Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

smart fortress infection


  • This topic is locked This topic is locked
53 replies to this topic

#1 smartfraud

smartfraud

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:mn
  • Local time:11:50 PM

Posted 01 June 2012 - 09:27 PM

I was infected with smart fortress trojan.I had the typical blocked from doing anything when I tried to open anything and google redirects.I went to safe mode and ran malwarebytes after updating it (quick scan)ver-151- I have since updated. (4 infections found)deleted those.I rebooted and wham- still infected.I went back to safe mode.smart fortress did not seem to be running here.processes apeared clean. and ran it again this time a full scan was done(11 infections found one of them was a zero acess rootkit)I deleted everything then manualy deleted a smart fortress folder rebooted and unticked proxy settings.everything seemed ok acept the following problems-1 desktop icons would not stay put.problem-2 my mcaffe firewall and security alerts was gone and I could not open the firewall program.it said due to unidentified problems it could not open or somthing to that efect.problem-3 I could not run system restore it said could not restore to whatever date I picked-tried several times.problem-4 my belkin wirless utility will not work properly items are greyed out and wont let me change anything the adopter bypasses to windows wireless display even though im not using it.please Note-I was not using the wireless when I got hit with the trojan and I am not using it now. other things I did were run defogger and then tdsskiller.did not find anything exept a locked sptd file or something from deamon tools.a old file not in use. I ran hitman pro and its not reporting anything exiting either.I went to microsoft.com and tried a couple commands from there.I was able to partially get into my firewall but not from the firewall icon. A family member who works with computers told me to run combofix so I turned off the firewall and I ran that. the machine rebooted when it was done.First thing I noticed was my icons went back to where I put them. problem-1 aparently fixed.then I noticed that my mcafee icon was back.I click on it and it works.clicked the firewall icon in control pannel and it works.so aparently problem-2 is fixed. problem-3-I dont know if system restore works or not because combofix deletes restore points.I went to restore to look and noticed that the third option to undo last restore is missing.I dont know if this is a issue or not since I have not uninstalled combofix yet. will leave it until further notice.that leaves the wirless utility-problem-4 unsolved.I tried uninstalling and reinstalling and there is no change.Please tell me if there is anything else I can try and what I should do next. ......thank you for your HELP. PS I ran udated malwarebytes and found no issues.

Edited by smartfraud, 02 June 2012 - 02:48 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:50 PM

Posted 07 June 2012 - 08:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.



Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

In a few words tell me what are the issues with this computer.

#3 smartfraud

smartfraud
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:mn
  • Local time:11:50 PM

Posted 07 June 2012 - 06:42 PM

I did all these things and went to post them it said there was a error. aparently I was supposed to reply is this right? I went back and hit the reply button I dont know if you got my info or not. let me know. I might have to do this all over. what did I do wrong? the problem is my belkin wireless client is not working right anymore.it wont let me change anything and items are grayed out. the radio will not ativate and it gos through windows. also I dont know if system restore is working right or not since I still have combofix on the desktop. I went to system restore and the third option to redo last restore is missing. is this because combofix has not been uninstaled or is it another problem?

Edited by smartfraud, 07 June 2012 - 06:58 PM.


#4 smartfraud

smartfraud
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:mn
  • Local time:11:50 PM

