.0525 1660 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
17:01:27.0557 1660 Dnscache - ok
17:01:28.0463 1660 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:01:28.0697 1660 Dot3svc - ok
17:01:28.0916 1660 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:01:28.0979 1660 dpti2o - ok
17:01:29.0057 1660 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:01:29.0072 1660 drmkaud - ok
17:01:29.0822 1660 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
17:01:29.0947 1660 DRVMCDB - ok
17:01:30.0150 1660 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
17:01:30.0197 1660 DRVNDDM - ok
17:01:31.0119 1660 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:01:31.0275 1660 E100B - ok
17:01:32.0447 1660 e1express (00560c3fedf8958fcdc7c68b7906f66f) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
17:01:32.0666 1660 e1express - ok
17:01:33.0072 1660 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:01:33.0244 1660 EapHost - ok
17:01:33.0354 1660 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
17:01:33.0432 1660 EGATHDRV - ok
17:01:33.0557 1660 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
17:01:33.0604 1660 epmntdrv - ok
17:01:33.0979 1660 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:01:34.0057 1660 ERSvc - ok
17:01:34.0088 1660 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
17:01:34.0119 1660 EuGdiDrv - ok
17:01:34.0494 1660 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:01:34.0572 1660 Eventlog - ok
17:01:35.0854 1660 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:01:36.0166 1660 EventSystem - ok
17:01:38.0432 1660 EvtEng (6a197698a141ffe7651b962ae3172008) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
17:01:39.0041 1660 EvtEng - ok
17:01:39.0463 1660 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:01:39.0604 1660 Fastfat - ok
17:01:39.0963 1660 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:01:40.0072 1660 FastUserSwitchingCompatibility - ok
17:01:40.0119 1660 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:01:40.0150 1660 Fdc - ok
17:01:40.0213 1660 FilterService (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
17:01:40.0244 1660 FilterService - ok
17:01:40.0322 1660 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:01:40.0369 1660 Fips - ok
17:01:41.0072 1660 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:01:41.0604 1660 FLEXnet Licensing Service - ok
17:01:41.0775 1660 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:01:41.0807 1660 Flpydisk - ok
17:01:41.0994 1660 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:01:42.0119 1660 FltMgr - ok
17:01:42.0244 1660 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:01:42.0307 1660 FontCache3.0.0.0 - ok
17:01:42.0354 1660 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:01:42.0369 1660 Fs_Rec - ok
17:01:42.0494 1660 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:01:42.0619 1660 Ftdisk - ok
17:01:42.0979 1660 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:01:43.0072 1660 GEARAspiWDM - ok
17:01:43.0666 1660 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:01:43.0760 1660 Gpc - ok
17:01:43.0807 1660 gupdate1c9e89826ac7d22 - ok
17:01:43.0822 1660 gupdatem - ok
17:01:44.0291 1660 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
17:01:44.0822 1660 Hardlock - ok
17:01:44.0885 1660 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
17:01:44.0932 1660 Haspnt - ok
17:01:45.0041 1660 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:01:45.0135 1660 HDAudBus - ok
17:01:45.0229 1660 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:01:45.0244 1660 helpsvc - ok
17:01:45.0260 1660 HidServ - ok
17:01:45.0291 1660 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:01:45.0322 1660 HidUsb - ok
17:01:45.0400 1660 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:01:45.0463 1660 hkmsvc - ok
17:01:45.0525 1660 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:01:45.0557 1660 hpn - ok
17:01:46.0307 1660 HSF_DPV (b1fc0b027df4374f9e5b796cfdf797b3) C:\WINDOWS\system32\DRIVERS\hsx_dpv.sys
17:01:46.0932 1660 HSF_DPV - ok
17:01:47.0119 1660 HSXHWAZL (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys
17:01:47.0260 1660 HSXHWAZL - ok
17:01:47.0510 1660 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:01:47.0729 1660 HTTP - ok
17:01:47.0760 1660 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:01:47.0822 1660 HTTPFilter - ok
17:01:47.0869 1660 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:01:47.0900 1660 i2omgmt - ok
17:01:47.0916 1660 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:01:47.0947 1660 i2omp - ok
17:01:48.0025 1660 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:01:48.0072 1660 i8042prt - ok
17:01:48.0900 1660 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
17:01:49.0463 1660 iaStor - ok
17:01:49.0494 1660 IBMPMDRV (067a88764593b1f46a6cfb00c69c11eb) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
17:01:49.0525 1660 IBMPMDRV - ok
17:01:49.0604 1660 IBMPMSVC (21abd7e16659602723f984f512c65e02) C:\WINDOWS\system32\ibmpmsvc.exe
17:01:49.0666 1660 IBMPMSVC - ok
17:01:49.0713 1660 IBMTPCHK (bfc9f3adaad74e13f9ce16c8bd336f95) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
17:01:49.0729 1660 IBMTPCHK - ok
17:01:49.0932 1660 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:01:50.0041 1660 IDriverT - ok
17:01:51.0010 1660 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:01:51.0557 1660 idsvc - ok
17:01:51.0619 1660 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:01:51.0666 1660 Imapi - ok
17:01:51.0791 1660 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:01:52.0041 1660 ImapiService - ok
17:01:52.0088 1660 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:01:52.0119 1660 ini910u - ok
17:01:52.0166 1660 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:01:52.0182 1660 IntelIde - ok
17:01:52.0213 1660 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:01:52.0260 1660 intelppm - ok
17:01:52.0291 1660 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:01:52.0338 1660 Ip6Fw - ok
17:01:52.0369 1660 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:01:52.0416 1660 IpFilterDriver - ok
17:01:52.0432 1660 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:01:52.0463 1660 IpInIp - ok
17:01:52.0588 1660 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:01:52.0713 1660 IpNat - ok
17:01:53.0541 1660 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
17:01:54.0025 1660 iPod Service - ok
17:01:54.0104 1660 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:01:54.0166 1660 IPSec - ok
17:01:54.0260 1660 IPSSVC (4d1d3b3644737746fb98c4d272fb4a86) C:\WINDOWS\system32\IPSSVC.EXE
17:01:54.0307 1660 IPSSVC - ok
17:01:54.0416 1660 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
17:01:54.0494 1660 irda - ok
17:01:54.0510 1660 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:01:54.0541 1660 IRENUM - ok
17:01:54.0604 1660 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
17:01:54.0682 1660 Irmon - ok
17:01:54.0760 1660 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:01:54.0807 1660 isapnp - ok
17:01:55.0010 1660 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
17:01:55.0104 1660 JavaQuickStarterService - ok
17:01:55.0135 1660 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:01:55.0166 1660 Kbdclass - ok
17:01:55.0291 1660 KeyScrambler (83a174ac30d12186e5c2e56d362d3604) C:\WINDOWS\system32\drivers\keyscrambler.sys
17:01:55.0385 1660 KeyScrambler - ok
17:01:55.0525 1660 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:01:55.0635 1660 kmixer - ok
17:01:55.0822 1660 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:01:55.0916 1660 KSecDD - ok
17:01:56.0041 1660 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:01:56.0104 1660 lanmanserver - ok
17:01:56.0229 1660 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:01:56.0322 1660 lanmanworkstation - ok
17:01:58.0135 1660 Lavasoft Ad-Aware Service (93b3ef77866490c7daba054f6cbfcd51) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
17:01:59.0479 1660 Lavasoft Ad-Aware Service - ok
17:01:59.0588 1660 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
17:01:59.0619 1660 Lavasoft Kernexplorer - ok
17:02:00.0385 1660 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:02:00.0463 1660 Lbd - ok
17:02:00.0479 1660 lbrtfdc - ok
17:02:00.0807 1660 LexBceS (a5a631c38858bfdbe7f608b4486723e2) C:\WINDOWS\system32\LEXBCES.EXE
17:02:00.0979 1660 LexBceS - ok
17:02:01.0041 1660 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\WINDOWS\system32\DRIVERS\lgbtport.sys
17:02:01.0072 1660 LgBttPort - ok
17:02:01.0088 1660 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\WINDOWS\system32\DRIVERS\lgbtbus.sys
17:02:01.0119 1660 lgbusenum - ok
17:02:01.0150 1660 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\WINDOWS\system32\DRIVERS\lgvmodem.sys
17:02:01.0182 1660 LGVMODEM - ok
17:02:01.0229 1660 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:02:01.0244 1660 LmHosts - ok
17:02:01.0244 1660 LVcKap - ok
17:02:01.0479 1660 LVCOMSer (38440fe1a65b1fe3d246c5c4cad22f53) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
17:02:01.0588 1660 LVCOMSer - ok
17:02:01.0588 1660 LVMVDrv - ok
17:02:01.0635 1660 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
17:02:01.0713 1660 LVPr2Mon - ok
17:02:01.0932 1660 LVPrcSrv (28bd0e4b6c050b591b8cb35b9ad284e6) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
17:02:02.0010 1660 LVPrcSrv - ok
17:02:02.0510 1660 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
17:02:02.0900 1660 LVRS - ok
17:02:02.0963 1660 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
17:02:03.0010 1660 LVUSBSta - ok
17:02:06.0244 1660 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
17:02:09.0354 1660 LVUVC - ok
17:02:10.0135 1660 lxed_device - ok
17:02:10.0260 1660 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
17:02:10.0291 1660 MBAMProtector - ok
17:02:11.0025 1660 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:02:11.0525 1660 MBAMService - ok
17:02:11.0588 1660 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:02:11.0635 1660 mdmxsdk - ok
17:02:11.0682 1660 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:02:11.0791 1660 Messenger - ok
17:02:12.0354 1660 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:02:12.0479 1660 Microsoft Office Groove Audit Service - ok
17:02:12.0525 1660 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:02:12.0572 1660 mnmdd - ok
17:02:13.0010 1660 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:02:13.0057 1660 mnmsrvc - ok
17:02:13.0494 1660 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:02:13.0525 1660 Modem - ok
17:02:13.0900 1660 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:02:13.0994 1660 Mouclass - ok
17:02:14.0025 1660 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:02:14.0057 1660 mouhid - ok
17:02:14.0104 1660 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:02:14.0213 1660 MountMgr - ok
17:02:14.0682 1660 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:02:14.0838 1660 MozillaMaintenance - ok
17:02:14.0947 1660 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:02:14.0979 1660 mraid35x - ok
17:02:15.0260 1660 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:02:15.0369 1660 MRxDAV - ok
17:02:15.0838 1660 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:02:16.0229 1660 MRxSmb - ok
17:02:16.0275 1660 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:02:16.0400 1660 MSDTC - ok
17:02:16.0541 1660 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:02:16.0572 1660 Msfs - ok
17:02:16.0572 1660 MSIServer - ok
17:02:16.0604 1660 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:02:16.0635 1660 MSKSSRV - ok
17:02:16.0760 1660 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:02:16.0791 1660 MSPCLOCK - ok
17:02:16.0822 1660 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:02:16.0838 1660 MSPQM - ok
17:02:16.0932 1660 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:02:16.0963 1660 mssmbios - ok
17:02:16.0979 1660 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:02:16.0994 1660 MSTEE - ok
17:02:17.0619 1660 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
17:02:17.0744 1660 Mup - ok
17:02:18.0229 1660 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:02:18.0291 1660 NABTSFEC - ok
17:02:19.0994 1660 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:02:20.0229 1660 napagent - ok
17:02:21.0229 1660 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:02:21.0447 1660 NDIS - ok
17:02:21.0572 1660 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:02:21.0604 1660 NdisIP - ok
17:02:21.0619 1660 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:02:21.0650 1660 NdisTapi - ok
17:02:21.0822 1660 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:02:21.0854 1660 Ndisuio - ok
17:02:22.0072 1660 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:02:22.0166 1660 NdisWan - ok
17:02:22.0229 1660 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:02:22.0260 1660 NDProxy - ok
17:02:22.0338 1660 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:02:22.0385 1660 NetBIOS - ok
17:02:22.0557 1660 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:02:22.0682 1660 NetBT - ok
17:02:22.0994 1660 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:02:23.0119 1660 NetDDE - ok
17:02:23.0150 1660 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:02:23.0150 1660 NetDDEdsdm - ok
17:02:23.0244 1660 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:02:23.0275 1660 Netlogon - ok
17:02:23.0900 1660 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:02:24.0057 1660 Netman - ok
17:02:24.0369 1660 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:02:24.0479 1660 NetTcpPortSharing - ok
17:02:26.0135 1660 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
17:02:27.0463 1660 NETw3x32 - ok
17:02:28.0338 1660 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
17:02:28.0494 1660 Nla - ok
17:02:28.0635 1660 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files\CDBurnerXP\NMSAccessU.exe
17:02:28.0682 1660 NMSAccessU - ok
17:02:28.0916 1660 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:02:28.0947 1660 Npfs - ok
17:02:28.0994 1660 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
17:02:29.0025 1660 NSCIRDA - ok
17:02:29.0541 1660 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:02:30.0010 1660 Ntfs - ok
17:02:30.0057 1660 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:02:30.0057 1660 NtLmSsp - ok
17:02:30.0400 1660 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:02:30.0994 1660 NtmsSvc - ok
17:02:31.0025 1660 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:02:31.0041 1660 Null - ok
17:02:32.0416 1660 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:02:33.0869 1660 nv - ok
17:02:34.0588 1660 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:02:34.0604 1660 NwlnkFlt - ok
17:02:34.0650 1660 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:02:34.0682 1660 NwlnkFwd - ok
17:02:35.0275 1660 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:02:35.0588 1660 odserv - ok
17:02:37.0307 1660 OS Selector (9bfd0a072459782e3638362a4473e283) C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
17:02:38.0729 1660 OS Selector - ok
17:02:38.0994 1660 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:02:39.0119 1660 ose - ok
17:02:39.0729 1660 osixrnptqfqrjikp - ok
17:02:39.0885 1660 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:02:39.0947 1660 Parport - ok
17:02:39.0979 1660 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:02:40.0010 1660 PartMgr - ok
17:02:40.0025 1660 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:02:40.0041 1660 ParVdm - ok
17:02:40.0150 1660 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:02:40.0213 1660 PCI - ok
17:02:40.0260 1660 PCIDump - ok
17:02:40.0291 1660 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:02:40.0307 1660 PCIIde - ok
17:02:40.0447 1660 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:02:40.0557 1660 Pcmcia - ok
17:02:40.0572 1660 PDCOMP - ok
17:02:40.0588 1660 PDFRAME - ok
17:02:40.0588 1660 PDRELI - ok
17:02:40.0604 1660 PDRFRAME - ok
17:02:40.0635 1660 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:02:40.0666 1660 perc2 - ok
17:02:40.0682 1660 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:02:40.0697 1660 perc2hib - ok
17:02:41.0213 1660 PID_0928 (4fd88efe733a120837d365f2cd143742) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
17:02:41.0525 1660 PID_0928 - ok
17:02:41.0635 1660 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:02:41.0635 1660 PlugPlay - ok