Posted 08 June 2012 - 12:05 AM

I will try this again!heres the dds.txt.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Owner at 16:26:46 on 2012-06-07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.119 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VECTORVEST\Binn\sqlservr.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/
uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/
mSearch Bar = hxxp://srch-qus10.hpwis.com/
uInternet Connection Wizard,ShellNext = hxxp://qus10.hpwis.com/
uInternet Settings,ProxyOverride = localhost
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\common\ycomp5,1,1,0.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\common\ycomp5,1,1,0.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [LTMSG] LTMSG.exe 7
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [F5D8055v1] c:\program files\belkin\f5d8055\v1\Belkinwcui.exe
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: SpSubLSP.dll
Trusted Zone: adobe.com\www
Trusted Zone: scottrade.com\trading
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{1ADF68B6-52D2-4B3A-9B0C-D1F6DF8D55EB} : DhcpNameServer = 75.75.76.76 75.75.75.75
Notify: igfxcui - igfxsrvc.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\z5fmv8xb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-5-30 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-5-30 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-5-30 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-5-30 44768]
R2 MSSQL$VECTORVEST;MSSQL$VECTORVEST;c:\program files\microsoft sql server\mssql$vectorvest\binn\sqlservr.exe -svectorvest --> c:\program files\microsoft sql server\mssql$vectorvest\binn\sqlservr.exe -sVECTORVEST [?]
S2 mrtRate;mrtRate; [x]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-30 129976]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]
S3 rt2870;Belkin N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\rt2870.sys [2012-5-30 619136]
S3 SQLAgent$VECTORVEST;SQLAgent$VECTORVEST;c:\program files\microsoft sql server\mssql$vectorvest\binn\sqlagent.exe -i vectorvest --> c:\program files\microsoft sql server\mssql$vectorvest\binn\sqlagent.EXE -i VECTORVEST [?]
.
=============== Created Last 30 ================
.
2012-06-02 04:08:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-01 07:32:31 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-31 07:16:41 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-05-31 07:16:37 4096 ------w- c:\windows\system32\drivers\RT2870.bin
2012-05-31 02:01:00 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-31 02:00:01 -------- d-----w- c:\program files\HitmanPro
2012-05-30 23:40:40 200704 ----a-w- c:\windows\system32\UpdateDriver.exe
2012-05-30 23:40:20 -------- d-----w- c:\program files\Belkin
2012-05-30 23:31:06 619136 ----a-r- c:\windows\system32\drivers\rt2870.sys
2012-05-30 11:34:57 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-30 11:33:18 41184 ----a-w- c:\windows\avastSS.scr
2012-05-30 11:32:22 -------- d-----w- c:\program files\AVAST Software
2012-05-30 11:32:22 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-05-30 11:14:05 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-30 11:14:05 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-05-30 05:38:58 98816 ----a-w- c:\windows\sed.exe
2012-05-30 05:38:58 518144 ----a-w- c:\windows\SWREG.exe
2012-05-30 05:38:58 256000 ----a-w- c:\windows\PEV.exe
2012-05-30 05:38:58 208896 ----a-w- c:\windows\MBR.exe
2012-05-30 00:53:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-27 08:52:12 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-05-27 07:50:16 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-05-27 07:50:16 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-27 03:04:00 -------- d-----w- c:\documents and settings\owner\local settings\application data\{949CAA45-A7A8-11E1-8270-B8AC6F996F26}
2012-05-27 03:03:26 -------- d-----w- c:\documents and settings\all users\application data\529C5369000183630A2D9B602830ACA8
.
==================== Find3M ====================
.
2012-05-13 22:44:09 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-13 22:44:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2006-10-30 00:07:53 6168096 ----a-w- c:\program files\PokerStarsInstallPM.exe
2005-02-01 20:37:32 2636408 ----a-w- c:\program files\aawsepersonal.exe
.
============= FINISH: 16:28:21.62 ===============
ok now the tdsskiller log file. 16:50:18.0593 3932 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
16:50:18.0953 3932 ============================================================
16:50:18.0953 3932 Current date / time: 2012/06/07 16:50:18.0953
16:50:18.0953 3932 SystemInfo:
16:50:18.0953 3932
16:50:18.0953 3932 OS Version: 5.1.2600 ServicePack: 2.0
16:50:18.0953 3932 Product type: Workstation
16:50:18.0953 3932 ComputerName: GENOSSCTIGERS
16:50:18.0953 3932 UserName: Owner
16:50:18.0953 3932 Windows directory: C:\WINDOWS
16:50:18.0953 3932 System windows directory: C:\WINDOWS
16:50:18.0953 3932 Processor architecture: Intel x86
16:50:18.0953 3932 Number of processors: 1
16:50:18.0953 3932 Page size: 0x1000
16:50:18.0953 3932 Boot type: Normal boot
16:50:18.0953 3932 ============================================================
16:50:20.0859 3932 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
16:50:20.0859 3932 ============================================================
16:50:20.0859 3932 \Device\Harddisk0\DR0:
16:50:20.0859 3932 MBR partitions:
16:50:20.0859 3932 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xD39011
16:50:20.0859 3932 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xD39050, BlocksNum 0x3D4C2B0
16:50:20.0859 3932 ============================================================
16:50:21.0296 3932 C: <-> \Device\Harddisk0\DR0\Partition1
16:50:21.0296 3932 D: <-> \Device\Harddisk0\DR0\Partition0
16:50:21.0296 3932 ============================================================
16:50:21.0296 3932 Initialize success
16:50:21.0296 3932 ============================================================
16:50:30.0796 3612 ============================================================
16:50:30.0796 3612 Scan started
16:50:30.0796 3612 Mode: Manual; TDLFS;
16:50:30.0796 3612 ============================================================
16:50:31.0343 3612 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
16:50:31.0343 3612 Aavmker4 - ok
16:50:31.0375 3612 Abiosdsk - ok
16:50:31.0390 3612 abp480n5 - ok
16:50:31.0484 3612 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:50:31.0500 3612 ACPI - ok
16:50:31.0578 3612 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:50:31.0578 3612 ACPIEC - ok
16:50:31.0734 3612 Adobe LM Service (a4ffc35a661d42dd424f22905c333979) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
16:50:31.0750 3612 Adobe LM Service - ok
16:50:31.0781 3612 adpu160m - ok
16:50:31.0843 3612 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
16:50:31.0859 3612 aec - ok
16:50:31.0937 3612 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:50:31.0953 3612 AegisP - ok
16:50:32.0031 3612 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
16:50:32.0046 3612 AFD - ok
16:50:32.0078 3612 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
16:50:32.0078 3612 AFS2K - ok
16:50:32.0125 3612 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:50:32.0140 3612 agp440 - ok
16:50:32.0156 3612 Aha154x - ok
16:50:32.0187 3612 aic78u2 - ok
16:50:32.0203 3612 aic78xx - ok
16:50:32.0515 3612 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:50:32.0625 3612 ALCXWDM - ok
16:50:32.0843 3612 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
16:50:32.0843 3612 Alerter - ok
16:50:32.0906 3612 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
16:50:32.0921 3612 ALG - ok
16:50:32.0984 3612 AliIde - ok
16:50:33.0062 3612 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
16:50:33.0062 3612 AmdK7 - ok
16:50:33.0093 3612 amsint - ok
16:50:33.0109 3612 AppMgmt - ok
16:50:33.0140 3612 asc - ok
16:50:33.0171 3612 asc3350p - ok
16:50:33.0187 3612 asc3550 - ok
16:50:33.0390 3612 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
16:50:33.0390 3612 aspnet_state - ok
16:50:33.0453 3612 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
16:50:33.0468 3612 aswFsBlk - ok
16:50:33.0546 3612 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
16:50:33.0546 3612 aswMon2 - ok
16:50:33.0578 3612 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
16:50:33.0593 3612 AswRdr - ok
16:50:33.0671 3612 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
16:50:33.0718 3612 aswSnx - ok
16:50:33.0781 3612 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
16:50:33.0796 3612 aswSP - ok
16:50:33.0843 3612 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
16:50:33.0843 3612 aswTdi - ok
16:50:33.0906 3612 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:50:33.0906 3612 AsyncMac - ok
16:50:33.0968 3612 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:50:33.0968 3612 atapi - ok
16:50:34.0000 3612 Atdisk - ok
16:50:34.0078 3612 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:50:34.0078 3612 Atmarpc - ok
16:50:34.0156 3612 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
16:50:34.0171 3612 AudioSrv - ok
16:50:34.0234 3612 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:50:34.0250 3612 audstub - ok
16:50:34.0359 3612 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:50:34.0375 3612 avast! Antivirus - ok
16:50:34.0453 3612 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:50:34.0453 3612 Beep - ok
16:50:34.0546 3612 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
16:50:34.0609 3612 BITS - ok
16:50:34.0671 3612 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
16:50:34.0687 3612 Browser - ok
16:50:34.0703 3612 catchme - ok
16:50:34.0781 3612 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:50:34.0796 3612 cbidf2k - ok
16:50:34.0859 3612 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:50:34.0875 3612 CCDECODE - ok
16:50:34.0875 3612 cd20xrnt - ok
16:50:34.0921 3612 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:50:34.0921 3612 Cdaudio - ok
16:50:34.0953 3612 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
16:50:34.0968 3612 Cdfs - ok
16:50:35.0000 3612 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:50:35.0000 3612 Cdrom - ok
16:50:35.0015 3612 Changer - ok
16:50:35.0093 3612 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
16:50:35.0109 3612 CiSvc - ok
16:50:35.0156 3612 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
16:50:35.0156 3612 ClipSrv - ok
16:50:35.0171 3612 CmdIde - ok
16:50:35.0203 3612 COMSysApp - ok
16:50:35.0250 3612 Cpqarray - ok
16:50:35.0328 3612 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
16:50:35.0343 3612 CryptSvc - ok
16:50:35.0359 3612 dac2w2k - ok
16:50:35.0375 3612 dac960nt - ok
16:50:35.0484 3612 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
16:50:35.0546 3612 DcomLaunch - ok
16:50:35.0609 3612 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
16:50:35.0625 3612 Dhcp - ok
16:50:35.0671 3612 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
16:50:35.0671 3612 Disk - ok
16:50:35.0703 3612 dmadmin - ok
16:50:35.0828 3612 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
16:50:35.0875 3612 dmboot - ok
16:50:35.0953 3612 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
16:50:35.0968 3612 dmio - ok
16:50:36.0046 3612 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:50:36.0046 3612 dmload - ok
16:50:36.0109 3612 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
16:50:36.0125 3612 dmserver - ok
16:50:36.0171 3612 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
16:50:36.0171 3612 DMusic - ok
16:50:36.0203 3612 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
16:50:36.0218 3612 Dnscache - ok
16:50:36.0250 3612 dpti2o - ok
16:50:36.0281 3612 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
16:50:36.0296 3612 drmkaud - ok
16:50:36.0375 3612 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
16:50:36.0375 3612 ERSvc - ok
16:50:36.0453 3612 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
16:50:36.0484 3612 Eventlog - ok
16:50:36.0578 3612 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\System32\es.dll
16:50:36.0593 3612 EventSystem - ok
16:50:36.0718 3612 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
16:50:36.0734 3612 Fastfat - ok
16:50:36.0796 3612 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
16:50:36.0828 3612 FastUserSwitchingCompatibility - ok
16:50:36.0937 3612 Fax (fcbd571fa0ee8dc238944ae5fab74461) C:\WINDOWS\system32\fxssvc.exe
16:50:36.0968 3612 Fax - ok
16:50:37.0000 3612 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:50:37.0015 3612 Fdc - ok
16:50:37.0171 3612 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
16:50:37.0171 3612 Fips - ok
16:50:37.0203 3612 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:50:37.0218 3612 Flpydisk - ok
16:50:37.0312 3612 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
16:50:37.0312 3612 FltMgr - ok
16:50:37.0343 3612 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:50:37.0343 3612 Fs_Rec - ok
16:50:37.0375 3612 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:50:37.0390 3612 Ftdisk - ok
16:50:37.0453 3612 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:50:37.0453 3612 Gpc - ok
16:50:37.0578 3612 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:50:37.0593 3612 helpsvc - ok
16:50:37.0609 3612 HidServ - ok
16:50:37.0687 3612 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:50:37.0687 3612 HidUsb - ok
16:50:37.0703 3612 hpn - ok
16:50:37.0812 3612 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
16:50:37.0828 3612 HTTP - ok
16:50:37.0890 3612 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
16:50:37.0921 3612 HTTPFilter - ok
16:50:37.0953 3612 i2omgmt - ok
16:50:37.0968 3612 i2omp - ok
16:50:38.0031 3612 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:50:38.0046 3612 i8042prt - ok
16:50:38.0187 3612 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:50:38.0234 3612 ialm - ok
16:50:38.0265 3612 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:50:38.0265 3612 Imapi - ok
16:50:38.0359 3612 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
16:50:38.0390 3612 ImapiService - ok
16:50:38.0421 3612 ini910u - ok
16:50:38.0515 3612 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:50:38.0515 3612 IntelIde - ok
16:50:38.0593 3612 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:50:38.0593 3612 intelppm - ok
16:50:38.0640 3612 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
16:50:38.0640 3612 ip6fw - ok
16:50:38.0718 3612 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:50:38.0718 3612 IpFilterDriver - ok
16:50:38.0750 3612 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:50:38.0765 3612 IpInIp - ok
16:50:38.0843 3612 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:50:38.0859 3612 IpNat - ok
16:50:38.0890 3612 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:50:38.0906 3612 IPSec - ok
16:50:38.0984 3612 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:50:38.0984 3612 IRENUM - ok
16:50:39.0218 3612 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:50:39.0218 3612 isapnp - ok
16:50:39.0265 3612 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:50:39.0265 3612 Kbdclass - ok
16:50:39.0359 3612 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
16:50:39.0390 3612 kmixer - ok
16:50:39.0437 3612 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
16:50:39.0437 3612 KSecDD - ok
16:50:39.0500 3612 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
16:50:39.0531 3612 lanmanserver - ok
16:50:39.0609 3612 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
16:50:39.0656 3612 lanmanworkstation - ok
16:50:39.0687 3612 lbrtfdc - ok
16:50:39.0781 3612 LexBceS (1e249f3e56b9c13f42c6d12d9447354f) C:\WINDOWS\system32\LEXBCES.EXE
16:50:39.0828 3612 LexBceS - ok
16:50:39.0890 3612 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
16:50:39.0906 3612 LmHosts - ok
16:50:40.0046 3612 ltmodem5 (829ef680a308c12e2a80e5e0da0d958d) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
16:50:40.0078 3612 ltmodem5 - ok
16:50:40.0281 3612 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
16:50:40.0312 3612 McComponentHostService - ok
16:50:40.0390 3612 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
16:50:40.0406 3612 Messenger - ok
16:50:40.0468 3612 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:50:40.0484 3612 mnmdd - ok
16:50:40.0546 3612 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\System32\mnmsrvc.exe
16:50:40.0578 3612 mnmsrvc - ok
16:50:40.0609 3612 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
16:50:40.0625 3612 Modem - ok
16:50:40.0656 3612 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:50:40.0671 3612 Mouclass - ok
16:50:40.0750 3612 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:50:40.0750 3612 mouhid - ok
16:50:40.0796 3612 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
16:50:40.0796 3612 MountMgr - ok
16:50:40.0859 3612 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:50:40.0875 3612 MozillaMaintenance - ok
16:50:40.0890 3612 mraid35x - ok
16:50:40.0906 3612 mrtRate - ok
16:50:40.0968 3612 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:50:40.0984 3612 MRxDAV - ok
16:50:41.0109 3612 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:50:41.0140 3612 MRxSmb - ok
16:50:41.0203 3612 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\System32\msdtc.exe
16:50:41.0218 3612 MSDTC - ok
16:50:41.0265 3612 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
16:50:41.0281 3612 Msfs - ok
16:50:41.0296 3612 MSIServer - ok
16:50:41.0343 3612 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:50:41.0359 3612 MSKSSRV - ok
16:50:41.0375 3612 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:50:41.0375 3612 MSPCLOCK - ok
16:50:41.0406 3612 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
16:50:41.0406 3612 MSPQM - ok
16:50:41.0484 3612 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:50:41.0484 3612 mssmbios - ok
16:50:41.0578 3612 MSSQL$VECTORVEST - ok
16:50:41.0703 3612 MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
16:50:41.0718 3612 MSSQLServerADHelper - ok
16:50:41.0750 3612 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
16:50:41.0750 3612 MSTEE - ok
16:50:41.0796 3612 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
16:50:41.0812 3612 Mup - ok
16:50:41.0875 3612 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
16:50:41.0890 3612 MxlW2k - ok
16:50:41.0953 3612 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:50:41.0968 3612 NABTSFEC - ok
16:50:42.0031 3612 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
16:50:42.0046 3612 NDIS - ok
16:50:42.0093 3612 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:50:42.0093 3612 NdisIP - ok
16:50:42.0187 3612 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:50:42.0187 3612 NdisTapi - ok
16:50:42.0234 3612 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:50:42.0234 3612 Ndisuio - ok
16:50:42.0296 3612 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:50:42.0296 3612 NdisWan - ok
16:50:42.0343 3612 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
16:50:42.0343 3612 NDProxy - ok
16:50:42.0375 3612 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:50:42.0390 3612 NetBIOS - ok
16:50:42.0421 3612 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:50:42.0437 3612 NetBT - ok
16:50:42.0531 3612 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
16:50:42.0546 3612 NetDDE - ok
16:50:42.0578 3612 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
16:50:42.0609 3612 NetDDEdsdm - ok
16:50:42.0671 3612 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
16:50:42.0687 3612 Netlogon - ok
16:50:42.0781 3612 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
16:50:42.0812 3612 Netman - ok
16:50:42.0906 3612 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
16:50:42.0937 3612 Nla - ok
16:50:42.0984 3612 NPF - ok
16:50:43.0125 3612 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
16:50:43.0125 3612 Npfs - ok
16:50:43.0265 3612 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
16:50:43.0312 3612 Ntfs - ok
16:50:43.0328 3612 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
16:50:43.0359 3612 NtLmSsp - ok
16:50:43.0453 3612 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
16:50:43.0515 3612 NtmsSvc - ok
16:50:43.0578 3612 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:50:43.0578 3612 Null - ok
16:50:43.0843 3612 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:50:43.0953 3612 nv - ok
16:50:44.0250 3612 nvcap (9b7accfac9b19b98d54f45a9cf61ca39) C:\WINDOWS\system32\DRIVERS\nvcap.sys
16:50:44.0281 3612 nvcap - ok
16:50:44.0359 3612 NVSvc (88a8cfcd2bc3ff1484901ce985782e6e) C:\WINDOWS\System32\nvsvc32.exe
16:50:44.0390 3612 NVSvc - ok
16:50:44.0406 3612 NVXBAR (bef79a5b5a01bb749afbed27837e6311) C:\WINDOWS\system32\DRIVERS\NVxbar.sys
16:50:44.0421 3612 NVXBAR - ok
16:50:44.0453 3612 nv_agp (01621905ae34bc24aaa2fddb93977299) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
16:50:44.0453 3612 nv_agp - ok
16:50:44.0515 3612 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:50:44.0531 3612 NwlnkFlt - ok
16:50:44.0562 3612 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:50:44.0578 3612 NwlnkFwd - ok
16:50:44.0656 3612 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
16:50:44.0656 3612 Parport - ok
16:50:44.0734 3612 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
16:50:44.0750 3612 PartMgr - ok
16:50:44.0781 3612 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:50:44.0796 3612 ParVdm - ok
16:50:44.0828 3612 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
16:50:44.0828 3612 PCI - ok
16:50:44.0859 3612 PCIDump - ok
16:50:44.0890 3612 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
16:50:44.0906 3612 PCIIde - ok
16:50:44.0953 3612 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:50:44.0953 3612 Pcmcia - ok
16:50:44.0984 3612 PDCOMP - ok
16:50:45.0015 3612 PDFRAME - ok
16:50:45.0031 3612 PDRELI - ok
16:50:45.0062 3612 PDRFRAME - ok
16:50:45.0078 3612 perc2 - ok
16:50:45.0109 3612 perc2hib - ok
16:50:45.0218 3612 pfc (2c1eb94c24a6a1d3434481b0a5fa9c08) C:\WINDOWS\System32\drivers\pfc.sys
16:50:45.0234 3612 pfc - ok
16:50:45.0312 3612 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
16:50:45.0343 3612 PlugPlay - ok
16:50:45.0390 3612 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
16:50:45.0406 3612 PolicyAgent - ok
16:50:45.0468 3612 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:50:45.0484 3612 PptpMiniport - ok
16:50:45.0515 3612 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
16:50:45.0531 3612 Processor - ok
16:50:45.0562 3612 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
16:50:45.0578 3612 ProtectedStorage - ok
16:50:45.0640 3612 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
16:50:45.0656 3612 Ps2 - ok
16:50:45.0687 3612 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
16:50:45.0687 3612 PSched - ok
16:50:45.0765 3612 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:50:45.0765 3612 Ptilink - ok
16:50:45.0812 3612 PxHelp20 (7e1eacdecba39e0b2a35306426f0decc) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
16:50:45.0812 3612 PxHelp20 - ok
16:50:45.0843 3612 ql1080 - ok
16:50:45.0859 3612 Ql10wnt - ok
16:50:45.0890 3612 ql12160 - ok
16:50:45.0906 3612 ql1240 - ok
16:50:45.0937 3612 ql1280 - ok
16:50:45.0968 3612 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:50:45.0968 3612 RasAcd - ok
16:50:46.0031 3612 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
16:50:46.0078 3612 RasAuto - ok
16:50:46.0125 3612 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:50:46.0140 3612 Rasl2tp - ok
16:50:46.0218 3612 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
16:50:46.0265 3612 RasMan - ok
16:50:46.0296 3612 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:50:46.0312 3612 RasPppoe - ok
16:50:46.0421 3612 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:50:46.0437 3612 Raspti - ok
16:50:46.0531 3612 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:50:46.0546 3612 Rdbss - ok
16:50:46.0578 3612 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:50:46.0578 3612 RDPCDD - ok
16:50:46.0671 3612 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
16:50:46.0687 3612 RDPWD - ok
16:50:46.0781 3612 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
16:50:46.0828 3612 RDSessMgr - ok
16:50:46.0875 3612 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:50:46.0890 3612 redbook - ok
16:50:46.0937 3612 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
16:50:46.0968 3612 RemoteAccess - ok
16:50:47.0031 3612 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
16:50:47.0046 3612 ROOTMODEM - ok
16:50:47.0093 3612 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\System32\locator.exe
16:50:47.0125 3612 RpcLocator - ok
16:50:47.0234 3612 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\System32\rpcss.dll
16:50:47.0281 3612 RpcSs - ok
16:50:47.0359 3612 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
16:50:47.0406 3612 RSVP - ok
16:50:47.0531 3612 rt2870 (5532f69d0a845ffe9d70b9e0392fe50a) C:\WINDOWS\system32\DRIVERS\rt2870.sys
16:50:47.0562 3612 rt2870 - ok
16:50:47.0640 3612 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
16:50:47.0656 3612 rtl8139 - ok
16:50:47.0734 3612 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
16:50:47.0750 3612 S3Psddr - ok
16:50:47.0828 3612 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
16:50:47.0843 3612 SamSs - ok
16:50:47.0937 3612 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
16:50:47.0968 3612 SCardSvr - ok
16:50:48.0062 3612 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
16:50:48.0093 3612 Schedule - ok
16:50:48.0187 3612 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:50:48.0187 3612 Secdrv - ok
16:50:48.0343 3612 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
16:50:48.0375 3612 seclogon - ok
16:50:48.0421 3612 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
16:50:48.0453 3612 SENS - ok
16:50:48.0531 3612 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:50:48.0531 3612 Serenum - ok
16:50:48.0562 3612 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
16:50:48.0578 3612 Serial - ok
16:50:48.0609 3612 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:50:48.0609 3612 Sfloppy - ok
16:50:48.0703 3612 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
16:50:48.0750 3612 SharedAccess - ok
16:50:48.0781 3612 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
16:50:48.0828 3612 ShellHWDetection - ok
16:50:48.0843 3612 Simbad - ok
16:50:48.0953 3612 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
16:50:48.0984 3612 SiS315 - ok
16:50:49.0015 3612 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
16:50:49.0031 3612 SISAGP - ok
16:50:49.0062 3612 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys
16:50:49.0062 3612 SiSkp - ok
16:50:49.0109 3612 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:50:49.0125 3612 SLIP - ok
16:50:49.0187 3612 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
16:50:49.0203 3612 SONYPVU1 - ok
16:50:49.0218 3612 Sparrow - ok
16:50:49.0343 3612 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
16:50:49.0359 3612 splitter - ok
16:50:49.0500 3612 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
16:50:49.0531 3612 Spooler - ok
16:50:49.0828 3612 sptd (f42efefb765235f24b24e1d2b6f99f46) C:\WINDOWS\System32\Drivers\sptd.sys
16:50:49.0843 3612 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: f42efefb765235f24b24e1d2b6f99f46
16:50:49.0843 3612 sptd ( LockedFile.Multi.Generic ) - warning
16:50:49.0843 3612 sptd - detected LockedFile.Multi.Generic (1)
16:50:50.0000 3612 SQLAgent$VECTORVEST - ok
16:50:50.0078 3612 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
16:50:50.0078 3612 sr - ok
16:50:50.0156 3612 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
16:50:50.0203 3612 srservice - ok
16:50:50.0296 3612 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
16:50:50.0343 3612 Srv - ok
16:50:50.0390 3612 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
16:50:50.0421 3612 SSDPSRV - ok
16:50:50.0515 3612 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
16:50:50.0578 3612 stisvc - ok
16:50:50.0625 3612 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:50:50.0640 3612 streamip - ok
16:50:50.0734 3612 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:50:50.0750 3612 swenum - ok
16:50:50.0828 3612 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
16:50:50.0843 3612 swmidi - ok
16:50:50.0859 3612 SwPrv - ok
16:50:50.0890 3612 symc810 - ok
16:50:50.0921 3612 symc8xx - ok
16:50:51.0171 3612 SymWSC (67c5af84809468061121fbcbecb19285) C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
16:50:51.0187 3612 SymWSC - ok
16:50:51.0203 3612 sym_hi - ok
16:50:51.0234 3612 sym_u3 - ok
16:50:51.0281 3612 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
16:50:51.0296 3612 sysaudio - ok
16:50:51.0390 3612 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
16:50:51.0421 3612 SysmonLog - ok
16:50:51.0515 3612 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
16:50:51.0562 3612 TapiSrv - ok
16:50:51.0656 3612 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:50:51.0687 3612 Tcpip - ok
16:50:51.0781 3612 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:50:51.0796 3612 TDPIPE - ok
16:50:51.0828 3612 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
16:50:51.0843 3612 TDTCP - ok
16:50:51.0890 3612 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:50:51.0890 3612 TermDD - ok
16:50:51.0984 3612 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
16:50:52.0046 3612 TermService - ok
16:50:52.0109 3612 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
16:50:52.0140 3612 Themes - ok
16:50:52.0171 3612 TosIde - ok
16:50:52.0218 3612 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
16:50:52.0265 3612 TrkWks - ok
16:50:52.0484 3612 TUWinStylerThemeSvc (50908f3cf3cdfe669dc9b0e166fb1f9e) C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
16:50:52.0500 3612 TUWinStylerThemeSvc - ok
16:50:52.0515 3612 TVicHW32 - ok
16:50:52.0578 3612 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
16:50:52.0578 3612 Udfs - ok
16:50:52.0609 3612 ultra - ok
16:50:52.0703 3612 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
16:50:52.0734 3612 Update - ok
16:50:52.0812 3612 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
16:50:52.0859 3612 upnphost - ok
16:50:52.0968 3612 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
16:50:53.0000 3612 UPS - ok
16:50:53.0093 3612 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:50:53.0093 3612 usbccgp - ok
16:50:53.0156 3612 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:50:53.0171 3612 usbehci - ok
16:50:53.0203 3612 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:50:53.0203 3612 usbhub - ok
16:50:53.0250 3612 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:50:53.0265 3612 usbohci - ok
16:50:53.0296 3612 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:50:53.0312 3612 usbprint - ok
16:50:53.0343 3612 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:50:53.0359 3612 usbscan - ok
16:50:53.0390 3612 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:50:53.0406 3612 USBSTOR - ok
16:50:53.0437 3612 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:50:53.0453 3612 usbuhci - ok
16:50:53.0484 3612 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
16:50:53.0500 3612 VgaSave - ok
16:50:53.0562 3612 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
16:50:53.0578 3612 viaagp1 - ok
16:50:53.0640 3612 viagfx (e8c619c6c6bde90d130dda87150e1944) C:\WINDOWS\system32\DRIVERS\vtmini.sys
16:50:53.0671 3612 viagfx - ok
16:50:53.0718 3612 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
16:50:53.0718 3612 ViaIde - ok
16:50:53.0859 3612 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
16:50:53.0859 3612 VolSnap - ok
16:50:53.0937 3612 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
16:50:54.0000 3612 VSS - ok
16:50:54.0062 3612 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
16:50:54.0109 3612 W32Time - ok
16:50:54.0203 3612 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:50:54.0203 3612 Wanarp - ok
16:50:54.0234 3612 WDICA - ok
16:50:54.0312 3612 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
16:50:54.0328 3612 wdmaud - ok
16:50:54.0421 3612 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
16:50:54.0453 3612 WebClient - ok
16:50:54.0578 3612 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:50:54.0593 3612 winmgmt - ok
16:50:54.0656 3612 WmdmPmSN (36678803a8030ee9a771935cfc1848bd) C:\WINDOWS\system32\MsPMSNSv.dll
16:50:54.0687 3612 WmdmPmSN - ok
16:50:54.0765 3612 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
16:50:54.0781 3612 WmiApSrv - ok
16:50:54.0859 3612 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:50:54.0875 3612 WS2IFSL - ok
16:50:54.0953 3612 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
16:50:54.0984 3612 wscsvc - ok
16:50:55.0078 3612 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:50:55.0078 3612 WSTCODEC - ok
16:50:55.0125 3612 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
16:50:55.0171 3612 wuauserv - ok
16:50:55.0312 3612 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
16:50:55.0375 3612 WZCSVC - ok
16:50:55.0421 3612 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
16:50:55.0468 3612 xmlprov - ok
16:50:55.0578 3612 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
16:50:55.0578 3612 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
16:50:55.0640 3612 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
16:50:55.0656 3612 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
16:50:55.0703 3612 MBR (0x1B8) (8cc68602644010dfdb2a22cb60ddf258) \Device\Harddisk0\DR0
16:50:55.0812 3612 \Device\Harddisk0\DR0 - ok
16:50:55.0828 3612 Boot (0x1200) (055b4577019631caebb99760e60f7188) \Device\Harddisk0\DR0\Partition0
16:50:55.0828 3612 \Device\Harddisk0\DR0\Partition0 - ok
16:50:56.0078 3612 Boot (0x1200) (87fbe2bf4d43b448ca655081d4cff063) \Device\Harddisk0\DR0\Partition1
16:50:56.0078 3612 \Device\Harddisk0\DR0\Partition1 - ok
16:50:56.0078 3612 ============================================================
16:50:56.0078 3612 Scan finished
16:50:56.0078 3612 ============================================================
16:50:56.0109 2988 Detected object count: 1
16:50:56.0109 2988 Actual detected object count: 1
16:51:05.0125 2988 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:51:05.0125 2988 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:05:28.0109 1760 Deinitialize success
alright now the aswmbr log. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-07 17:41:55
-----------------------------
17:41:55.515 OS Version: Windows 5.1.2600 Service Pack 2
17:41:55.515 Number of processors: 1 586 0x209
17:41:55.546 ComputerName: GENOSSCTIGERS UserName: Owner
17:41:56.250 Initialize success
17:41:57.687 AVAST engine defs: 12060700
17:44:33.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:44:33.187 Disk 0 Vendor: ST340015A 3.01 Size: 38166MB BusType: 3
17:44:33.218 Disk 0 MBR read successfully
17:44:33.218 Disk 0 MBR scan
17:44:33.250 Disk 0 unknown MBR code
17:44:33.250 Disk 0 Partition 1 00 0B FAT32 RECOVERY 6770 MB offset 63
17:44:33.265 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 31384 MB offset 13865040
17:44:33.359 Disk 0 scanning sectors +78140160
17:44:33.515 Disk 0 scanning C:\WINDOWS\system32\drivers
17:45:05.171 Service scanning
17:45:47.906 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
17:45:59.828 Modules scanning
17:46:31.078 Disk 0 trace - called modules:
17:46:31.109 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82ab71e8]<<
17:46:31.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82a79ab8]
17:46:31.125 3 CLASSPNP.SYS[f84d805b] -> nt!IofCallDriver -> \Device\00000061[0x82a7cf18]
17:46:31.125 5 ACPI.sys[f833e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82a82940]
17:46:31.140 \Driver\atapi[0x82a90240] -> IRP_MJ_CREATE -> 0x82ab71e8
17:46:31.671 AVAST engine scan C:\WINDOWS
17:46:41.328 AVAST engine scan C:\WINDOWS\system32
17:50:24.062 AVAST engine scan C:\WINDOWS\system32\drivers
17:50:54.062 AVAST engine scan C:\Documents and Settings\Owner
17:52:08.390 AVAST engine scan C:\Documents and Settings\All Users
17:52:33.062 Scan finished successfully
17:53:16.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
17:53:16.453 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