17:02:41.0666 1660 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
17:02:41.0682 1660 pmem - ok
17:02:41.0713 1660 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:02:41.0713 1660 PolicyAgent - ok
17:02:41.0838 1660 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:02:41.0885 1660 PptpMiniport - ok
17:02:42.0025 1660 PrivateDisk (ebe579425ccb8377bfc7c0b50c05eb56) C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
17:02:42.0088 1660 PrivateDisk - ok
17:02:42.0119 1660 PROCDD (6f9e6e874fd74ee6dd0bbecde9d3f795) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
17:02:42.0135 1660 PROCDD - ok
17:02:42.0166 1660 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:02:42.0213 1660 Processor - ok
17:02:42.0213 1660 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:02:42.0213 1660 ProtectedStorage - ok
17:02:42.0260 1660 psadd (fb4c54f3a168b178dabf15eebaed8276) C:\WINDOWS\system32\Drivers\psadd.sys
17:02:42.0291 1660 psadd - ok
17:02:42.0338 1660 PsaSrv (a39e2901c4a75781d1be845bd47d1131) C:\WINDOWS\system32\PsaSrv.exe
17:02:42.0572 1660 PsaSrv - ok
17:02:42.0635 1660 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:02:42.0697 1660 PSched - ok
17:02:42.0854 1660 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:02:42.0885 1660 Ptilink - ok
17:02:42.0932 1660 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:02:42.0979 1660 PxHelp20 - ok
17:02:43.0010 1660 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:02:43.0041 1660 ql1080 - ok
17:02:43.0088 1660 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:02:43.0119 1660 Ql10wnt - ok
17:02:43.0150 1660 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:02:43.0197 1660 ql12160 - ok
17:02:43.0229 1660 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:02:43.0260 1660 ql1240 - ok
17:02:43.0307 1660 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:02:43.0354 1660 ql1280 - ok
17:02:43.0385 1660 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:02:43.0400 1660 RasAcd - ok
17:02:43.0494 1660 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:02:43.0572 1660 RasAuto - ok
17:02:43.0619 1660 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
17:02:43.0650 1660 Rasirda - ok
17:02:43.0713 1660 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:02:43.0838 1660 Rasl2tp - ok
17:02:44.0822 1660 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:02:45.0182 1660 RasMan - ok
17:02:45.0635 1660 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:02:45.0697 1660 RasPppoe - ok
17:02:46.0025 1660 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:02:46.0104 1660 Raspti - ok
17:02:47.0604 1660 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:02:47.0744 1660 Rdbss - ok
17:02:48.0010 1660 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:02:48.0025 1660 RDPCDD - ok
17:02:49.0119 1660 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:02:49.0322 1660 rdpdr - ok
17:02:51.0416 1660 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
17:02:51.0588 1660 RDPWD - ok
17:02:52.0916 1660 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:02:53.0150 1660 RDSessMgr - ok
17:02:54.0822 1660 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:02:54.0994 1660 redbook - ok
17:02:57.0729 1660 RegSrvc (d8f61aaae73a1fbde6f538becc891f2f) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
17:02:58.0275 1660 RegSrvc - ok
17:02:58.0494 1660 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:02:58.0588 1660 RemoteAccess - ok
17:02:59.0119 1660 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:02:59.0182 1660 RemoteRegistry - ok
17:02:59.0400 1660 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:02:59.0479 1660 RpcLocator - ok
17:03:01.0135 1660 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
17:03:01.0166 1660 RpcSs - ok
17:03:02.0291 1660 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:03:02.0682 1660 RSVP - ok
17:03:03.0760 1660 S24EventMonitor (25f697e3afa7b337bbcaddbce38e6934) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
17:03:04.0557 1660 S24EventMonitor - ok
17:03:04.0947 1660 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
17:03:04.0979 1660 s24trans - ok
17:03:05.0369 1660 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:03:05.0369 1660 SamSs - ok
17:03:05.0588 1660 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:03:05.0697 1660 SCardSvr - ok
17:03:06.0104 1660 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:03:06.0244 1660 Schedule - ok
17:03:06.0322 1660 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:03:06.0338 1660 Secdrv - ok
17:03:06.0416 1660 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:03:06.0432 1660 seclogon - ok
17:03:06.0525 1660 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:03:06.0541 1660 SENS - ok
17:03:06.0572 1660 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:03:06.0604 1660 serenum - ok
17:03:06.0682 1660 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:03:06.0760 1660 Serial - ok
17:03:06.0947 1660 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:03:06.0979 1660 Sfloppy - ok
17:03:07.0463 1660 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:03:07.0697 1660 SharedAccess - ok
17:03:08.0010 1660 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:03:08.0025 1660 ShellHWDetection - ok
17:03:08.0072 1660 ShockMgr (1a9b76c8e0d77bcaca24fdf36781b59d) C:\WINDOWS\system32\drivers\ShockMgr.sys
17:03:08.0104 1660 ShockMgr - ok
17:03:08.0229 1660 Shockprf (cb0c065af3ac9ac307408ea021cdd20e) C:\WINDOWS\system32\drivers\Shockprf.sys
17:03:08.0291 1660 Shockprf - ok
17:03:08.0322 1660 Simbad - ok
17:03:08.0400 1660 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:03:08.0447 1660 sisagp - ok
17:03:08.0463 1660 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:03:08.0494 1660 SLIP - ok
17:03:08.0744 1660 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
17:03:08.0775 1660 Smapint - ok
17:03:09.0275 1660 smi2 (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Program Files\SMI2\smi2.sys
17:03:09.0291 1660 smi2 - ok
17:03:09.0713 1660 smihlp (01a4388e45ba272082bfc35b0c8dbf8a) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
17:03:09.0729 1660 smihlp - ok
17:03:10.0244 1660 snapman (c6dafc9af23d54ca0e222b215d5e8378) C:\WINDOWS\system32\DRIVERS\snapman.sys
17:03:10.0385 1660 snapman - ok
17:03:10.0432 1660 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
17:03:10.0463 1660 SONYPVU1 - ok
17:03:10.0510 1660 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:03:10.0557 1660 Sparrow - ok
17:03:10.0604 1660 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:03:10.0604 1660 splitter - ok
17:03:10.0713 1660 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:03:10.0744 1660 Spooler - ok
17:03:10.0947 1660 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:03:11.0010 1660 sr - ok
17:03:11.0229 1660 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:03:11.0354 1660 srservice - ok
17:03:11.0760 1660 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
17:03:12.0104 1660 Srv - ok
17:03:12.0213 1660 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:03:12.0291 1660 SSDPSRV - ok
17:03:12.0338 1660 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
17:03:12.0369 1660 StillCam - ok
17:03:12.0666 1660 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:03:12.0994 1660 stisvc - ok
17:03:13.0291 1660 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:03:13.0322 1660 streamip - ok
17:03:13.0854 1660 SUService (1b1ee7daa523e8ca72bbdc6db155dc26) c:\program files\lenovo\system update\suservice.exe
17:03:13.0994 1660 SUService - ok
17:03:14.0338 1660 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:03:14.0369 1660 swenum - ok
17:03:14.0479 1660 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:03:14.0525 1660 swmidi - ok
17:03:14.0541 1660 SwPrv - ok
17:03:14.0635 1660 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:03:14.0666 1660 symc810 - ok
17:03:14.0729 1660 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:03:14.0760 1660 symc8xx - ok
17:03:14.0822 1660 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:03:14.0854 1660 sym_hi - ok
17:03:14.0994 1660 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:03:15.0041 1660 sym_u3 - ok
17:03:15.0354 1660 SynTP (7c02db7416d52c02b131d0e3a8d2337c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:03:15.0494 1660 SynTP - ok
17:03:15.0572 1660 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:03:15.0619 1660 sysaudio - ok
17:03:15.0760 1660 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:03:15.0916 1660 SysmonLog - ok
17:03:16.0244 1660 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:03:16.0432 1660 TapiSrv - ok
17:03:16.0963 1660 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:03:17.0229 1660 Tcpip - ok
17:03:17.0275 1660 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
17:03:17.0322 1660 TcUsb - ok
17:03:17.0385 1660 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:03:17.0416 1660 TDPIPE - ok
17:03:17.0447 1660 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
17:03:17.0479 1660 TDSMAPI - ok
17:03:17.0525 1660 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:03:17.0572 1660 TDTCP - ok
17:03:17.0650 1660 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:03:17.0697 1660 TermDD - ok
17:03:18.0119 1660 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:03:18.0354 1660 TermService - ok
17:03:18.0510 1660 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:03:18.0525 1660 Themes - ok
17:03:19.0791 1660 ThinkVantage Registry Monitor Service (bec875caf94e9fd6bc95b84bd07c1e99) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
17:03:20.0400 1660 ThinkVantage Registry Monitor Service - ok
17:03:20.0572 1660 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
17:03:20.0666 1660 TlntSvr - ok
17:03:20.0713 1660 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:03:20.0729 1660 TosIde - ok
17:03:20.0854 1660 TPHDEXLGSVC (a3552782e8d402f3aa513765d93c852d) C:\WINDOWS\system32\TPHDEXLG.EXE
17:03:20.0932 1660 TPHDEXLGSVC - ok
17:03:21.0025 1660 TPHKDRV (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys
17:03:21.0057 1660 TPHKDRV - ok
17:03:21.0150 1660 TpKmpSVC (dfb268ff0a6dcb9280015ff527f892ff) C:\WINDOWS\system32\TpKmpSVC.exe
17:03:21.0166 1660 TpKmpSVC - ok
17:03:21.0666 1660 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
17:03:21.0697 1660 TPPWRIF - ok
17:03:22.0135 1660 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:03:22.0197 1660 TrkWks - ok
17:03:22.0416 1660 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
17:03:22.0447 1660 TSMAPIP - ok
17:03:24.0166 1660 TSSCoreService (cf3bc148a6979bcf5af8591e687c1390) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
17:03:24.0775 1660 TSSCoreService - ok
17:03:26.0822 1660 TVT Backup Service (ec38192f2f5361b48bc387c2db337264) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
17:03:28.0416 1660 TVT Backup Service - ok
17:03:29.0729 1660 TVT Scheduler (fe1d3ef5caa8ee28a8b66fa1f180681b) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
17:03:30.0447 1660 TVT Scheduler - ok
17:03:31.0541 1660 tvtfilter (dd957007df98aecffaaa2656d4b981e4) C:\WINDOWS\system32\drivers\tvtfilter.sys
17:03:31.0572 1660 tvtfilter - ok
17:03:31.0713 1660 tvtnetwk (2e72c66682e9274c97ae3f5a57c2fa33) C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
17:03:31.0760 1660 tvtnetwk - ok
17:03:31.0807 1660 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
17:03:31.0854 1660 TVTPktFilter - ok
17:03:31.0947 1660 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:03:32.0119 1660 Udfs - ok
17:03:32.0197 1660 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:03:32.0244 1660 ultra - ok
17:03:32.0666 1660 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:03:32.0963 1660 Update - ok
17:03:33.0447 1660 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:03:33.0635 1660 upnphost - ok
17:03:33.0682 1660 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:03:33.0729 1660 UPS - ok
17:03:33.0822 1660 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:03:33.0869 1660 USBAAPL - ok
17:03:33.0963 1660 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:03:34.0072 1660 usbaudio - ok
17:03:34.0197 1660 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
17:03:34.0244 1660 usbbus - ok
17:03:34.0307 1660 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:03:34.0354 1660 usbccgp - ok
17:03:34.0416 1660 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
17:03:34.0447 1660 UsbDiag - ok
17:03:34.0494 1660 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:03:34.0588 1660 usbehci - ok
17:03:34.0682 1660 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:03:34.0744 1660 usbhub - ok
17:03:34.0791 1660 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
17:03:34.0838 1660 USBModem - ok
17:03:34.0900 1660 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:03:34.0947 1660 usbprint - ok
17:03:35.0135 1660 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:03:35.0182 1660 usbscan - ok
17:03:35.0244 1660 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:03:35.0275 1660 USBSTOR - ok
17:03:35.0322 1660 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:03:35.0338 1660 usbuhci - ok
17:03:35.0494 1660 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:03:35.0588 1660 usbvideo - ok
17:03:35.0666 1660 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:03:35.0697 1660 VgaSave - ok
17:03:35.0760 1660 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:03:35.0807 1660 viaagp - ok
17:03:35.0838 1660 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:03:35.0854 1660 ViaIde - ok
17:03:35.0947 1660 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:03:36.0072 1660 VolSnap - ok
17:03:36.0307 1660 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
17:03:36.0760 1660 vsdatant - ok
17:03:37.0197 1660 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:03:37.0432 1660 VSS - ok
17:03:37.0619 1660 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:03:37.0760 1660 W32Time - ok
17:03:37.0822 1660 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:03:37.0854 1660 Wanarp - ok
17:03:37.0869 1660 WDICA - ok
17:03:37.0994 1660 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:03:38.0150 1660 wdmaud - ok
17:03:38.0260 1660 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:03:38.0307 1660 WebClient - ok
17:03:39.0182 1660 winachsf (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\hsx_cnxt.sys
17:03:39.0838 1660 winachsf - ok
17:03:40.0182 1660 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:03:40.0275 1660 winmgmt - ok
17:03:40.0369 1660 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:03:40.0432 1660 WmdmPmSN - ok
17:03:41.0213 1660 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
17:03:41.0619 1660 Wmi - ok
17:03:41.0791 1660 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:03:41.0900 1660 WmiApSrv - ok
17:03:43.0166 1660 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:03:43.0791 1660 WMPNetworkSvc - ok
17:03:43.0947 1660 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:03:44.0010 1660 WS2IFSL - ok
17:03:44.0213 1660 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:03:44.0275 1660 wscsvc - ok
17:03:44.0338 1660 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:03:44.0369 1660 WSTCODEC - ok
17:03:44.0416 1660 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:03:44.0432 1660 wuauserv - ok
17:03:44.0604 1660 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:03:44.0682 1660 WudfPf - ok
17:03:44.0869 1660 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:03:44.0947 1660 WudfRd - ok
17:03:45.0182 1660 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:03:45.0260 1660 WudfSvc - ok
17:03:45.0775 1660 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:03:46.0354 1660 WZCSVC - ok
17:03:46.0869 1660 XMail (1619a3283d9125d44116a1ee9143e035) C:\Program Files\acquia-drupal\xmail\XMail.exe
17:03:47.0229 1660 XMail - ok
17:03:47.0400 1660 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:03:47.0572 1660 xmlprov - ok
17:03:47.0666 1660 MBR (0x1B8) (47d3ade2ede4db9b8735d14229855b71) \Device\Harddisk0\DR0
17:03:47.0713 1660 \Device\Harddisk0\DR0 - ok
17:03:47.0729 1660 Boot (0x1200) (81ac79a0f72ce8975bb3f4deae6c3031) \Device\Harddisk0\DR0\Partition0
17:03:47.0729 1660 \Device\Harddisk0\DR0\Partition0 - ok
17:03:47.0729 1660 ============================================================
17:03:47.0729 1660 Scan finished
17:03:47.0744 1660 ============================================================
17:03:47.0775 10916 Detected object count: 0
17:03:47.0775 10916 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 13 May 2012 - 08:17 PM