Im trying the mbr zip--

Attached Files

  • Attached File  MBR.zip   533bytes   2 downloads


#5 smartfraud

smartfraud
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:mn
  • Local time:11:50 PM

Posted 08 June 2012 - 01:11 AM

I have also noticed that when I put in my sandisk memery stick it lets me go to my files but dose not let me go into the u3 system launch menu. it opens a separate window with # 2243430eb3127507 at the top left if this means anything. thanks for your help....

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:50 PM

Posted 08 June 2012 - 09:31 AM

Exactly what I was looking for.

Now run the aswMBR.exe tool. Select the Fix button.

Important > you need to wait for the tool to report ... Infection fixed successfully or MBR fixed successfully"
Do not reboot the machine until it has said so.

When you see the message restart the computer normally.

Run aswBMR.exe normally this time and post the log.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Please post the logs and let me know what problem persists.

#7 smartfraud

smartfraud
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:mn
  • Local time:11:50 PM

Posted 08 June 2012 - 04:29 PM

here is the aswmbr log. Please note- I did not run combofix yet I have a question- I still have it on my desktop from when I ran it earlier- do I rerun it or do I need to uninstall and download it again? also do you need the log from when I ran it earlier. thanx. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-07 17:41:55
-----------------------------
17:41:55.515 OS Version: Windows 5.1.2600 Service Pack 2
17:41:55.515 Number of processors: 1 586 0x209
17:41:55.546 ComputerName: GENOSSCTIGERS UserName: Owner
17:41:56.250 Initialize success
17:41:57.687 AVAST engine defs: 12060700
17:44:33.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:44:33.187 Disk 0 Vendor: ST340015A 3.01 Size: 38166MB BusType: 3
17:44:33.218 Disk 0 MBR read successfully
17:44:33.218 Disk 0 MBR scan
17:44:33.250 Disk 0 unknown MBR code
17:44:33.250 Disk 0 Partition 1 00 0B FAT32 RECOVERY 6770 MB offset 63
17:44:33.265 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 31384 MB offset 13865040
17:44:33.359 Disk 0 scanning sectors +78140160
17:44:33.515 Disk 0 scanning C:\WINDOWS\system32\drivers
17:45:05.171 Service scanning
17:45:47.906 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
17:45:59.828 Modules scanning
17:46:31.078 Disk 0 trace - called modules:
17:46:31.109 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82ab71e8]<<
17:46:31.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82a79ab8]
17:46:31.125 3 CLASSPNP.SYS[f84d805b] -> nt!IofCallDriver -> \Device\00000061[0x82a7cf18]
17:46:31.125 5 ACPI.sys[f833e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82a82940]
17:46:31.140 \Driver\atapi[0x82a90240] -> IRP_MJ_CREATE -> 0x82ab71e8
17:46:31.671 AVAST engine scan C:\WINDOWS
17:46:41.328 AVAST engine scan C:\WINDOWS\system32
17:50:24.062 AVAST engine scan C:\WINDOWS\system32\drivers
17:50:54.062 AVAST engine scan C:\Documents and Settings\Owner
17:52:08.390 AVAST engine scan C:\Documents and Settings\All Users
17:52:33.062 Scan finished successfully
17:53:16.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
17:53:16.453 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-08 15:55:51
-----------------------------
15:55:51.687 OS Version: Windows 5.1.2600 Service Pack 2
15:55:51.687 Number of processors: 1 586 0x209
15:55:51.718 ComputerName: GENOSSCTIGERS UserName: Owner
15:55:54.984 Initialize success
15:55:55.281 AVAST engine defs: 12060801
15:56:10.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:56:10.078 Disk 0 Vendor: ST340015A 3.01 Size: 38166MB BusType: 3
15:56:10.140 Disk 0 MBR read successfully
15:56:10.140 Disk 0 MBR scan
15:56:10.171 Disk 0 Windows XP default MBR code
15:56:10.218 Disk 0 Partition 1 00 0B FAT32 RECOVERY 6770 MB offset 63
15:56:10.265 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 31384 MB offset 13865040
15:56:10.265 Disk 0 scanning sectors +78140160
15:56:10.453 Disk 0 scanning C:\WINDOWS\system32\drivers
15:56:40.234 Service scanning
15:57:30.453 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
15:57:45.640 Modules scanning
15:58:28.718 Disk 0 trace - called modules:
15:58:28.765 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82ab71e8]<<
15:58:28.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82a79ab8]
15:58:28.765 3 CLASSPNP.SYS[f84d805b] -> nt!IofCallDriver -> \Device\00000061[0x82a7cf18]
15:58:28.781 5 ACPI.sys[f833e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82a82940]
15:58:28.781 \Driver\atapi[0x82a90240] -> IRP_MJ_CREATE -> 0x82ab71e8
15:58:29.546 AVAST engine scan C:\WINDOWS
15:58:58.109 AVAST engine scan C:\WINDOWS\system32
16:03:04.609 AVAST engine scan C:\WINDOWS\system32\drivers
16:03:31.125 AVAST engine scan C:\Documents and Settings\Owner
16:04:49.296 AVAST engine scan C:\Documents and Settings\All Users
16:05:07.921 Scan finished successfully
16:06:07.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
16:06:07.437 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

I didnt know if I should run combofix again or not.I have not run it since the first post. When I ran it the first time it went right through with no recovery message so it must be OK. thanks again for your help.

Edited by smartfraud, 08 June 2012 - 04:35 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:50 PM

Posted 09 June 2012 - 06:13 AM

Exactly what I was looking for.

Now run the aswMBR.exe tool. Select the Fix button.

Important > you need to wait for the tool to report ... Infection fixed successfully or MBR fixed successfully"
Do not reboot the machine until it has said so.

When you see the message restart the computer normally.

Run aswBMR.exe normally this time and post the log.


Run the ComboFix tool again and post the log also. You may be prompted to update the tool, do so.

Please let me know what problem persists.

#9 smartfraud

smartfraud
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:mn
  • Local time:11:50 PM