Hello


try and run aswMBR once more and run this for me



I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 TylerS19

TylerS19
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 14 May 2012 - 01:37 PM

Okay, saved the log this time:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-14 09:38:40
-----------------------------
09:38:40.609 OS Version: Windows 5.1.2600 Service Pack 3
09:38:40.609 Number of processors: 2 586 0xF06
09:38:40.609 ComputerName: LENOVO-64B6E920 UserName: Tyler
09:38:43.515 Initialize success
10:01:00.375 AVAST engine defs: 12051400
10:08:19.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:08:19.359 Disk 0 Vendor: HTS721010G9SA00 MCZIC14V Size: 95396MB BusType: 3
10:08:19.375 Disk 0 MBR read successfully
10:08:19.375 Disk 0 MBR scan
10:08:19.515 Disk 0 unknown MBR code
10:08:19.515 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 87072 MB offset 63
10:08:19.546 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 8320 MB offset 178325280
10:08:19.562 Disk 0 scanning sectors +195365520
10:08:19.703 Disk 0 scanning C:\WINDOWS\system32\drivers
10:09:29.109 Service scanning
10:11:05.484 Modules scanning
10:11:33.359 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
10:11:39.265 Disk 0 trace - called modules:
10:11:39.296 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
10:11:39.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7f1ab8]
10:11:39.296 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\000000a4[0x8a808030]
10:11:39.296 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a7f2d98]
10:11:42.046 AVAST engine scan C:\WINDOWS
10:12:11.093 AVAST engine scan C:\WINDOWS\system32
10:32:06.062 AVAST engine scan C:\WINDOWS\system32\drivers
10:33:35.234 AVAST engine scan C:\Documents and Settings\Tyler
12:52:28.140 AVAST engine scan C:\Documents and Settings\All Users
13:04:20.390 Scan finished successfully
13:11:43.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tyler\Desktop\Post\MBR.dat"
13:11:43.359 The log file has been saved successfully to "C:\Documents and Settings\Tyler\Desktop\Post\aswMBR.txt"



In order to run the file I just copied the contents when it opened a site, pasted it to Notepad and saved it with a vbs extension. Seemed to work, a pop-up appeared, then it ran and asked me to reboot.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 14 May 2012 - 07:25 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 TylerS19

TylerS19
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 14 May 2012 - 08:23 PM

Hey,

Everything went well getting the error I mentioned earlier again though, this time when I click any button while in notepad. The login is different when my computer boots up; not logging into "administrator" anymore and the screen looks different - no problem with this, just something that changed. Everything seems to be working fine.

Log:

ComboFix 12-05-14.03 - Tyler 14/05/2012 20:54:07.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1106 [GMT -4:00]
Running from: c:\documents and settings\Tyler\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tyler\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-14 18:16 . 2012-05-14 18:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-05-14 18:15 . 2012-05-14 18:15 -------- d-sh--w- c:\documents and settings\Tyler\IETldCache
2012-05-14 13:05 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2012-05-14 13:00 . 2012-03-01 11:01 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-05-14 13:00 . 2012-03-01 11:01 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-05-14 12:59 . 2012-03-01 11:01 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-05-14 12:59 . 2012-03-01 11:01 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-05-14 12:59 . 2012-03-02 10:01 11082752 ------w- c:\windows\system32\dllcache\ieframe.dll
2012-05-14 12:59 . 2012-03-01 11:01 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-05-14 12:56 . 2012-05-14 12:59 -------- dc-h--w- c:\windows\ie8
2012-05-14 00:32 . 2012-05-14 00:32 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\PCHealth
2012-05-12 18:50 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-05-12 18:50 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-05-03 20:02 . 2012-05-03 20:02 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-03 20:02 . 2012-05-03 20:02 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-03 20:02 . 2012-05-03 20:02 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-30 22:06 . 2012-05-08 02:21 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-28 16:12 . 2012-04-28 16:28 -------- d-----w- c:\program files\SpywareBlaster
2012-04-25 15:49 . 2011-11-24 03:34 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-04-19 15:35 . 2012-04-19 18:00 -------- d-----w- C:\VMS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 18:25 . 2008-04-29 17:36 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2012-05-08 02:21 . 2011-11-23 19:50 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2006-04-30 06:55 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2006-04-30 06:55 1862272 ------w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56 . 2010-07-02 17:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2006-04-30 06:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2006-04-30 06:55 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2006-04-30 06:56 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-04-30 06:55 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2006-04-30 06:55 385024 ------w- c:\windows\system32\html.iec
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-05-03 20:02 . 2011-05-09 11:58 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-12_01.38.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 02:51 . 2011-04-19 02:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2011-05-14 00:17 . 2011-05-14 00:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 05:06 . 2011-05-14 05:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 05:23 . 2011-05-14 05:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 22:37 . 2011-05-13 22:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2012-05-15 01:07 . 2012-05-15 01:07 16384 c:\windows\Temp\Perflib_Perfdata_6d4.dat
+ 2012-05-14 18:13 . 2012-05-14 18:13 16384 c:\windows\Temp\Perflib_Perfdata_5f0.dat
+ 2012-05-15 01:07 . 2012-05-15 01:07 16384 c:\windows\Temp\Perflib_Perfdata_294.dat
+ 2008-07-11 19:15 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
- 2008-07-11 19:15 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2006-04-30 07:28 . 2009-01-07 22:21 26144 c:\windows\system32\spupdsvc.exe
+ 2009-02-21 04:07 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll
+ 2006-04-30 06:55 . 2009-03-08 08:31 46592 c:\windows\system32\pngfilt.dll
+ 2006-04-30 06:55 . 2012-05-14 12:20 72728 c:\windows\system32\perfc009.dat
+ 2006-04-30 06:55 . 2011-11-18 12:35 60416 c:\windows\system32\packager.exe
+ 2006-04-30 06:55 . 2011-09-26 15:41 20480 c:\windows\system32\oleaccrc.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 23552 c:\windows\system32\normaliz.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 24576 c:\windows\system32\nlsdl.dll
+ 2006-04-30 06:55 . 2009-03-08 08:31 48128 c:\windows\system32\mshtmler.dll
+ 2006-04-30 06:55 . 2012-03-01 11:01 66560 c:\windows\system32\mshtmled.dll
+ 2006-04-30 06:55 . 2009-03-08 08:31 45568 c:\windows\system32\mshta.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 13312 c:\windows\system32\msfeedssync.exe
+ 2009-03-08 08:31 . 2012-03-01 11:01 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-04-30 06:55 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
- 2006-04-30 06:55 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
+ 2006-04-30 06:55 . 2012-03-01 11:01 25600 c:\windows\system32\jsproxy.dll
+ 2006-04-30 06:55 . 2009-03-08 08:32 94720 c:\windows\system32\inseng.dll
+ 2006-04-30 06:55 . 2009-03-08 08:31 34816 c:\windows\system32\imgutil.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 36864 c:\windows\system32\ieudinit.exe
+ 2006-04-30 06:55 . 2009-03-08 08:32 71680 c:\windows\system32\iesetup.dll
+ 2006-04-30 06:55 . 2009-03-08 08:32 55808 c:\windows\system32\iernonce.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 26112 c:\windows\system32\idndl.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 59904 c:\windows\system32\icardie.dll
+ 2006-04-30 06:55 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
- 2006-04-30 06:55 . 2008-04-14 00:11 45568 c:\windows\system32\dnsrslvr.dll
+ 2006-04-30 06:55 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
+ 2012-05-14 13:00 . 2012-03-01 11:01 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2006-04-30 06:55 . 2009-03-08 08:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-04-30 06:55 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2006-04-30 06:55 . 2011-09-26 15:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2006-04-30 06:55 . 2011-07-08 14:02 10496 c:\windows\system32\dllcache\ndistapi.sys
+ 2006-04-30 06:55 . 2009-03-08 08:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2006-04-30 06:55 . 2012-03-01 11:01 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-04-30 06:55 . 2009-03-08 08:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2006-04-30 06:55 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
- 2006-04-30 06:55 . 2008-04-14 00:11 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2006-04-30 06:55 . 2012-03-01 11:01 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2006-04-30 06:55 . 2012-03-01 11:01 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-04-30 06:55 . 2009-03-08 08:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2006-04-30 06:55 . 2009-03-08 08:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2006-04-30 06:55 . 2009-03-08 08:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2006-04-30 06:55 . 2009-03-08 08:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2006-04-30 07:10 . 2009-03-08 08:24 68608 c:\windows\system32\dllcache\hmmapi.dll
- 2006-04-30 06:55 . 2008-04-14 00:11 45568 c:\windows\system32\dllcache\dnsrslvr.dll
+ 2006-04-30 06:55 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
- 2006-04-30 06:55 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2006-04-30 06:55 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2006-04-30 06:55 . 2009-03-08 08:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2006-04-30 06:55 . 2009-03-08 08:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2006-04-30 06:55 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll
- 2006-04-30 06:55 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2006-04-30 06:55 . 2009-03-08 08:33 18944 c:\windows\system32\corpol.dll
+ 2008-04-29 17:45 . 2012-05-12 02:07 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-29 17:45 . 2012-05-02 20:13 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-29 17:45 . 2012-05-12 02:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-29 17:45 . 2012-05-02 20:13 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-11-18 01:44 . 2012-05-02 20:13 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-05-12 02:07 . 2012-05-12 02:07 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-04-30 06:55 . 2009-03-08 08:32 72704 c:\windows\system32\admparse.dll
+ 2011-12-25 07:49 . 2011-12-25 07:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2008-07-16 00:42 . 2011-03-10 13:49 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-07-16 00:42 . 2012-05-14 00:16 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-07-16 00:42 . 2012-05-14 00:16 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-07-16 00:42 . 2011-03-10 13:49 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-07-16 00:42 . 2012-05-14 00:16 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-07-16 00:42 . 2011-03-10 13:49 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-07-23 20:08 . 2011-03-11 21:59 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-07-23 20:08 . 2012-05-14 00:16 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-07-23 20:08 . 2011-03-11 21:59 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-07-23 20:08 . 2012-05-14 00:16 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-07-23 20:08 . 2012-05-14 00:16 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-07-23 20:08 . 2011-03-11 21:59 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-06-05 19:42 . 2012-05-13 22:18 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-05 19:42 . 2011-03-06 19:04 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-05-14 13:03 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2012-05-14 13:03 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2012-05-14 13:03 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2012-05-14 13:18 . 2011-12-17 19:46 12800 c:\windows\ie8updates\KB2675157-IE8\xpshims.dll
+ 2012-05-14 13:17 . 2011-12-17 19:46 66560 c:\windows\ie8updates\KB2675157-IE8\mshtmled.dll
+ 2012-05-14 13:17 . 2011-12-17 19:46 55296 c:\windows\ie8updates\KB2675157-IE8\msfeedsbs.dll
+ 2012-05-14 13:17 . 2011-12-17 19:46 43520 c:\windows\ie8updates\KB2675157-IE8\licmgr10.dll
+ 2012-05-14 13:17 . 2011-12-17 19:46 25600 c:\windows\ie8updates\KB2675157-IE8\jsproxy.dll
+ 2012-05-14 13:13 . 2011-11-04 19:20 12800 c:\windows\ie8updates\KB2647516-IE8\xpshims.dll
+ 2012-05-14 13:13 . 2011-11-04 19:20 66560 c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll
+ 2012-05-14 13:13 . 2011-11-04 19:20 55296 c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll
+ 2012-05-14 13:13 . 2011-11-04 19:20 43520 c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll
+ 2012-05-14 13:13 . 2011-11-04 19:20 25600 c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll
+ 2012-05-14 13:08 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2012-05-14 13:08 . 2009-03-08 08:31 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2012-05-14 13:08 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2012-05-14 13:08 . 2009-03-08 08:34 43008 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2012-05-14 13:08 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
+ 2012-05-14 12:56 . 2012-02-28 18:50 37888 c:\windows\ie8\url.dll
+ 2012-05-14 12:57 . 2009-03-08 18:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2012-05-14 12:56 . 2008-04-14 00:12 39424 c:\windows\ie8\pngfilt.dll
+ 2012-05-14 12:56 . 2008-04-14 00:12 96256 c:\windows\ie8\occache.dll
+ 2012-05-14 12:56 . 2008-04-13 16:26 56832 c:\windows\ie8\mshtmler.dll
+ 2012-05-14 12:56 . 2008-04-14 00:12 29184 c:\windows\ie8\mshta.exe
+ 2012-05-14 12:56 . 2008-04-14 00:11 22016 c:\windows\ie8\licmgr10.dll
+ 2012-05-14 12:56 . 2008-04-14 00:11 15872 c:\windows\ie8\jsproxy.dll
+ 2012-05-14 12:56 . 2008-04-14 00:11 96256 c:\windows\ie8\inseng.dll
+ 2012-05-14 12:56 . 2008-04-14 00:11 35840 c:\windows\ie8\imgutil.dll
+ 2012-05-14 12:56 . 2008-04-14 00:12 93184 c:\windows\ie8\iexplore.exe
+ 2012-05-14 12:56 . 2008-04-14 00:11 62976 c:\windows\ie8\iesetup.dll
+ 2012-05-14 12:56 . 2008-04-14 00:11 48640 c:\windows\ie8\iernonce.dll
+ 2012-05-14 12:56 . 2012-02-28 18:50 81920 c:\windows\ie8\ieencode.dll
+ 2012-05-14 12:56 . 2008-04-14 00:12 34304 c:\windows\ie8\ie4uinit.exe
+ 2012-05-14 12:56 . 2008-04-14 00:11 38912 c:\windows\ie8\hmmapi.dll
+ 2012-05-14 12:56 . 2008-04-14 00:11 35328 c:\windows\ie8\corpol.dll
+ 2012-05-14 12:56 . 2008-04-14 00:11 99840 c:\windows\ie8\advpack.dll
+ 2012-05-14 12:56 . 2008-04-14 00:11 61440 c:\windows\ie8\admparse.dll
+ 2012-05-13 23:49 . 2012-05-13 23:49 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll
+ 2012-05-14 00:09 . 2012-05-14 00:09 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\316e223f2ab8c69cd6a5a06de21650ec\System.Windows.Presentation.ni.dll
+ 2012-05-14 13:31 . 2012-05-14 13:31 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\7aac1fe67890463655aeeb3b8e4f2884\System.Web.DynamicData.Design.ni.dll
+ 2012-05-13 23:54 . 2012-05-13 23:54 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\34c988dea48c291b4e648941207e83fb\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-13 23:54 . 2012-05-13 23:54 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\7bb7e51275fa19f8b4894c772bdb1e10\System.AddIn.Contract.ni.dll
+ 2012-05-13 23:43 . 2012-05-13 23:43 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\f0c4a4528f130ef2ff1ae63dd7b39075\PresentationFontCache.ni.exe
+ 2012-05-13 23:42 . 2012-05-13 23:42 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\53931181e5a5e194da82605613cda6af\PresentationCFFRasterizer.ni.dll
+ 2012-05-13 23:57 . 2012-05-13 23:57 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2be3ad4cda6853d7959a84cec0414c5\Microsoft.Vsa.ni.dll
+ 2012-05-13 23:53 . 2012-05-13 23:53 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8fab9cd28bbc860a34feec119512664d\Microsoft.Build.Framework.ni.dll
+ 2012-05-13 23:53 . 2012-05-13 23:53 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\0eac132c7c36f1c100ae23c956b379e7\Microsoft.Build.Framework.ni.dll
+ 2012-05-13 23:52 . 2012-05-13 23:52 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\d66bc03eb7eae89b4dde2d09eda1414f\dfsvc.ni.exe
+ 2012-05-13 23:50 . 2012-05-13 23:50 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
+ 2012-05-14 12:17 . 2012-05-14 12:17 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-05-14 12:17 . 2012-05-14 12:17 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-05-14 12:19 . 2012-05-14 12:19 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-10-07 11:32 . 2010-10-07 11:32 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-05-14 12:19 . 2012-05-14 12:19 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-05-14 12:19 . 2012-05-14 12:19 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-04-15 02:10 . 2011-02-17 12:32 5120 c:\windows\system32\xpsp4res.dll
- 2009-04-15 02:10 . 2010-08-26 12:52 5120 c:\windows\system32\xpsp4res.dll
+ 2012-05-14 13:05 . 2009-03-08 08:35 2048 c:\windows\ie8updates\KB2598845-IE8\iecompat.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-05-14 12:19 . 2012-05-14 12:19 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-10-07 11:31 . 2010-10-07 11:31 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2012-04-06 03:13 . 2012-04-06 03:13 299080 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2008-09-08 19:19 . 2009-01-07 22:21 121856 c:\windows\system32\xmllite.dll