Posted 09 June 2012 - 12:44 PM

since I have already ran aswmbr and gave you the log I got a little confused so I will give you the combofix log first than the aswmbr again and check issues. first combofix----ComboFix 12-06-09.01 - Owner 06/09/2012 10:39:02.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.330 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\AdobeDLM.log
c:\windows\help\wmplayer.bak
c:\windows\system32\dllcache\wmpvis.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))
.
.
2012-06-02 04:08 . 2012-06-02 04:08 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-01 07:32 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-31 07:16 . 2012-05-31 07:16 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-05-31 07:16 . 2008-06-23 21:20 4096 ------w- c:\windows\system32\drivers\RT2870.bin
2012-05-31 02:01 . 2012-05-31 02:01 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-31 02:00 . 2012-05-31 02:00 -------- d-----w- c:\program files\HitmanPro
2012-05-30 23:40 . 2012-05-31 02:02 -------- d-----w- c:\program files\Belkin
2012-05-30 23:31 . 2008-07-30 07:44 619136 ----a-r- c:\windows\system32\drivers\rt2870.sys
2012-05-30 11:35 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-30 11:35 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-30 11:34 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-05-30 11:34 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-30 11:34 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-30 11:34 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-05-30 11:34 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-05-30 11:34 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-05-30 11:33 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-30 11:33 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-30 11:32 . 2012-05-30 11:32 -------- d-----w- c:\program files\AVAST Software
2012-05-30 11:32 . 2012-05-30 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-05-30 11:14 . 2012-05-30 11:14 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-30 11:14 . 2012-05-30 11:14 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-30 00:53 . 2012-06-01 07:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-27 18:09 . 2012-05-27 18:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-05-27 08:52 . 2012-05-27 08:52 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-05-27 07:50 . 2012-05-27 07:50 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-27 03:04 . 2012-05-31 01:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{949CAA45-A7A8-11E1-8270-B8AC6F996F26}
2012-05-27 03:03 . 2012-05-27 07:49 -------- d-----w- c:\documents and settings\All Users\Application Data\529C5369000183630A2D9B602830ACA8
2012-05-26 22:40 . 2012-05-31 01:59 -------- d-----w- c:\documents and settings\NetworkService\UserData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-13 22:44 . 2012-04-02 02:06 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-13 22:44 . 2011-10-13 05:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2006-10-30 00:07 . 2006-10-30 00:07 6168096 ----a-w- c:\program files\PokerStarsInstallPM.exe
2005-02-01 20:37 . 2005-02-01 20:37 2636408 ----a-w- c:\program files\aawsepersonal.exe
2012-05-30 11:14 . 2011-10-13 07:28 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-30_06.07.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-12 06:02 . 2009-07-12 06:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
- 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
- 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2012-06-09 15:55 . 2012-06-09 15:55 16384 c:\windows\Temp\Perflib_Perfdata_738.dat
- 2003-10-11 10:06 . 2012-03-11 23:05 68600 c:\windows\system32\perfc009.dat
+ 2003-10-11 10:06 . 2012-05-30 23:32 68600 c:\windows\system32\perfc009.dat
- 2012-01-23 02:21 . 2001-08-17 20:56 66048 c:\windows\system32\dllcache\s3legacy.dll
+ 2012-01-23 02:21 . 2001-08-17 19:56 66048 c:\windows\system32\dllcache\s3legacy.dll
+ 2003-10-11 10:16 . 2001-08-18 03:36 45056 c:\windows\system32\dllcache\EXCH_aqadmin.dll
- 2003-10-11 10:16 . 2001-08-18 04:36 45056 c:\windows\system32\dllcache\EXCH_aqadmin.dll
+ 2012-01-23 02:23 . 2001-08-18 03:36 32256 c:\windows\system32\dllcache\diapi2NT.dll
- 2012-01-23 02:23 . 2001-08-18 04:36 32256 c:\windows\system32\dllcache\diapi2NT.dll
- 2012-01-23 02:23 . 2001-08-17 19:52 14976 c:\windows\system32\dllcache\cpqarray.sys
+ 2012-01-23 02:23 . 2001-08-17 18:52 14976 c:\windows\system32\dllcache\cpqarray.sys
- 2012-01-23 02:23 . 2001-08-17 18:11 39936 c:\windows\system32\dllcache\cnxt1803.sys
+ 2012-01-23 02:23 . 2001-08-17 17:11 39936 c:\windows\system32\dllcache\cnxt1803.sys
+ 2012-01-23 02:23 . 2001-08-18 03:36 44032 c:\windows\system32\dllcache\cnusd.dll
- 2012-01-23 02:23 . 2001-08-18 04:36 44032 c:\windows\system32\dllcache\cnusd.dll
- 2012-01-23 02:23 . 2001-08-17 19:51 20736 c:\windows\system32\dllcache\cmbp0wdm.sys
+ 2012-01-23 02:23 . 2001-08-17 18:51 20736 c:\windows\system32\dllcache\cmbp0wdm.sys
+ 2012-01-23 02:23 . 2004-08-04 05:07 14080 c:\windows\system32\dllcache\cmbatt.sys
- 2012-01-23 02:23 . 2004-08-04 06:07 14080 c:\windows\system32\dllcache\cmbatt.sys
- 2012-01-23 02:23 . 2001-08-17 19:57 45696 c:\windows\system32\dllcache\cirrus.sys
+ 2012-01-23 02:23 . 2001-08-17 18:57 45696 c:\windows\system32\dllcache\cirrus.sys
- 2012-01-23 02:23 . 2001-08-17 20:56 91264 c:\windows\system32\dllcache\cirrus.dll
+ 2012-01-23 02:23 . 2001-08-17 19:56 91264 c:\windows\system32\dllcache\cirrus.dll
- 2012-01-23 02:23 . 2001-08-17 18:13 49182 c:\windows\system32\dllcache\cem56n5.sys
+ 2012-01-23 02:23 . 2001-08-17 17:13 49182 c:\windows\system32\dllcache\cem56n5.sys
- 2012-01-23 02:23 . 2001-08-17 18:13 22044 c:\windows\system32\dllcache\cem33n5.sys
+ 2012-01-23 02:23 . 2001-08-17 17:13 22044 c:\windows\system32\dllcache\cem33n5.sys
+ 2012-01-23 02:23 . 2001-08-17 17:13 22044 c:\windows\system32\dllcache\cem28n5.sys
- 2012-01-23 02:23 . 2001-08-17 18:13 22044 c:\windows\system32\dllcache\cem28n5.sys
- 2012-01-23 02:23 . 2001-08-17 18:13 27164 c:\windows\system32\dllcache\ce3n5.sys
+ 2012-01-23 02:23 . 2001-08-17 17:13 27164 c:\windows\system32\dllcache\ce3n5.sys
- 2012-01-23 02:23 . 2001-08-17 18:13 21530 c:\windows\system32\dllcache\ce2n5.sys
+ 2012-01-23 02:23 . 2001-08-17 17:13 21530 c:\windows\system32\dllcache\ce2n5.sys
- 2012-01-23 02:23 . 2001-08-17 18:13 46108 c:\windows\system32\dllcache\cben5.sys
+ 2012-01-23 02:23 . 2001-08-17 17:13 46108 c:\windows\system32\dllcache\cben5.sys
- 2012-01-23 02:23 . 2001-08-17 18:12 39680 c:\windows\system32\dllcache\cb325.sys
+ 2012-01-23 02:23 . 2001-08-17 17:12 39680 c:\windows\system32\dllcache\cb325.sys
- 2012-01-23 02:23 . 2001-08-17 18:12 37916 c:\windows\system32\dllcache\cb102.sys
+ 2012-01-23 02:23 . 2001-08-17 17:12 37916 c:\windows\system32\dllcache\cb102.sys
- 2012-01-23 02:23 . 2001-08-18 04:36 74240 c:\windows\system32\dllcache\camexo20.dll
+ 2012-01-23 02:23 . 2001-08-18 03:36 74240 c:\windows\system32\dllcache\camexo20.dll
- 2012-01-23 02:22 . 2001-08-17 19:51 13824 c:\windows\system32\dllcache\bulltlp3.sys
+ 2012-01-23 02:22 . 2001-08-17 18:51 13824 c:\windows\system32\dllcache\bulltlp3.sys
+ 2012-01-23 02:22 . 2001-08-17 17:11 31529 c:\windows\system32\dllcache\brzwlan.sys
- 2012-01-23 02:22 . 2001-08-17 18:11 31529 c:\windows\system32\dllcache\brzwlan.sys
- 2012-01-23 02:22 . 2001-08-17 19:12 10368 c:\windows\system32\dllcache\brusbscn.sys
+ 2012-01-23 02:22 . 2001-08-17 18:12 10368 c:\windows\system32\dllcache\brusbscn.sys
- 2012-01-23 02:22 . 2001-08-17 19:12 11008 c:\windows\system32\dllcache\brusbmdm.sys
+ 2012-01-23 02:22 . 2001-08-17 18:12 11008 c:\windows\system32\dllcache\brusbmdm.sys
+ 2012-01-23 02:22 . 2001-08-17 18:12 60416 c:\windows\system32\dllcache\brserwdm.sys
- 2012-01-23 02:22 . 2001-08-17 19:12 60416 c:\windows\system32\dllcache\brserwdm.sys
- 2012-01-23 02:22 . 2001-08-17 19:12 39552 c:\windows\system32\dllcache\brparwdm.sys
+ 2012-01-23 02:22 . 2001-08-17 18:12 39552 c:\windows\system32\dllcache\brparwdm.sys
- 2012-01-23 02:22 . 2001-08-18 04:36 41472 c:\windows\system32\dllcache\brmfusb.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 41472 c:\windows\system32\dllcache\brmfusb.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 32256 c:\windows\system32\dllcache\brmfrsmg.exe
- 2012-01-23 02:22 . 2001-08-18 04:36 32256 c:\windows\system32\dllcache\brmfrsmg.exe
- 2012-01-23 02:22 . 2001-08-18 04:36 29696 c:\windows\system32\dllcache\brmflpt.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 29696 c:\windows\system32\dllcache\brmflpt.dll
- 2012-01-23 02:22 . 2001-08-18 04:36 81408 c:\windows\system32\dllcache\brmfcwia.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 81408 c:\windows\system32\dllcache\brmfcwia.dll
- 2012-01-23 02:22 . 2001-08-18 04:36 15360 c:\windows\system32\dllcache\brmfbidi.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 15360 c:\windows\system32\dllcache\brmfbidi.dll
+ 2012-01-23 02:22 . 2001-08-17 18:12 12160 c:\windows\system32\dllcache\brfiltlo.sys
- 2012-01-23 02:22 . 2001-08-17 19:12 12160 c:\windows\system32\dllcache\brfiltlo.sys
- 2012-01-23 02:22 . 2001-08-18 04:36 12800 c:\windows\system32\dllcache\brevif.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 12800 c:\windows\system32\dllcache\brevif.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 19456 c:\windows\system32\dllcache\brbidiif.dll
- 2012-01-23 02:22 . 2001-08-18 04:36 19456 c:\windows\system32\dllcache\brbidiif.dll
- 2012-01-23 02:22 . 2001-08-17 18:11 26568 c:\windows\system32\dllcache\bcm4e5.sys
+ 2012-01-23 02:22 . 2001-08-17 17:11 26568 c:\windows\system32\dllcache\bcm4e5.sys
+ 2012-01-23 02:22 . 2001-08-17 17:11 54271 c:\windows\system32\dllcache\bcm42xx5.sys
- 2012-01-23 02:22 . 2001-08-17 18:11 54271 c:\windows\system32\dllcache\bcm42xx5.sys
+ 2012-01-23 02:22 . 2001-08-17 17:11 66557 c:\windows\system32\dllcache\bcm42u.sys
- 2012-01-23 02:22 . 2001-08-17 18:11 66557 c:\windows\system32\dllcache\bcm42u.sys
+ 2012-01-23 02:22 . 2001-08-17 18:57 14080 c:\windows\system32\dllcache\battc.sys
- 2012-01-23 02:22 . 2001-08-17 19:57 14080 c:\windows\system32\dllcache\battc.sys
+ 2012-01-23 02:22 . 2001-08-17 17:48 36128 c:\windows\system32\dllcache\banshee.sys
- 2012-01-23 02:22 . 2001-08-17 18:48 36128 c:\windows\system32\dllcache\banshee.sys
- 2012-01-23 02:22 . 2001-08-17 18:11 96640 c:\windows\system32\dllcache\b57xp32.sys
+ 2012-01-23 02:22 . 2001-08-17 17:11 96640 c:\windows\system32\dllcache\b57xp32.sys
+ 2012-01-23 02:22 . 2001-08-17 17:13 89952 c:\windows\system32\dllcache\b1cbase.sys
- 2012-01-23 02:22 . 2001-08-17 18:13 89952 c:\windows\system32\dllcache\b1cbase.sys
- 2012-01-23 02:22 . 2001-08-17 18:19 36992 c:\windows\system32\dllcache\aztw2320.sys
+ 2012-01-23 02:22 . 2001-08-17 17:19 36992 c:\windows\system32\dllcache\aztw2320.sys
- 2012-01-23 02:22 . 2001-08-17 18:13 37568 c:\windows\system32\dllcache\avmwan.sys
+ 2012-01-23 02:22 . 2001-08-17 17:13 37568 c:\windows\system32\dllcache\avmwan.sys
- 2012-01-23 02:22 . 2001-08-18 04:36 87552 c:\windows\system32\dllcache\avmcoxp.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 87552 c:\windows\system32\dllcache\avmcoxp.dll
- 2012-01-23 02:22 . 2004-08-04 06:09 13696 c:\windows\system32\dllcache\avcstrm.sys
+ 2012-01-23 02:22 . 2004-08-04 05:09 13696 c:\windows\system32\dllcache\avcstrm.sys
+ 2012-01-23 02:22 . 2001-08-17 19:01 36096 c:\windows\system32\dllcache\avcaudio.sys
- 2012-01-23 02:22 . 2001-08-17 20:01 36096 c:\windows\system32\dllcache\avcaudio.sys
+ 2012-01-23 02:22 . 2004-08-04 05:10 38912 c:\windows\system32\dllcache\avc.sys
- 2012-01-23 02:22 . 2004-08-04 06:10 38912 c:\windows\system32\dllcache\avc.sys
+ 2012-01-23 02:22 . 2001-08-17 17:49 23552 c:\windows\system32\dllcache\atixbar.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 23552 c:\windows\system32\dllcache\atixbar.sys
+ 2012-01-23 02:22 . 2001-08-17 17:49 26624 c:\windows\system32\dllcache\ativxbar.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 26624 c:\windows\system32\dllcache\ativxbar.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 19456 c:\windows\system32\dllcache\ativttxx.sys
+ 2012-01-23 02:22 . 2001-08-17 17:49 19456 c:\windows\system32\dllcache\ativttxx.sys
+ 2012-01-23 02:22 . 2001-08-17 17:49 17152 c:\windows\system32\dllcache\atitvsnd.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 17152 c:\windows\system32\dllcache\atitvsnd.sys
+ 2012-01-23 02:22 . 2001-08-17 17:49 17152 c:\windows\system32\dllcache\atitunep.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 17152 c:\windows\system32\dllcache\atitunep.sys
+ 2012-01-23 02:22 . 2001-08-17 17:49 26880 c:\windows\system32\dllcache\atirtsnd.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 26880 c:\windows\system32\dllcache\atirtsnd.sys
+ 2012-01-23 02:22 . 2001-08-17 17:49 49920 c:\windows\system32\dllcache\atirtcap.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 49920 c:\windows\system32\dllcache\atirtcap.sys
- 2012-01-23 02:22 . 2001-08-17 18:48 70528 c:\windows\system32\dllcache\atiragem.sys
+ 2012-01-23 02:22 . 2001-08-17 17:48 70528 c:\windows\system32\dllcache\atiragem.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 10240 c:\windows\system32\dllcache\atipcxxx.sys
+ 2012-01-23 02:22 . 2001-08-17 17:49 10240 c:\windows\system32\dllcache\atipcxxx.sys
+ 2012-01-23 02:22 . 2001-08-17 17:49 75136 c:\windows\system32\dllcache\atimpae.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 75136 c:\windows\system32\dllcache\atimpae.sys
+ 2012-01-23 02:22 . 2001-08-18 03:36 37376 c:\windows\system32\dllcache\atievxx.exe
- 2012-01-23 02:22 . 2001-08-18 04:36 37376 c:\windows\system32\dllcache\atievxx.exe
+ 2012-01-23 02:22 . 2001-08-17 17:49 46464 c:\windows\system32\dllcache\atibt829.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 46464 c:\windows\system32\dllcache\atibt829.sys
- 2012-01-23 02:22 . 2001-08-17 19:57 77568 c:\windows\system32\dllcache\ati.sys
+ 2012-01-23 02:22 . 2001-08-17 18:57 77568 c:\windows\system32\dllcache\ati.sys
- 2012-01-23 02:22 . 2001-08-17 20:55 96128 c:\windows\system32\dllcache\ati.dll
+ 2012-01-23 02:22 . 2001-08-17 19:55 96128 c:\windows\system32\dllcache\ati.dll
- 2012-01-23 02:22 . 2001-08-17 18:12 97354 c:\windows\system32\dllcache\aspndis3.sys
+ 2012-01-23 02:22 . 2001-08-17 17:12 97354 c:\windows\system32\dllcache\aspndis3.sys
+ 2012-01-23 02:22 . 2001-08-17 18:51 14848 c:\windows\system32\dllcache\asc3550.sys
- 2012-01-23 02:22 . 2001-08-17 19:51 14848 c:\windows\system32\dllcache\asc3550.sys
+ 2012-01-23 02:22 . 2001-08-17 18:52 22400 c:\windows\system32\dllcache\asc3350p.sys
- 2012-01-23 02:22 . 2001-08-17 19:52 22400 c:\windows\system32\dllcache\asc3350p.sys
- 2012-01-23 02:22 . 2001-08-17 19:52 26496 c:\windows\system32\dllcache\asc.sys
+ 2012-01-23 02:22 . 2001-08-17 18:52 26496 c:\windows\system32\dllcache\asc.sys
+ 2012-01-23 02:22 . 2002-08-29 03:59 36224 c:\windows\system32\dllcache\an983.sys
- 2012-01-23 02:22 . 2002-08-29 04:59 36224 c:\windows\system32\dllcache\an983.sys
+ 2012-01-23 02:22 . 2001-08-17 18:52 12032 c:\windows\system32\dllcache\amsint.sys
- 2012-01-23 02:22 . 2001-08-17 19:52 12032 c:\windows\system32\dllcache\amsint.sys
+ 2012-01-23 02:22 . 2001-08-17 17:11 16969 c:\windows\system32\dllcache\amb8002.sys
- 2012-01-23 02:22 . 2001-08-17 18:11 16969 c:\windows\system32\dllcache\amb8002.sys
+ 2012-01-23 02:22 . 2001-08-17 18:49 26624 c:\windows\system32\dllcache\alifir.sys
- 2012-01-23 02:22 . 2001-08-17 19:49 26624 c:\windows\system32\dllcache\alifir.sys
- 2012-01-23 02:22 . 2001-08-17 18:11 27678 c:\windows\system32\dllcache\ali5261.sys
+ 2012-01-23 02:22 . 2001-08-17 17:11 27678 c:\windows\system32\dllcache\ali5261.sys
+ 2012-01-23 02:22 . 2001-08-17 19:07 56960 c:\windows\system32\dllcache\aic78xx.sys
- 2012-01-23 02:22 . 2001-08-17 20:07 56960 c:\windows\system32\dllcache\aic78xx.sys
- 2012-01-23 02:22 . 2001-08-17 20:07 55168 c:\windows\system32\dllcache\aic78u2.sys
+ 2012-01-23 02:22 . 2001-08-17 19:07 55168 c:\windows\system32\dllcache\aic78u2.sys
+ 2012-01-23 02:22 . 2001-08-17 18:52 12800 c:\windows\system32\dllcache\aha154x.sys
- 2012-01-23 02:22 . 2001-08-17 19:52 12800 c:\windows\system32\dllcache\aha154x.sys
- 2012-01-23 02:21 . 2001-08-17 18:11 46112 c:\windows\system32\dllcache\adptsf50.sys
+ 2012-01-23 02:21 . 2001-08-17 17:11 46112 c:\windows\system32\dllcache\adptsf50.sys
+ 2012-01-23 02:21 . 2002-08-29 04:00 10880 c:\windows\system32\dllcache\admjoy.sys
- 2012-01-23 02:21 . 2002-08-29 05:00 10880 c:\windows\system32\dllcache\admjoy.sys
+ 2012-01-23 02:21 . 2001-08-17 17:11 20160 c:\windows\system32\dllcache\adm8511.sys
- 2012-01-23 02:21 . 2001-08-17 18:11 20160 c:\windows\system32\dllcache\adm8511.sys
- 2012-01-23 02:21 . 2001-08-18 04:36 61440 c:\windows\system32\dllcache\acerscad.dll
+ 2012-01-23 02:21 . 2001-08-18 03:36 61440 c:\windows\system32\dllcache\acerscad.dll
+ 2012-01-23 02:21 . 2002-08-29 04:00 84480 c:\windows\system32\dllcache\ac97via.sys
- 2012-01-23 02:21 . 2002-08-29 05:00 84480 c:\windows\system32\dllcache\ac97via.sys
+ 2012-01-23 02:21 . 2001-08-17 17:20 96256 c:\windows\system32\dllcache\ac97intc.sys
- 2012-01-23 02:21 . 2001-08-17 18:20 96256 c:\windows\system32\dllcache\ac97intc.sys
- 2012-01-23 02:21 . 2001-08-17 19:52 23552 c:\windows\system32\dllcache\abp480n5.sys
+ 2012-01-23 02:21 . 2001-08-17 18:52 23552 c:\windows\system32\dllcache\abp480n5.sys
+ 2012-01-23 02:21 . 2001-08-17 19:55 38400 c:\windows\system32\dllcache\8514a.dll
- 2012-01-23 02:21 . 2001-08-17 20:55 38400 c:\windows\system32\dllcache\8514a.dll
+ 2012-01-23 02:21 . 2004-08-04 05:10 48128 c:\windows\system32\dllcache\61883.sys
- 2012-01-23 02:21 . 2004-08-04 06:10 48128 c:\windows\system32\dllcache\61883.sys
- 2012-01-23 02:21 . 2004-08-04 06:00 12288 c:\windows\system32\dllcache\4mmdat.sys
+ 2012-01-23 02:21 . 2004-08-04 05:00 12288 c:\windows\system32\dllcache\4mmdat.sys
+ 2012-01-23 02:21 . 2001-08-17 19:06 11264 c:\windows\system32\dllcache\1394vdbg.sys
- 2012-01-23 02:21 . 2001-08-17 20:06 11264 c:\windows\system32\dllcache\1394vdbg.sys
- 2012-01-23 02:21 . 2004-08-04 06:10 53248 c:\windows\system32\dllcache\1394bus.sys
+ 2012-01-23 02:21 . 2004-08-04 05:10 53248 c:\windows\system32\dllcache\1394bus.sys
- 2003-10-11 10:16 . 2001-08-18 04:36 5632 c:\windows\system32\dllcache\EXCH_adsiisex.dll
+ 2003-10-11 10:16 . 2001-08-18 03:36 5632 c:\windows\system32\dllcache\EXCH_adsiisex.dll
+ 2012-01-23 02:23 . 2001-08-17 18:58 9344 c:\windows\system32\dllcache\compbatt.sys
- 2012-01-23 02:23 . 2001-08-17 19:58 9344 c:\windows\system32\dllcache\compbatt.sys
- 2012-01-23 02:23 . 2001-08-17 19:51 6656 c:\windows\system32\dllcache\cmdide.sys
+ 2012-01-23 02:23 . 2001-08-17 18:51 6656 c:\windows\system32\dllcache\cmdide.sys
+ 2012-01-23 02:23 . 2004-08-04 05:00 8192 c:\windows\system32\dllcache\changer.sys
- 2012-01-23 02:23 . 2004-08-04 06:00 8192 c:\windows\system32\dllcache\changer.sys
- 2012-01-23 02:23 . 2001-08-17 19:52 7680 c:\windows\system32\dllcache\cd20xrnt.sys
+ 2012-01-23 02:23 . 2001-08-17 18:52 7680 c:\windows\system32\dllcache\cd20xrnt.sys
- 2012-01-23 02:22 . 2001-08-18 04:36 9728 c:\windows\system32\dllcache\brserif.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 9728 c:\windows\system32\dllcache\brserif.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 5120 c:\windows\system32\dllcache\brscnrsm.dll
- 2012-01-23 02:22 . 2001-08-18 04:36 5120 c:\windows\system32\dllcache\brscnrsm.dll
+ 2012-01-23 02:22 . 2001-08-17 18:12 3168 c:\windows\system32\dllcache\brparimg.sys
- 2012-01-23 02:22 . 2001-08-17 19:12 3168 c:\windows\system32\dllcache\brparimg.sys
- 2012-01-23 02:22 . 2001-08-17 19:12 3968 c:\windows\system32\dllcache\brfiltup.sys
+ 2012-01-23 02:22 . 2001-08-17 18:12 3968 c:\windows\system32\dllcache\brfiltup.sys
+ 2012-01-23 02:22 . 2001-08-17 18:12 2944 c:\windows\system32\dllcache\brfilt.sys
- 2012-01-23 02:22 . 2001-08-17 19:12 2944 c:\windows\system32\dllcache\brfilt.sys
+ 2012-01-23 02:22 . 2001-08-18 03:36 9728 c:\windows\system32\dllcache\brcoinst.dll
- 2012-01-23 02:22 . 2001-08-18 04:36 9728 c:\windows\system32\dllcache\brcoinst.dll
+ 2012-01-23 02:22 . 2001-08-17 17:49 9472 c:\windows\system32\dllcache\ativmdcd.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 9472 c:\windows\system32\dllcache\ativmdcd.sys
+ 2012-01-23 02:22 . 2001-08-17 18:47 6272 c:\windows\system32\dllcache\apmbatt.sys
- 2012-01-23 02:22 . 2001-08-17 19:47 6272 c:\windows\system32\dllcache\apmbatt.sys
+ 2012-01-23 02:22 . 2001-08-17 18:51 5248 c:\windows\system32\dllcache\aliide.sys
- 2012-01-23 02:22 . 2001-08-17 19:51 5248 c:\windows\system32\dllcache\aliide.sys
+ 2012-01-23 02:21 . 2001-08-17 18:53 7424 c:\windows\system32\dllcache\adicvls.sys
- 2012-01-23 02:21 . 2001-08-17 19:53 7424 c:\windows\system32\dllcache\adicvls.sys