- 2008-09-08 19:19 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
+ 2006-04-30 06:55 . 2011-11-25 21:57 293376 c:\windows\system32\winsrv.dll
- 2006-04-30 06:55 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
+ 2006-04-30 06:56 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
- 2006-04-30 06:56 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll
+ 2006-04-30 06:56 . 2011-11-16 14:21 354816 c:\windows\system32\winhttp.dll
- 2006-04-30 06:56 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2006-04-30 06:56 . 2009-03-08 08:34 236544 c:\windows\system32\webcheck.dll
+ 2006-04-30 06:56 . 2009-03-08 08:33 420352 c:\windows\system32\vbscript.dll
+ 2006-04-30 06:56 . 2012-03-01 11:01 105984 c:\windows\system32\url.dll
+ 2008-07-29 23:59 . 2011-09-26 15:41 611328 c:\windows\system32\uiautomationcore.dll
+ 2006-04-30 06:55 . 2011-11-16 14:21 152064 c:\windows\system32\schannel.dll
+ 2006-04-30 06:55 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
- 2006-04-30 06:55 . 2008-04-14 00:12 386048 c:\windows\system32\qdvd.dll
+ 2006-04-30 06:55 . 2012-05-14 12:20 445018 c:\windows\system32\perfh009.dat
+ 2006-04-30 06:55 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
- 2006-04-30 06:55 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll
+ 2006-04-30 06:55 . 2011-09-26 15:41 220160 c:\windows\system32\oleacc.dll
+ 2006-04-30 06:55 . 2012-03-01 11:01 206848 c:\windows\system32\occache.dll
+ 2006-04-30 06:55 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll
- 2006-04-30 06:55 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll
+ 2006-04-30 06:55 . 2012-03-01 11:01 611840 c:\windows\system32\mstime.dll
+ 2006-04-30 06:55 . 2009-03-08 08:34 193536 c:\windows\system32\msrating.dll
+ 2006-04-30 06:55 . 2009-03-08 08:22 156160 c:\windows\system32\msls31.dll
+ 2009-03-08 08:32 . 2012-03-01 11:01 602112 c:\windows\system32\msfeeds.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 265720 c:\windows\system32\msdbg2.dll
+ 2006-04-30 06:55 . 2011-02-08 13:33 974848 c:\windows\system32\mfc42u.dll
- 2006-04-30 06:55 . 2010-09-18 16:23 974848 c:\windows\system32\mfc42u.dll
+ 2006-04-30 06:55 . 2011-02-08 13:33 978944 c:\windows\system32\mfc42.dll
+ 2006-04-30 06:55 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2006-04-30 07:10 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll
- 2006-04-30 07:10 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
+ 2009-03-08 08:22 . 2009-03-08 08:22 164352 c:\windows\system32\ieui.dll
+ 2006-04-30 06:55 . 2012-03-01 11:01 184320 c:\windows\system32\iepeers.dll
+ 2006-04-30 06:55 . 2012-03-01 11:01 387584 c:\windows\system32\iedkcs32.dll
+ 2009-03-08 08:11 . 2009-03-08 08:11 445952 c:\windows\system32\ieapfltr.dll
+ 2006-04-30 06:55 . 2009-03-08 08:32 163840 c:\windows\system32\ieakui.dll
+ 2006-04-30 06:55 . 2009-03-08 08:33 229376 c:\windows\system32\ieaksie.dll
+ 2006-04-30 06:55 . 2009-03-08 08:33 125952 c:\windows\system32\ieakeng.dll
+ 2006-04-30 06:55 . 2012-02-29 12:17 174080 c:\windows\system32\ie4uinit.exe
+ 2006-04-30 06:55 . 2011-10-18 11:13 186880 c:\windows\system32\encdec.dll
- 2006-04-30 06:55 . 2011-02-09 13:53 186880 c:\windows\system32\encdec.dll
+ 2006-04-30 06:55 . 2009-03-08 08:31 216064 c:\windows\system32\dxtrans.dll
+ 2006-04-30 06:55 . 2009-03-08 08:31 348160 c:\windows\system32\dxtmsft.dll
+ 2006-04-30 06:55 . 2011-02-17 13:18 357888 c:\windows\system32\drivers\srv.sys
+ 2006-04-30 06:55 . 2012-01-09 16:20 139784 c:\windows\system32\drivers\rdpwd.sys
+ 2006-04-30 06:55 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys
+ 2006-04-30 06:55 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys
- 2006-04-30 06:55 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys
+ 2006-04-30 06:55 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys
+ 2006-04-30 06:55 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll
- 2006-04-30 06:56 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2006-04-30 06:56 . 2012-02-29 14:10 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2006-04-30 06:55 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
- 2006-04-30 06:55 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2006-04-30 06:56 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
- 2006-04-30 06:56 . 2008-04-14 00:12 176128 c:\windows\system32\dllcache\winmm.dll
+ 2006-04-30 06:56 . 2012-03-01 11:01 916992 c:\windows\system32\dllcache\wininet.dll
- 2006-04-30 06:56 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2006-04-30 06:56 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2006-04-30 06:56 . 2009-03-08 08:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2006-04-30 07:11 . 2009-03-08 08:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2006-04-30 06:56 . 2009-03-08 08:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2006-04-30 06:56 . 2012-03-01 11:01 105984 c:\windows\system32\dllcache\url.dll
+ 2006-04-30 06:55 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys
+ 2009-01-07 22:20 . 2009-01-07 22:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2006-04-30 06:55 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2006-04-30 06:55 . 2012-01-09 16:20 139784 c:\windows\system32\dllcache\rdpwd.sys
- 2006-04-30 06:55 . 2008-04-14 00:12 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2006-04-30 06:55 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
- 2006-04-30 06:55 . 2008-04-14 00:12 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2006-04-30 06:55 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2006-04-30 06:55 . 2011-09-26 15:41 220160 c:\windows\system32\dllcache\oleacc.dll
+ 2006-04-30 06:55 . 2012-03-01 11:01 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-04-30 06:55 . 2011-04-21 13:37 105472 c:\windows\system32\dllcache\mup.sys
+ 2006-04-30 06:55 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll
- 2006-04-30 06:55 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2006-04-30 06:55 . 2012-03-01 11:01 611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-04-30 06:55 . 2009-03-08 08:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2006-04-30 06:55 . 2009-03-08 08:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2006-04-30 06:55 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2006-04-30 06:55 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
- 2006-04-30 06:55 . 2010-09-18 16:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2006-04-30 06:55 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
+ 2006-04-30 06:55 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2006-04-30 07:10 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2006-04-30 07:10 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2006-04-30 06:55 . 2012-02-29 14:10 148480 c:\windows\system32\dllcache\imagehlp.dll
+ 2006-04-30 07:10 . 2009-03-08 18:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2006-04-30 06:55 . 2012-03-01 11:01 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-04-30 06:55 . 2012-03-01 11:01 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-04-30 06:55 . 2009-03-08 08:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2006-04-30 06:55 . 2009-03-08 08:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-04-30 06:55 . 2009-03-08 08:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-04-30 06:55 . 2012-02-29 12:17 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-04-30 06:55 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
- 2006-04-30 06:55 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
+ 2006-04-30 06:55 . 2009-03-08 08:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-04-30 06:55 . 2009-03-08 08:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-04-30 06:55 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll
+ 2006-04-30 06:55 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
- 2006-04-30 06:55 . 2008-04-14 00:11 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2006-04-30 06:55 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
+ 2006-04-30 06:55 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
- 2006-04-30 06:55 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
+ 2006-04-30 06:55 . 2009-03-08 08:32 128512 c:\windows\system32\dllcache\advpack.dll
- 2006-04-30 06:55 . 2008-04-14 00:11 599040 c:\windows\system32\crypt32.dll
+ 2006-04-30 06:55 . 2011-09-28 07:06 599040 c:\windows\system32\crypt32.dll
+ 2006-04-30 06:55 . 2011-02-15 12:56 290432 c:\windows\system32\atmfd.dll
+ 2006-04-30 06:55 . 2009-03-08 08:32 128512 c:\windows\system32\advpack.dll
+ 2012-04-06 03:52 . 2012-04-06 03:52 131168 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2011-12-25 07:49 . 2011-12-25 07:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2012-01-31 07:38 . 2012-01-31 07:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 389888 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 364816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 989968 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-03-18 00:03 . 2011-03-18 00:03 308736 c:\windows\Installer\7e79be.msp
+ 2011-12-22 20:50 . 2011-12-22 20:50 256000 c:\windows\Installer\7e7930.msp
+ 2012-02-03 03:56 . 2012-02-03 03:56 963584 c:\windows\Installer\28950c6.msp
+ 2012-05-13 23:42 . 2012-05-13 23:42 223744 c:\windows\Installer\20ddbc.msi
+ 2011-12-25 09:40 . 2011-12-25 09:40 819200 c:\windows\Installer\20dd1d.msp
+ 2012-05-13 22:23 . 2012-05-13 22:23 467456 c:\windows\Installer\20db4c.msi
- 2008-07-16 00:42 . 2011-03-10 13:49 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-07-16 00:42 . 2012-05-14 00:16 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-07-16 00:42 . 2012-05-14 00:16 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-07-16 00:42 . 2011-03-10 13:49 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-07-16 00:42 . 2012-05-14 00:16 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2008-07-16 00:42 . 2011-03-10 13:49 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-07-16 00:42 . 2012-05-14 00:16 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-07-16 00:42 . 2011-03-10 13:48 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-07-16 00:42 . 2011-03-10 13:49 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-07-16 00:42 . 2012-05-14 00:16 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2008-07-23 20:08 . 2011-03-11 21:59 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-07-23 20:08 . 2012-05-14 00:16 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-07-23 20:08 . 2011-03-11 21:59 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-07-23 20:08 . 2012-05-14 00:16 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-07-23 20:08 . 2012-05-14 00:16 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-07-23 20:08 . 2011-03-11 21:59 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-07-23 20:08 . 2012-05-14 00:16 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-07-23 20:08 . 2011-03-11 21:59 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-07-23 20:08 . 2011-03-11 21:59 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-07-23 20:08 . 2012-05-14 00:16 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-07-23 20:08 . 2012-05-14 00:16 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-07-23 20:08 . 2011-03-11 21:59 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-07-23 20:08 . 2011-03-11 21:59 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-07-23 20:08 . 2012-05-14 00:16 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-05-14 13:03 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2012-05-14 13:03 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2012-05-14 13:03 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2012-05-14 13:03 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2012-05-14 13:03 . 2009-03-08 08:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2012-05-14 13:03 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2012-05-14 13:03 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2012-05-14 13:03 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2012-05-14 13:03 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2012-05-14 13:03 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2012-05-14 13:03 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2012-05-14 13:17 . 2011-12-17 19:46 916992 c:\windows\ie8updates\KB2675157-IE8\wininet.dll
+ 2012-05-14 13:17 . 2011-12-17 19:46 105984 c:\windows\ie8updates\KB2675157-IE8\url.dll
+ 2012-05-14 13:18 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2675157-IE8\spuninst\updspapi.dll
+ 2012-05-14 13:18 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2675157-IE8\spuninst\spuninst.exe
+ 2012-05-14 13:17 . 2011-12-17 19:46 206848 c:\windows\ie8updates\KB2675157-IE8\occache.dll
+ 2012-05-14 13:17 . 2011-12-17 19:46 611840 c:\windows\ie8updates\KB2675157-IE8\mstime.dll
+ 2012-05-14 13:17 . 2011-12-17 19:46 602112 c:\windows\ie8updates\KB2675157-IE8\msfeeds.dll
+ 2012-05-14 13:18 . 2011-12-17 19:46 247808 c:\windows\ie8updates\KB2675157-IE8\ieproxy.dll
+ 2012-05-14 13:17 . 2011-12-17 19:46 184320 c:\windows\ie8updates\KB2675157-IE8\iepeers.dll
+ 2012-05-14 13:18 . 2011-12-17 19:46 743424 c:\windows\ie8updates\KB2675157-IE8\iedvtool.dll
+ 2012-05-14 13:18 . 2011-12-17 19:46 387584 c:\windows\ie8updates\KB2675157-IE8\iedkcs32.dll
+ 2012-05-14 13:18 . 2011-12-16 12:23 174080 c:\windows\ie8updates\KB2675157-IE8\ie4uinit.exe
+ 2012-05-14 13:13 . 2011-11-04 19:20 916992 c:\windows\ie8updates\KB2647516-IE8\wininet.dll
+ 2012-05-14 13:13 . 2011-11-04 19:20 105984 c:\windows\ie8updates\KB2647516-IE8\url.dll
+ 2012-05-14 13:13 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2647516-IE8\spuninst\updspapi.dll
+ 2012-05-14 13:13 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2647516-IE8\spuninst\spuninst.exe
+ 2012-05-14 13:13 . 2011-11-04 19:20 206848 c:\windows\ie8updates\KB2647516-IE8\occache.dll
+ 2012-05-14 13:13 . 2011-11-04 19:20 611840 c:\windows\ie8updates\KB2647516-IE8\mstime.dll
+ 2012-05-14 13:13 . 2011-11-04 19:20 602112 c:\windows\ie8updates\KB2647516-IE8\msfeeds.dll
+ 2012-05-14 13:13 . 2011-11-04 19:20 247808 c:\windows\ie8updates\KB2647516-IE8\ieproxy.dll
+ 2012-05-14 13:13 . 2011-11-04 19:20 184320 c:\windows\ie8updates\KB2647516-IE8\iepeers.dll
+ 2012-05-14 13:13 . 2011-11-04 19:20 743424 c:\windows\ie8updates\KB2647516-IE8\iedvtool.dll
+ 2012-05-14 13:13 . 2011-11-04 19:20 387584 c:\windows\ie8updates\KB2647516-IE8\iedkcs32.dll
+ 2012-05-14 13:13 . 2011-11-04 11:24 174080 c:\windows\ie8updates\KB2647516-IE8\ie4uinit.exe
+ 2012-05-14 13:08 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2012-05-14 13:08 . 2009-03-08 08:34 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2012-05-14 13:09 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2012-05-14 13:09 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2012-05-14 13:08 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2012-05-14 13:08 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2012-05-14 13:08 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2012-05-14 13:08 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2012-05-14 13:08 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2012-05-14 13:08 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2012-05-14 13:08 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2012-05-14 13:08 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