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
- 2009-07-12 06:05 . 2009-07-12 06:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2012-05-30 23:40 . 2008-05-20 22:23 200704 c:\windows\system32\UpdateDriver.exe
+ 2003-10-11 10:06 . 2012-05-30 23:32 417352 c:\windows\system32\perfh009.dat
- 2003-10-11 10:06 . 2012-03-11 23:05 417352 c:\windows\system32\perfh009.dat
+ 2012-05-31 07:16 . 2008-07-30 20:44 619136 c:\windows\system32\DRVSTORE\rt2870_469F300C6BCD378A9671F90E48D485AE5FE7D92F\rt2870.sys
+ 2012-01-23 02:23 . 2001-08-17 17:13 164923 c:\windows\system32\dllcache\diapi2.sys
- 2012-01-23 02:23 . 2001-08-17 18:13 164923 c:\windows\system32\dllcache\diapi2.sys
+ 2012-01-23 02:23 . 2001-08-17 18:57 248064 c:\windows\system32\dllcache\cl546xm.sys
- 2012-01-23 02:23 . 2001-08-17 19:57 248064 c:\windows\system32\dllcache\cl546xm.sys
+ 2012-01-23 02:23 . 2001-08-17 19:56 170880 c:\windows\system32\dllcache\cl546x.dll
- 2012-01-23 02:23 . 2001-08-17 20:56 170880 c:\windows\system32\dllcache\cl546x.dll
- 2012-01-23 02:23 . 2001-08-17 20:56 111232 c:\windows\system32\dllcache\cl5465.dll
+ 2012-01-23 02:23 . 2001-08-17 19:56 111232 c:\windows\system32\dllcache\cl5465.dll
- 2012-01-23 02:23 . 2001-08-17 20:02 272640 c:\windows\system32\dllcache\cinemclc.sys
+ 2012-01-23 02:23 . 2001-08-17 19:02 272640 c:\windows\system32\dllcache\cinemclc.sys
- 2012-01-23 02:23 . 2001-08-17 18:13 980034 c:\windows\system32\dllcache\cicap.sys
+ 2012-01-23 02:23 . 2001-08-17 17:13 980034 c:\windows\system32\dllcache\cicap.sys
+ 2012-01-23 02:23 . 2001-08-17 18:28 714698 c:\windows\system32\dllcache\cbmdmkxx.sys
- 2012-01-23 02:23 . 2001-08-17 19:28 714698 c:\windows\system32\dllcache\cbmdmkxx.sys
+ 2012-01-23 02:23 . 2001-08-18 03:36 119296 c:\windows\system32\dllcache\camext30.dll
- 2012-01-23 02:23 . 2001-08-18 04:36 119296 c:\windows\system32\dllcache\camext30.dll
+ 2012-01-23 02:23 . 2001-08-18 03:36 236032 c:\windows\system32\dllcache\camext20.dll
- 2012-01-23 02:23 . 2001-08-18 04:36 236032 c:\windows\system32\dllcache\camext20.dll
- 2012-01-23 02:23 . 2001-08-17 20:04 171264 c:\windows\system32\dllcache\camdrv30.sys
+ 2012-01-23 02:23 . 2001-08-17 19:04 171264 c:\windows\system32\dllcache\camdrv30.sys
- 2012-01-23 02:23 . 2001-08-17 20:04 223232 c:\windows\system32\dllcache\camdrv21.sys
+ 2012-01-23 02:23 . 2001-08-17 19:04 223232 c:\windows\system32\dllcache\camdrv21.sys
+ 2012-01-23 02:23 . 2001-08-17 19:05 314752 c:\windows\system32\dllcache\camdro21.sys
- 2012-01-23 02:23 . 2001-08-17 20:05 314752 c:\windows\system32\dllcache\camdro21.sys
+ 2012-01-23 02:22 . 2001-08-18 03:36 102400 c:\windows\system32\dllcache\binlsvc.dll
- 2012-01-23 02:22 . 2001-08-18 04:36 102400 c:\windows\system32\dllcache\binlsvc.dll
+ 2012-01-23 02:22 . 2001-08-17 18:28 871388 c:\windows\system32\dllcache\bcmdm.sys
- 2012-01-23 02:22 . 2001-08-17 19:28 871388 c:\windows\system32\dllcache\bcmdm.sys
- 2012-01-23 02:22 . 2001-08-17 20:56 342336 c:\windows\system32\dllcache\banshee.dll
+ 2012-01-23 02:22 . 2001-08-17 19:56 342336 c:\windows\system32\dllcache\banshee.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 144384 c:\windows\system32\dllcache\avmenum.dll
- 2012-01-23 02:22 . 2001-08-18 04:36 144384 c:\windows\system32\dllcache\avmenum.dll
- 2012-01-23 02:22 . 2001-08-17 20:56 104832 c:\windows\system32\dllcache\atiraged.dll
+ 2012-01-23 02:22 . 2001-08-17 19:56 104832 c:\windows\system32\dllcache\atiraged.dll
+ 2012-01-23 02:22 . 2001-08-17 17:48 281600 c:\windows\system32\dllcache\atimtai.sys
- 2012-01-23 02:22 . 2001-08-17 18:48 281600 c:\windows\system32\dllcache\atimtai.sys
+ 2012-01-23 02:22 . 2001-08-17 17:48 289664 c:\windows\system32\dllcache\atimpab.sys
- 2012-01-23 02:22 . 2001-08-17 18:48 289664 c:\windows\system32\dllcache\atimpab.sys
+ 2012-01-23 02:22 . 2001-08-17 19:56 268160 c:\windows\system32\dllcache\atidvai.dll
- 2012-01-23 02:22 . 2001-08-17 20:56 268160 c:\windows\system32\dllcache\atidvai.dll
+ 2012-01-23 02:22 . 2001-08-17 19:56 137216 c:\windows\system32\dllcache\atidrae.dll
- 2012-01-23 02:22 . 2001-08-17 20:56 137216 c:\windows\system32\dllcache\atidrae.dll
+ 2012-01-23 02:22 . 2001-08-17 19:55 382592 c:\windows\system32\dllcache\atidrab.dll
- 2012-01-23 02:22 . 2001-08-17 20:55 382592 c:\windows\system32\dllcache\atidrab.dll
- 2012-01-23 02:21 . 2001-08-17 20:07 101888 c:\windows\system32\dllcache\adpu160m.sys
+ 2012-01-23 02:21 . 2001-08-17 19:07 101888 c:\windows\system32\dllcache\adpu160m.sys
- 2012-01-23 02:21 . 2001-08-17 18:19 747392 c:\windows\system32\dllcache\adm8830.sys
+ 2012-01-23 02:21 . 2001-08-17 17:19 747392 c:\windows\system32\dllcache\adm8830.sys
+ 2012-01-23 02:21 . 2001-08-17 17:19 553984 c:\windows\system32\dllcache\adm8820.sys
- 2012-01-23 02:21 . 2001-08-17 18:19 553984 c:\windows\system32\dllcache\adm8820.sys
+ 2012-01-23 02:21 . 2001-08-17 17:19 584448 c:\windows\system32\dllcache\adm8810.sys
- 2012-01-23 02:21 . 2001-08-17 18:19 584448 c:\windows\system32\dllcache\adm8810.sys
+ 2012-01-23 02:21 . 2001-08-17 17:20 297728 c:\windows\system32\dllcache\ac97sis.sys
- 2012-01-23 02:21 . 2001-08-17 18:20 297728 c:\windows\system32\dllcache\ac97sis.sys
+ 2012-01-23 02:21 . 2002-08-29 04:00 231552 c:\windows\system32\dllcache\ac97ali.sys
- 2012-01-23 02:21 . 2002-08-29 05:00 231552 c:\windows\system32\dllcache\ac97ali.sys
+ 2012-01-23 02:21 . 2001-08-17 17:48 148352 c:\windows\system32\dllcache\3dfxvsm.sys
- 2012-01-23 02:21 . 2001-08-17 18:48 148352 c:\windows\system32\dllcache\3dfxvsm.sys
- 2012-01-23 02:21 . 2001-08-17 20:55 689216 c:\windows\system32\dllcache\3dfxvs.dll
+ 2012-01-23 02:21 . 2001-08-17 19:55 689216 c:\windows\system32\dllcache\3dfxvs.dll
- 2012-01-23 02:21 . 2001-08-17 19:28 762780 c:\windows\system32\dllcache\3cwmcru.sys
+ 2012-01-23 02:21 . 2001-08-17 18:28 762780 c:\windows\system32\dllcache\3cwmcru.sys
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2006-04-12 00:54 . 2012-05-31 02:03 25281564 c:\windows\system32\Restore\rstrlog.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-08-19 852038]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-08-20 155648]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"F5D8055v1"="c:\program files\Belkin\F5D8055\v1\Belkinwcui.exe" [2008-09-04 1662976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"mmtask"=c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
"KBD"=c:\hp\KBD\KBD.EXE
"CamMonitor"=c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"Lexmark X5100 Series"="c:\program files\Lexmark X5100 Series\lxbabmgr.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/30/2012 6:34 AM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/30/2012 6:35 AM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/30/2012 6:35 AM 20696]
R2 MSSQL$VECTORVEST;MSSQL$VECTORVEST;c:\program files\Microsoft SQL Server\MSSQL$VECTORVEST\Binn\sqlservr.exe -sVECTORVEST --> c:\program files\Microsoft SQL Server\MSSQL$VECTORVEST\Binn\sqlservr.exe -sVECTORVEST [?]
S2 mrtRate;mrtRate; [x]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/30/2012 6:14 AM 129976]
S3 SQLAgent$VECTORVEST;SQLAgent$VECTORVEST;c:\program files\Microsoft SQL Server\MSSQL$VECTORVEST\Binn\sqlagent.EXE -i VECTORVEST --> c:\program files\Microsoft SQL Server\MSSQL$VECTORVEST\Binn\sqlagent.EXE -i VECTORVEST [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe [2004-03-31 23:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/
uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/
mSearch Bar = hxxp://srch-qus10.hpwis.com/
uInternet Connection Wizard,ShellNext = hxxp://qus10.hpwis.com/
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: SpSubLSP.dll
Trusted Zone: adobe.com\www
Trusted Zone: scottrade.com\trading
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z5fmv8xb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-09 10:57
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\SpSubLSP.dll
.
- - - - - - - > 'explorer.exe'(3396)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Microsoft SQL Server\MSSQL$VECTORVEST\Binn\sqlservr.exe
c:\windows\system32\wscntfy.exe
c:\windows\LTMSG.exe
c:\windows\ALCXMNTR.EXE
.
**************************************************************************
.
Completion time: 2012-06-09 11:07:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-09 16:06
ComboFix2.txt 2012-05-30 06:14
.
Pre-Run: 15,258,947,584 bytes free
Post-Run: 15,311,421,440 bytes free
.
- - End Of File - - 4E463ADF8C46FCA4D754AD632815EF11
ok and now the aswmbr log------aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-09 11:58:20
-----------------------------
11:58:20.125 OS Version: Windows 5.1.2600 Service Pack 2
11:58:20.125 Number of processors: 1 586 0x209
11:58:20.125 ComputerName: GENOSSCTIGERS UserName: Owner
11:58:20.671 Initialize success
11:58:20.875 AVAST engine defs: 12060900
11:58:29.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:58:29.015 Disk 0 Vendor: ST340015A 3.01 Size: 38166MB BusType: 3
11:58:29.046 Disk 0 MBR read successfully
11:58:29.046 Disk 0 MBR scan
11:58:29.046 Disk 0 Windows XP default MBR code
11:58:29.046 Disk 0 Partition 1 00 0B FAT32 RECOVERY 6770 MB offset 63
11:58:29.078 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 31384 MB offset 13865040
11:58:29.078 Disk 0 scanning sectors +78140160
11:58:29.203 Disk 0 scanning C:\WINDOWS\system32\drivers
11:58:57.984 Service scanning
11:59:39.078 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
11:59:51.375 Modules scanning
12:00:19.218 Disk 0 trace - called modules:
12:00:19.250 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82aad1e8]<<
12:00:19.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82a61ab8]
12:00:19.265 3 CLASSPNP.SYS[f84d805b] -> nt!IofCallDriver -> \Device\00000060[0x82a65f18]
12:00:19.265 5 ACPI.sys[f833e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82a64940]
12:00:19.265 \Driver\atapi[0x82a74388] -> IRP_MJ_CREATE -> 0x82aad1e8
12:00:19.828 AVAST engine scan C:\WINDOWS
12:00:30.656 AVAST engine scan C:\WINDOWS\system32
12:05:48.031 AVAST engine scan C:\WINDOWS\system32\drivers
12:06:31.250 AVAST engine scan C:\Documents and Settings\Owner
12:08:07.000 AVAST engine scan C:\Documents and Settings\All Users
12:08:26.062 Scan finished successfully
12:14:24.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
12:14:24.406 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