+ 2012-05-14 13:05 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2598845-IE8\spuninst\updspapi.dll
+ 2012-05-14 13:05 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2598845-IE8\spuninst\spuninst.exe
+ 2012-05-14 12:56 . 2012-02-28 18:50 667136 c:\windows\ie8\wininet.dll
+ 2012-05-14 12:56 . 2008-04-14 00:12 276480 c:\windows\ie8\webcheck.dll
+ 2012-05-14 12:56 . 2011-04-29 19:07 852480 c:\windows\ie8\vgx.dll
+ 2012-05-14 12:56 . 2011-03-04 06:45 434176 c:\windows\ie8\vbscript.dll
+ 2012-05-14 12:56 . 2012-02-28 18:50 633344 c:\windows\ie8\urlmon.dll
+ 2012-05-14 12:57 . 2009-01-07 22:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2012-05-14 12:57 . 2009-01-07 22:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2012-05-14 12:56 . 2012-02-28 18:50 532480 c:\windows\ie8\mstime.dll
+ 2012-05-14 12:56 . 2008-04-14 00:12 146432 c:\windows\ie8\msrating.dll
+ 2012-05-14 12:56 . 2004-08-04 12:00 146432 c:\windows\ie8\msls31.dll
+ 2012-05-14 12:56 . 2012-02-28 18:50 449536 c:\windows\ie8\mshtmled.dll
+ 2012-05-14 12:56 . 2011-03-04 06:45 512000 c:\windows\ie8\jscript.dll
+ 2012-05-14 12:56 . 2012-02-28 18:50 251904 c:\windows\ie8\iepeers.dll
+ 2012-05-14 12:56 . 2008-04-14 00:11 323584 c:\windows\ie8\iedkcs32.dll
+ 2012-05-14 12:56 . 2004-08-04 12:00 221184 c:\windows\ie8\ieakui.dll
+ 2012-05-14 12:56 . 2008-04-14 00:11 216576 c:\windows\ie8\ieaksie.dll
+ 2012-05-14 12:56 . 2008-04-14 00:11 143360 c:\windows\ie8\ieakeng.dll
+ 2012-05-14 12:56 . 2008-04-14 00:11 205312 c:\windows\ie8\dxtrans.dll
+ 2012-05-14 12:56 . 2008-04-14 00:11 357888 c:\windows\ie8\dxtmsft.dll
+ 2008-11-12 06:06 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2012-05-13 23:53 . 2012-05-13 23:53 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\ac4fc3032c19946f9b2729468888206d\WsatConfig.ni.exe
+ 2012-05-14 12:31 . 2012-05-14 12:31 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6198de2c5b8f7d89404c2ba39d69ae56\WindowsFormsIntegration.ni.dll
+ 2012-05-13 23:49 . 2012-05-13 23:49 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\be27ab5913cec2b292a019c2a13ec701\UIAutomationTypes.ni.dll
+ 2012-05-13 23:48 . 2012-05-13 23:48 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\04e5e2be34a70ee7f4c87550238095a0\UIAutomationClient.ni.dll
+ 2012-05-13 23:59 . 2012-05-13 23:59 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\1c13b08593e99d6f5bef49ae7939c78b\System.Xml.Linq.ni.dll
+ 2012-05-14 13:31 . 2012-05-14 13:31 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8bffbaa5d5abe40674d0bc124dfe8622\System.Web.Routing.ni.dll
+ 2012-05-13 23:58 . 2012-05-13 23:58 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6c7765c10516d375e9ddedad2dbab848\System.Web.RegularExpressions.ni.dll
+ 2012-05-14 13:31 . 2012-05-14 13:31 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a7908debe80c209b599529685a159fa0\System.Web.Extensions.Design.ni.dll
+ 2012-05-14 13:31 . 2012-05-14 13:31 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\44ecb9f7be54a2ba46e6102d343e2e7e\System.Web.Entity.ni.dll
+ 2012-05-14 13:31 . 2012-05-14 13:31 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\fee8237aa2daa36e48aec379ee642422\System.Web.Entity.Design.ni.dll
+ 2012-05-14 13:31 . 2012-05-14 13:31 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\40d90d2c1484164b786067320ce778f4\System.Web.DynamicData.ni.dll
+ 2012-05-14 13:31 . 2012-05-14 13:31 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6b4ce8cf2c3307b75ea7ebe77258bb26\System.Web.Abstractions.ni.dll
+ 2012-05-13 23:57 . 2012-05-13 23:57 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
+ 2012-05-14 13:24 . 2012-05-14 13:24 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll
+ 2012-05-13 23:53 . 2012-05-13 23:53 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
+ 2012-05-13 23:56 . 2012-05-13 23:56 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-13 23:57 . 2012-05-13 23:57 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\4a9eb43005a041959ddc5c7e586ab746\System.Net.ni.dll
+ 2012-05-13 23:56 . 2012-05-13 23:56 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
+ 2012-05-13 23:56 . 2012-05-13 23:56 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\3182a049ba953010dec649cf290a9e90\System.Management.Instrumentation.ni.dll
+ 2012-05-13 23:50 . 2012-05-13 23:50 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\8991f21d4b3676bf6f779110db8d4ac9\System.IO.Log.ni.dll
+ 2012-05-13 23:50 . 2012-05-13 23:50 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cd9c60a35d4958e94d2e3dd2f778e2e9\System.IdentityModel.Selectors.ni.dll
+ 2012-05-13 23:56 . 2012-05-13 23:56 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.Wrapper.dll
+ 2012-05-13 23:56 . 2012-05-13 23:56 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
+ 2012-05-14 12:30 . 2012-05-14 12:30 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\88aa4f80c7e5ac25f06f8950e42a1678\System.Drawing.Design.ni.dll
+ 2012-05-13 23:56 . 2012-05-13 23:56 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ca484772955bc4db03b5dcb611c09423\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-13 23:56 . 2012-05-13 23:56 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ba5e68dddfd3279a8469d39eded48f3\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-13 23:56 . 2012-05-13 23:56 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a0109fce606a3110a5e7f9a4773f517e\System.Data.Services.Design.ni.dll
+ 2012-05-13 23:56 . 2012-05-13 23:56 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3a68d0441f509ffa6f8f0fb9cfcc5780\System.Data.Services.Client.ni.dll
+ 2012-05-13 23:55 . 2012-05-13 23:55 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04440b3dd5d822da4973a525ee04b05d\System.Data.Entity.Design.ni.dll
+ 2012-05-13 23:54 . 2012-05-13 23:54 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\7bbb5d9e3b161b4d4b968e590442d3ae\System.Data.DataSetExtensions.ni.dll
+ 2012-05-13 23:53 . 2012-05-13 23:53 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
+ 2012-05-13 23:56 . 2012-05-13 23:56 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\bf7d6af03e1230ccad546a8659245ae9\System.Configuration.Install.ni.dll
+ 2012-05-14 00:08 . 2012-05-14 00:08 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\931a2bece4668863db4f852401c828cf\System.AddIn.ni.dll
+ 2012-05-13 23:53 . 2012-05-13 23:53 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6762f1ee780fa9c0b4ef66b285c64844\SMSvcHost.ni.exe
+ 2012-05-13 23:52 . 2012-05-13 23:52 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll
+ 2012-05-13 23:52 . 2012-05-13 23:52 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\47ed5bc9f42ea0054ce9acfde5e640b8\ServiceModelReg.ni.exe
+ 2012-05-13 23:44 . 2012-05-13 23:44 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a4706b850df9a3483f2fc439b6abe616\PresentationFramework.Royale.ni.dll
+ 2012-05-13 23:44 . 2012-05-13 23:44 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
+ 2012-05-13 23:44 . 2012-05-13 23:44 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll
+ 2012-05-13 23:44 . 2012-05-13 23:44 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\186c27fbd7b38b5551889274f6fa2ccd\PresentationFramework.Aero.ni.dll
+ 2012-05-13 23:53 . 2012-05-13 23:53 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5a121969a115d11b6256eb960c145686\MSBuild.ni.exe
+ 2012-05-13 23:52 . 2012-05-13 23:52 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\97c613d3899b320a6765793bdf490272\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-13 23:53 . 2012-05-13 23:53 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\dec22fb7d6b8929a41380e5359741a07\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-05-13 23:53 . 2012-05-13 23:53 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1009b31c86a1b798fffa9e0127cec29c\Microsoft.Build.Utilities.ni.dll
+ 2012-05-13 23:53 . 2012-05-13 23:53 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\21d88631ef629715d3eecdd08e62e0b8\Microsoft.Build.Engine.ni.dll
+ 2012-05-13 23:53 . 2012-05-13 23:53 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a0f38c6478cca8297fb160291346c1c9\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-05-13 23:53 . 2012-05-13 23:53 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bb26dd100d656605c576881a1a823667\CustomMarshalers.ni.dll
+ 2012-05-13 23:52 . 2012-05-13 23:52 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\9869c02d18825fdd32e64135a3e7246b\ComSvcConfig.ni.exe
+ 2012-05-14 13:18 . 2012-05-14 13:18 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e414683ec4cff1cac0c77aaefd67144e\AspNetMMCExt.ni.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-05-14 12:17 . 2012-05-14 12:17 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-05-14 12:17 . 2012-05-14 12:17 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-05-14 12:19 . 2012-05-14 12:19 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-05-14 12:19 . 2012-05-14 12:19 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-05-14 12:19 . 2012-05-14 12:19 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-05-14 12:17 . 2012-05-14 12:17 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-05-14 12:19 . 2012-05-14 12:19 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-10-07 11:32 . 2010-10-07 11:32 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-10-07 11:32 . 2010-10-07 11:32 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-05-14 12:19 . 2012-05-14 12:19 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-05-14 12:19 . 2012-05-14 12:19 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-10-07 11:32 . 2010-10-07 11:32 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-08-09 15:19 . 2009-08-09 15:19 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-05-14 00:06 . 2012-05-14 00:06 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-05-14 12:19 . 2012-05-14 12:19 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-05-13 22:44 . 2012-05-13 22:44 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-05-14 12:19 . 2012-05-14 12:19 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-05-14 12:17 . 2012-05-14 12:17 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-05-13 22:44 . 2012-05-13 22:44 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2009-08-09 15:18 . 2009-08-09 15:18 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-07 11:32 . 2010-10-07 11:32 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-05-14 12:19 . 2012-05-14 12:19 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-05-14 00:03 . 2012-05-14 00:03 350080 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2012-05-12 19:04 . 2012-02-09 15:43 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2011-05-14 00:04 . 2011-05-14 00:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 00:04 . 2011-05-14 00:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2006-04-30 06:56 . 2012-03-01 11:01 1212416 c:\windows\system32\urlmon.dll
+ 2006-04-30 06:56 . 2012-02-28 18:50 1510400 c:\windows\system32\shdocvw.dll
- 2006-04-30 06:56 . 2010-12-20 22:15 1510400 c:\windows\system32\shdocvw.dll
+ 2006-04-30 06:55 . 2011-11-03 15:28 1292288 c:\windows\system32\quartz.dll
+ 2006-04-30 06:55 . 2011-11-01 16:07 1288704 c:\windows\system32\ole32.dll
+ 2006-04-30 06:55 . 2012-03-01 11:01 5978624 c:\windows\system32\mshtml.dll
+ 2009-03-08 08:32 . 2012-03-01 11:01 2000384 c:\windows\system32\iertutil.dll
+ 2009-02-07 01:07 . 2009-02-07 01:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2006-04-30 00:03 . 2012-05-14 00:24 1558888 c:\windows\system32\FNTCACHE.DAT
- 2006-04-30 00:03 . 2011-02-09 22:20 1558888 c:\windows\system32\FNTCACHE.DAT
+ 2006-04-30 06:55 . 2012-04-11 13:12 1862272 c:\windows\system32\dllcache\win32k.sys
+ 2006-04-30 06:56 . 2012-03-01 11:01 1212416 c:\windows\system32\dllcache\urlmon.dll
- 2006-04-30 06:56 . 2010-12-20 22:15 1510400 c:\windows\system32\dllcache\shdocvw.dll
+ 2006-04-30 06:56 . 2012-02-28 18:50 1510400 c:\windows\system32\dllcache\shdocvw.dll
+ 2006-04-30 06:55 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2006-04-30 06:55 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
+ 2008-10-15 19:36 . 2012-04-11 13:10 2192640 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2004-08-03 22:59 . 2012-04-11 12:35 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 19:36 . 2012-04-11 12:35 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2006-04-30 06:55 . 2012-04-11 13:14 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-04-30 06:55 . 2012-03-01 11:01 5978624 c:\windows\system32\dllcache\mshtml.dll
+ 2006-04-30 06:55 . 2012-02-28 18:50 1025024 c:\windows\system32\dllcache\browseui.dll
- 2006-04-30 06:55 . 2010-12-20 22:15 1025024 c:\windows\system32\dllcache\browseui.dll
- 2006-04-30 06:55 . 2010-12-20 22:15 1025024 c:\windows\system32\browseui.dll
+ 2006-04-30 06:55 . 2012-02-28 18:50 1025024 c:\windows\system32\browseui.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2008-07-25 15:17 . 2008-07-25 15:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 5913360 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2010-05-11 10:40 . 2010-05-11 10:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-04-05 02:38 . 2012-04-05 02:38 2831360 c:\windows\Installer\7e7999.msp
+ 2012-04-29 01:44 . 2012-04-29 01:44 9101824 c:\windows\Installer\7e7973.msp
+ 2011-08-10 21:43 . 2011-08-10 21:43 3795968 c:\windows\Installer\7e794d.msp
+ 2011-11-01 17:34 . 2011-11-01 17:34 4250112 c:\windows\Installer\7e7919.msp
+ 2012-01-31 00:46 . 2012-01-31 00:46 7069184 c:\windows\Installer\28950c8.msp
+ 2011-04-29 16:28 . 2011-04-29 16:28 1995264 c:\windows\Installer\20ddd1.msp
+ 2011-06-21 15:59 . 2011-06-21 15:59 1764352 c:\windows\Installer\20dda8.msp
+ 2012-03-23 18:59 . 2012-03-23 18:59 7899648 c:\windows\Installer\20dd81.msp
+ 2012-04-29 01:44 . 2012-04-29 01:44 9586176 c:\windows\Installer\20dd5b.msp
+ 2011-08-10 21:42 . 2011-08-10 21:42 7070208 c:\windows\Installer\20dd33.msp
+ 2012-04-30 18:38 . 2012-04-30 18:38 5011456 c:\windows\Installer\20dd06.msp
+ 2011-12-26 13:59 . 2011-12-26 13:59 4368896 c:\windows\Installer\20dcea.msp
+ 2012-04-05 02:38 . 2012-04-05 02:38 3620864 c:\windows\Installer\20dcd0.msp
+ 2011-11-01 17:34 . 2011-11-01 17:34 2247168 c:\windows\Installer\20dcaa.msp
+ 2011-11-01 17:34 . 2011-11-01 17:34 1169920 c:\windows\Installer\20dc84.msp
+ 2011-11-01 17:34 . 2011-11-01 17:34 4225536 c:\windows\Installer\20dc52.msp
+ 2012-03-15 06:24 . 2012-03-15 06:24 1795584 c:\windows\Installer\20dc27.msp
+ 2011-11-01 17:34 . 2011-11-01 17:34 2531840 c:\windows\Installer\20dc01.msp
+ 2012-04-29 01:43 . 2012-04-29 01:43 8459264 c:\windows\Installer\20dbdb.msp
+ 2011-07-27 11:39 . 2011-07-27 11:39 9892352 c:\windows\Installer\20db86.msp
+ 2012-02-17 12:45 . 2012-02-17 12:45 2299392 c:\windows\Installer\20db60.msp
- 2008-07-16 00:42 . 2011-03-10 13:48 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-07-16 00:42 . 2012-05-14 00:16 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-07-16 00:42 . 2012-05-14 00:16 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2008-07-16 00:42 . 2011-03-10 13:48 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2008-07-23 20:08 . 2011-03-11 21:59 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-07-23 20:08 . 2012-05-14 00:16 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-07-23 20:08 . 2012-05-14 00:16 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-07-23 20:08 . 2011-03-11 21:59 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-04-03 23:21 . 2009-04-03 23:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OARTCONV.DLL
+ 2009-04-03 02:44 . 2009-04-03 02:44 2532224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GRAPH.EXE
+ 2012-05-14 13:03 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2012-05-14 13:03 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2012-05-14 13:03 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2012-05-14 13:17 . 2011-12-17 19:46 1212416 c:\windows\ie8updates\KB2675157-IE8\urlmon.dll
+ 2012-05-14 13:17 . 2011-12-17 19:46 5979136 c:\windows\ie8updates\KB2675157-IE8\mshtml.dll
+ 2012-05-14 13:17 . 2011-12-17 19:46 2000384 c:\windows\ie8updates\KB2675157-IE8\iertutil.dll
+ 2012-05-14 13:13 . 2011-11-04 19:20 1212416 c:\windows\ie8updates\KB2647516-IE8\urlmon.dll
+ 2012-05-14 13:13 . 2011-11-04 19:20 5978112 c:\windows\ie8updates\KB2647516-IE8\mshtml.dll
+ 2012-05-14 13:13 . 2011-11-04 19:20 2000384 c:\windows\ie8updates\KB2647516-IE8\iertutil.dll
+ 2012-05-14 13:08 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2012-05-14 13:08 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2012-05-14 13:08 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
+ 2012-05-14 12:56 . 2012-02-28 18:50 3087872 c:\windows\ie8\mshtml.dll
+ 2008-10-15 19:36 . 2012-04-11 13:10 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 19:36 . 2012-04-11 12:35 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 19:36 . 2012-04-11 12:35 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 19:36 . 2012-04-11 13:14 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-05-13 23:42 . 2012-05-13 23:42 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
+ 2012-05-13 23:49 . 2012-05-13 23:49 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\41a81b97625c113b591ed082c95276e2\UIAutomationClientsideProviders.ni.dll
+ 2012-05-13 23:41 . 2012-05-13 23:41 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
+ 2012-05-13 23:48 . 2012-05-13 23:48 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
+ 2012-05-14 13:32 . 2012-05-14 13:32 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\33fa6a2055bf857bff2e31020279b5e9\System.WorkflowServices.ni.dll
+ 2012-05-13 23:59 . 2012-05-13 23:59 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5eccf6fef6bee8a2f93bc65ff33699bb\System.Workflow.Runtime.ni.dll
+ 2012-05-14 13:32 . 2012-05-14 13:32 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\62bd2e1bf98b04ceca2102c8f54aab9d\System.Workflow.ComponentModel.ni.dll
+ 2012-05-14 13:32 . 2012-05-14 13:32 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\8215548b3d4aabbaa0557ab747700778\System.Workflow.Activities.ni.dll
+ 2012-05-13 23:58 . 2012-05-13 23:58 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3e11aea7d742b5eddbd0b6bd1012f7df\System.Web.Services.ni.dll
+ 2012-05-14 13:31 . 2012-05-14 13:31 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\ff995dde9cd34ff1e8ac7ab55fc92d32\System.Web.Mobile.ni.dll
+ 2012-05-14 13:31 . 2012-05-14 13:31 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8899d1091e64a4d0b6ae69060197091a\System.Web.Extensions.ni.dll
+ 2012-05-13 23:47 . 2012-05-13 23:47 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5efb50c91f3c5e49be2079f625d933b7\System.Speech.ni.dll
+ 2012-05-13 23:57 . 2012-05-13 23:57 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\97d635f5c656ae43d94b55e67fc4ab50\System.ServiceModel.Web.ni.dll
+ 2012-05-13 23:50 . 2012-05-13 23:50 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
+ 2012-05-14 12:30 . 2012-05-14 12:30 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\1d6707a5a9da16c1d1b88529837884d6\System.Printing.ni.dll
+ 2012-05-13 23:50 . 2012-05-13 23:50 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll
+ 2012-05-14 12:30 . 2012-05-14 12:30 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
+ 2012-05-13 23:56 . 2012-05-13 23:56 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b55887436d2cfbe1fb32dd18d554185b\System.DirectoryServices.ni.dll
+ 2012-05-14 13:23 . 2012-05-14 13:23 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\832196527f0497078f085eaf9189265f\System.Deployment.ni.dll
+ 2012-05-13 23:45 . 2012-05-13 23:45 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
+ 2012-05-13 23:53 . 2012-05-13 23:53 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\982b508698278c6ffb3d143bbe1e8bb8\System.Data.SqlXml.ni.dll
+ 2012-05-13 23:56 . 2012-05-13 23:56 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de7666b1cd0a1bc363726c9553dc39c\System.Data.Services.ni.dll
+ 2012-05-13 23:45 . 2012-05-13 23:45 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\44a5fc9e7c71b1fe1e2c79b03ecc3bc7\System.Data.Linq.ni.dll
+ 2012-05-13 23:55 . 2012-05-13 23:55 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\772c94f595cd87b7fa187d592ef46fcf\System.Data.Entity.ni.dll
+ 2012-05-13 23:44 . 2012-05-13 23:44 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
+ 2012-05-14 12:28 . 2012-05-14 12:28 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\2ecefd16184a78f19aaf0f02cc0a7e1f\ReachFramework.ni.dll
+ 2012-05-14 12:27 . 2012-05-14 12:27 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\51204805c71113e0db2103faa064b313\PresentationUI.ni.dll
+ 2012-05-13 23:42 . 2012-05-13 23:42 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\8c509044eea2ab22689ea43926b30108\PresentationBuildTasks.ni.dll
+ 2012-05-14 13:22 . 2012-05-14 13:22 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b49dd780ba8e3501b0adcf108b431e7b\Microsoft.VisualBasic.ni.dll
+ 2012-05-13 23:52 . 2012-05-13 23:52 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\42145ebf75f77cabad442f0801a81c64\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-13 23:56 . 2012-05-13 23:57 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\cfe15312373b4668398404b5822bab7d\Microsoft.JScript.ni.dll
+ 2012-05-14 13:22 . 2012-05-14 13:22 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f3fcd65eca42d13b746cf3f5bd993ee0\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-05-14 13:21 . 2012-05-14 13:21 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\2091903cd9b359e96f05ac2d6d25ef4e\Microsoft.Build.Tasks.ni.dll
+ 2012-05-13 23:53 . 2012-05-13 23:53 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5aa63a1cb41e3a5e1e8ed17072e60ec3\Microsoft.Build.Engine.ni.dll
+ 2012-05-13 22:44 . 2012-05-13 22:44 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2010-06-23 17:39 . 2010-06-23 17:39 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-05-14 12:19 . 2012-05-14 12:20 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-10-07 11:32 . 2010-10-07 11:32 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-05-14 12:18 . 2012-05-14 12:18 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-05-14 12:17 . 2012-05-14 12:17 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-05-13 23:14 . 2012-05-13 23:14 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2010-10-07 11:33 . 2010-10-07 11:33 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-05-14 12:17 . 2012-05-14 12:17 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-05-13 22:44 . 2012-05-13 22:44 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-05-14 12:17 . 2012-05-14 12:17 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-05-14 12:19 . 2012-05-14 12:19 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-07 11:32 . 2010-10-07 11:32 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-13 22:44 . 2012-05-13 22:44 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-05-14 12:19 . 2012-05-14 12:19 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-10-07 11:31 . 2010-10-07 11:31 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-09-08 21:55 . 2012-04-27 00:08 55656824 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2012-03-02 10:01 11082752 c:\windows\system32\ieframe.dll
+ 2012-04-06 06:12 . 2012-04-06 06:12 15709696 c:\windows\Installer\7e7937.msp
+ 2011-12-26 13:02 . 2011-12-26 13:02 19677184 c:\windows\Installer\28950bb.msp
+ 2012-01-04 06:25 . 2012-01-04 06:25 17751552 c:\windows\Installer\20ddb5.msp
+ 2011-12-26 13:02 . 2011-12-26 13:02 19677184 c:\windows\Installer\20dcec.msp
+ 2012-04-06 07:13 . 2012-04-06 07:13 16527872 c:\windows\Installer\20dc6e.msp
+ 2011-07-27 11:37 . 2011-07-27 11:37 11592192 c:\windows\Installer\20dbb5.msp
+ 2012-05-13 22:14 . 2012-05-13 22:14 20343808 c:\windows\Installer\1b5a0c.msp
+ 2009-04-03 23:21 . 2009-04-03 23:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OART.DLL
+ 2012-05-14 13:03 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2012-05-14 13:17 . 2011-12-18 18:46 11082240 c:\windows\ie8updates\KB2675157-IE8\ieframe.dll
+ 2012-05-14 13:13 . 2011-11-04 19:20 11081728 c:\windows\ie8updates\KB2647516-IE8\ieframe.dll
+ 2012-05-14 13:08 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
+ 2012-05-14 12:31 . 2012-05-14 12:31 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
+ 2012-05-14 13:30 . 2012-05-14 13:30 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll
+ 2012-05-13 23:52 . 2012-05-13 23:52 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
+ 2012-05-14 12:29 . 2012-05-14 12:29 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\a9256d2ad7e4be2bbb4e9b18c3997b84\System.Design.ni.dll
+ 2012-05-14 12:27 . 2012-05-14 12:27 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5b8ff47c1db373a2a4c638ca31988bd2\PresentationFramework.ni.dll
+ 2012-05-14 12:25 . 2012-05-14 12:25 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\4eb3cd1f1d5a83617524a9dfb96a657d\PresentationCore.ni.dll
+ 2012-05-13 23:41 . 2012-05-13 23:41 11492352 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056]
"QQIntl"="c:\program files\Tencent\QQIntl\Bin\QQ.exe" [2012-01-24 144760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
"TpShocks"="TpShocks.exe" [2006-03-16 106496]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-02 185872]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-17 2042208]
"GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"lxedmon.exe"="c:\program files\Lexmark S600 Series\lxedmon.exe" [2011-01-23 770728]
"EzPrint"="c:\program files\Lexmark S600 Series\ezprint.exe" [2011-01-23 148280]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KeyScrambler"="c:\program files\KeyScrambler\getting_started.html" [X]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2008-07-26 439568]
.
c:\documents and settings\Tyler\Start Menu\Programs\Startup\AutorunsDisabled
Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2010-12-18 337264]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-17 113664]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-5-31 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-29 24576]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2012-1-22 66864]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-10-24 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 19:17 11952 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 02:20 40448 ------w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ------w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ------w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-04-29 17:15 189952 -c----w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2006-03-15 23:07 421888 -c----w- c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\POWERPNT.EXE"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Documents and Settings\\Tyler\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/10/2010 1:05 PM 64512]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/01/2009 3:03 PM 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/01/2009 3:02 PM 297752]
R2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe -service --> c:\windows\system32\lxedcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [02/07/2010 1:24 PM 654408]
R2 OS Selector;Acronis OS Selector activator;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [25/05/2010 7:53 PM 2139400]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [13/03/2006 7:05 PM 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [14/07/2006 6:55 PM 3968]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [25/04/2006 10:00 PM 3456]
R2 XMail;XMail Server;c:\program files\acquia-drupal\xmail\XMail.exe [22/01/2012 11:44 PM 397824]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [24/07/2010 4:10 PM 115312]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 8:11 AM 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 8:11 AM 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 8:11 AM 12928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [02/07/2010 1:24 PM 22344]
S2 gupdate1c9e89826ac7d22;Google Update Service (gupdate1c9e89826ac7d22);c:\program files\Google\Update\GoogleUpdate.exe [08/06/2009 8:20 PM 133104]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [08/01/2011 10:50 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [08/01/2011 10:50 PM 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [08/06/2009 8:20 PM 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/11/2011 1:06 PM 2152688]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [03/11/2011 1:06 PM 15232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [03/05/2012 4:02 PM 129976]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 23:50]
.
2012-05-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-09 00:20]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-09 00:20]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-946952493-1249314289-2389365056-1005Core.job
- c:\documents and settings\Tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-19 21:03]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-946952493-1249314289-2389365056-1005UA.job
- c:\documents and settings\Tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-19 21:03]
.
2012-05-15 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-04-29 16:13]
.
2008-07-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2008-04-29 00:32]
.
2012-05-15 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 02:18]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/welcome/thinkpad
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 64.71.255.198
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\868np364.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en&tab=ww
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-14 21:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1924)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\windows\system32\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
c:\windows\system32\PROCHLP.DLL
.
- - - - - - - > 'lsass.exe'(1980)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
.
- - - - - - - > 'explorer.exe'(8048)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\PROCHLP.DLL
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\LEXBCES.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\lxedcoms.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Lenovo\Client Security Solution\tvtpwm_tray.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2012-05-14 21:19:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-15 01:19
ComboFix2.txt 2012-05-12 01:55
ComboFix3.txt 2010-07-24 00:27
.
Pre-Run: 11,476,242,432 bytes free
Post-Run: 11,653,627,904 bytes free
.
- - End Of File - - 5E6BE7D06DB2EC3C46633787D39DEA74

#10 TylerS19

TylerS19
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 15 May 2012 - 07:13 AM

Notepad is working fine now...

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 15 May 2012 - 08:57 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 9.5.1
FrostWire 4.21.3
FrostWire 5.0.8
Java DB 10.5.3.0
Java™ 6 Update 30
Java™ SE Development Kit 6 Update 21
LimeWire 5.5.9
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 TylerS19

TylerS19
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 15 May 2012 - 01:50 PM

Hey,

Didn't have any problems running anything. System is running much quicker now.

MBAM Log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.10.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Tyler :: LENOVO-64B6E920 [administrator]

Protection: Enabled

15/05/2012 2:35:44 PM
mbam-log-2012-05-15 (14-35-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223499
Time elapsed: 7 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Hijack This Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:48:23 PM, on 15/05/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\lxedcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\acquia-drupal\xmail\XMail.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark S600 Series\lxedmon.exe
C:\Program Files\Lexmark S600 Series\ezprint.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/welcome/thinkpad
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [lxedmon.exe] "C:\Program Files\Lexmark S600 Series\lxedmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark S600 Series\ezprint.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe
O4 - HKCU\..\Run: [QQIntl] "C:\Program Files\Tencent\QQIntl\Bin\QQ.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.70.1193.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'Default user')
O4 - S-1-5-18 Startup: AutorunsDisabled (User 'SYSTEM')
O4 - .DEFAULT Startup: AutorunsDisabled (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Avpr2lts - AVG Technologies CZ, s.r.o. - (no file)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9e89826ac7d22) (gupdate1c9e89826ac7d22) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxed_device - - C:\WINDOWS\system32\lxedcoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Acronis OS Selector activator (OS Selector) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: XMail Server (XMail) - Unknown owner - C:\Program Files\acquia-drupal\xmail\XMail.exe

--
End of file - 18936 bytes

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 15 May 2012 - 07:28 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
      O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
      O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
      O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
      O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [QQIntl] "C:\Program Files\Tencent\QQIntl\Bin\QQ.exe" /background
      O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.70.1193.0 (User 'SYSTEM')
      O4 - S-1-5-18 Startup: AutorunsDisabled (User 'SYSTEM')
      O4 - .DEFAULT Startup: AutorunsDisabled (User 'Default user')
      O4 - Startup: AutorunsDisabled
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 TylerS19

TylerS19
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 17 May 2012 - 03:28 PM

Hey,

Completed the first step.

For the second I had it run for about 5 hours today and it didn't wrap up so I'll run it tomorrow morning, for now it actually for 2 infections:

C:\Documents and Settings\Tyler\Local Settings\Application Data\{36E3A249-7B45-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP16\A0003575.exe Win32/OpenCandy application

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 17 May 2012 - 04:45 PM

Greetings

no problem and see you then


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users