my belkin wireless client still will not work. the selections are still grayed out and it bypassed to windows. the radio will not fire up. awaiting your next review. thanx.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:50 PM

Posted 10 June 2012 - 07:34 AM

Did you run the aswMBR to select the Fix button as I suggested?

Now run the aswMBR.exe tool. Select the Fix button.


If not please do so.

Run the ASWMBR after the fix and post the log please.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

#11 smartfraud

smartfraud
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:mn
  • Local time:11:50 PM

Posted 10 June 2012 - 08:44 PM

I have ran aswmbr and combofix a second time.A question- did you want me to hit the fix button or the fix mbr button? if you want me to hit the fix button it is grayed out and I cant use the fix button. when I ran it I hit the fix mbr button did I do this right? I already posted both combofix and the aswmbr log its attached at the end of my combofix log on my last post. did I do this right? let me know thanks.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:50 PM

Posted 11 June 2012 - 09:27 AM

The logs are not attached.

Copy the text and post it I will not have to open the files.

#13 smartfraud

smartfraud
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:mn
  • Local time:11:50 PM

Posted 11 June 2012 - 04:22 PM

I will try this again. when I run aswmbr there are two options one to fix and another to fix mbr the one that says fix is grayed out and I can not click on it so I presume that I click on fix mbr which I just did then I rebooted the machine and ran aswmbr again (scan option) and saved the log file here it is. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-11 16:02:16
-----------------------------
16:02:16.875 OS Version: Windows 5.1.2600 Service Pack 2
16:02:16.875 Number of processors: 1 586 0x209
16:02:16.875 ComputerName: GENOSSCTIGERS UserName: Owner
16:02:17.546 Initialize success
16:02:18.593 AVAST engine defs: 12061100
16:02:22.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:02:22.078 Disk 0 Vendor: ST340015A 3.01 Size: 38166MB BusType: 3
16:02:22.156 Disk 0 MBR read successfully
16:02:22.156 Disk 0 MBR scan
16:02:22.203 Disk 0 Windows XP default MBR code
16:02:22.250 Disk 0 Partition 1 00 0B FAT32 RECOVERY 6770 MB offset 63
16:02:22.312 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 31384 MB offset 13865040
16:02:22.375 Disk 0 scanning sectors +78140160
16:02:22.828 Disk 0 scanning C:\WINDOWS\system32\drivers
16:02:42.859 Service scanning
16:03:23.703 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
16:03:35.296 Modules scanning
16:04:02.562 Disk 0 trace - called modules:
16:04:02.593 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82aad1e8]<<
16:04:02.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82a61ab8]
16:04:02.609 3 CLASSPNP.SYS[f84d805b] -> nt!IofCallDriver -> \Device\00000060[0x82a65f18]
16:04:02.609 5 ACPI.sys[f833e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82a64940]
16:04:02.625 \Driver\atapi[0x82a74388] -> IRP_MJ_CREATE -> 0x82aad1e8
16:04:03.171 AVAST engine scan C:\WINDOWS
16:04:14.140 AVAST engine scan C:\WINDOWS\system32
16:07:37.031 AVAST engine scan C:\WINDOWS\system32\drivers
16:08:03.546 AVAST engine scan C:\Documents and Settings\Owner
16:09:55.156 AVAST engine scan C:\Documents and Settings\All Users
16:10:14.046 Scan finished successfully
16:10:43.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
16:10:44.000 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

#14 smartfraud

smartfraud
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:mn
  • Local time:11:50 PM

Posted 11 June 2012 - 04:33 PM

Ok now here is the combofix log which is the second time I ran it. ComboFix 12-06-09.01 - Owner 06/09/2012 10:39:02.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.330 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\AdobeDLM.log
c:\windows\help\wmplayer.bak
c:\windows\system32\dllcache\wmpvis.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))
.
.
2012-06-02 04:08 . 2012-06-02 04:08 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-01 07:32 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-31 07:16 . 2012-05-31 07:16 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-05-31 07:16 . 2008-06-23 21:20 4096 ------w- c:\windows\system32\drivers\RT2870.bin
2012-05-31 02:01 . 2012-05-31 02:01 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-31 02:00 . 2012-05-31 02:00 -------- d-----w- c:\program files\HitmanPro
2012-05-30 23:40 . 2012-05-31 02:02 -------- d-----w- c:\program files\Belkin
2012-05-30 23:31 . 2008-07-30 07:44 619136 ----a-r- c:\windows\system32\drivers\rt2870.sys
2012-05-30 11:35 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-30 11:35 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-30 11:34 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-05-30 11:34 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-30 11:34 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-30 11:34 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-05-30 11:34 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-05-30 11:34 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-05-30 11:33 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-30 11:33 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-30 11:32 . 2012-05-30 11:32 -------- d-----w- c:\program files\AVAST Software
2012-05-30 11:32 . 2012-05-30 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-05-30 11:14 . 2012-05-30 11:14 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-30 11:14 . 2012-05-30 11:14 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-30 00:53 . 2012-06-01 07:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-27 18:09 . 2012-05-27 18:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-05-27 08:52 . 2012-05-27 08:52 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-05-27 07:50 . 2012-05-27 07:50 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-27 03:04 . 2012-05-31 01:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{949CAA45-A7A8-11E1-8270-B8AC6F996F26}
2012-05-27 03:03 . 2012-05-27 07:49 -------- d-----w- c:\documents and settings\All Users\Application Data\529C5369000183630A2D9B602830ACA8
2012-05-26 22:40 . 2012-05-31 01:59 -------- d-----w- c:\documents and settings\NetworkService\UserData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-13 22:44 . 2012-04-02 02:06 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-13 22:44 . 2011-10-13 05:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2006-10-30 00:07 . 2006-10-30 00:07 6168096 ----a-w- c:\program files\PokerStarsInstallPM.exe
2005-02-01 20:37 . 2005-02-01 20:37 2636408 ----a-w- c:\program files\aawsepersonal.exe
2012-05-30 11:14 . 2011-10-13 07:28 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-30_06.07.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-12 06:02 . 2009-07-12 06:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
- 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
- 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2012-06-09 15:55 . 2012-06-09 15:55 16384 c:\windows\Temp\Perflib_Perfdata_738.dat
- 2003-10-11 10:06 . 2012-03-11 23:05 68600 c:\windows\system32\perfc009.dat
+ 2003-10-11 10:06 . 2012-05-30 23:32 68600 c:\windows\system32\perfc009.dat
- 2012-01-23 02:21 . 2001-08-17 20:56 66048 c:\windows\system32\dllcache\s3legacy.dll
+ 2012-01-23 02:21 . 2001-08-17 19:56 66048 c:\windows\system32\dllcache\s3legacy.dll
+ 2003-10-11 10:16 . 2001-08-18 03:36 45056 c:\windows\system32\dllcache\EXCH_aqadmin.dll
- 2003-10-11 10:16 . 2001-08-18 04:36 45056 c:\windows\system32\dllcache\EXCH_aqadmin.dll
+ 2012-01-23 02:23 . 2001-08-18 03:36 32256 c:\windows\system32\dllcache\diapi2NT.dll
- 2012-01-23 02:23 . 2001-08-18 04:36 32256 c:\windows\system32\dllcache\diapi2NT.dll
- 2012-01-23 02:23 . 2001-08-17 19:52 14976 c:\windows\system32\dllcache\cpqarray.sys
+ 2012-01-23 02:23 . 2001-08-17 18:52 14976 c:\windows\system32\dllcache\cpqarray.sys
- 2012-01-23 02:23 . 2001-08-17 18:11 39936 c:\windows\system32\dllcache\cnxt1803.sys
+ 2012-01-23 02:23 . 2001-08-17 17:11 39936 c:\windows\system32\dllcache\cnxt1803.sys
+ 2012-01-23 02:23 . 2001-08-18 03:36 44032 c:\windows\system32\dllcache\cnusd.dll
- 2012-01-23 02:23 . 2001-08-18 04:36 44032 c:\windows\system32\dllcache\cnusd.dll
- 2012-01-23 02:23 . 2001-08-17 19:51 20736 c:\windows\system32\dllcache\cmbp0wdm.sys
+ 2012-01-23 02:23 . 2001-08-17 18:51 20736 c:\windows\system32\dllcache\cmbp0wdm.sys
+ 2012-01-23 02:23 . 2004-08-04 05:07 14080 c:\windows\system32\dllcache\cmbatt.sys
- 2012-01-23 02:23 . 2004-08-04 06:07 14080 c:\windows\system32\dllcache\cmbatt.sys
- 2012-01-23 02:23 . 2001-08-17 19:57 45696 c:\windows\system32\dllcache\cirrus.sys
+ 2012-01-23 02:23 . 2001-08-17 18:57 45696 c:\windows\system32\dllcache\cirrus.sys
- 2012-01-23 02:23 . 2001-08-17 20:56 91264 c:\windows\system32\dllcache\cirrus.dll
+ 2012-01-23 02:23 . 2001-08-17 19:56 91264 c:\windows\system32\dllcache\cirrus.dll
- 2012-01-23 02:23 . 2001-08-17 18:13 49182 c:\windows\system32\dllcache\cem56n5.sys
+ 2012-01-23 02:23 . 2001-08-17 17:13 49182 c:\windows\system32\dllcache\cem56n5.sys
- 2012-01-23 02:23 . 2001-08-17 18:13 22044 c:\windows\system32\dllcache\cem33n5.sys
+ 2012-01-23 02:23 . 2001-08-17 17:13 22044 c:\windows\system32\dllcache\cem33n5.sys
+ 2012-01-23 02:23 . 2001-08-17 17:13 22044 c:\windows\system32\dllcache\cem28n5.sys
- 2012-01-23 02:23 . 2001-08-17 18:13 22044 c:\windows\system32\dllcache\cem28n5.sys
- 2012-01-23 02:23 . 2001-08-17 18:13 27164 c:\windows\system32\dllcache\ce3n5.sys
+ 2012-01-23 02:23 . 2001-08-17 17:13 27164 c:\windows\system32\dllcache\ce3n5.sys
- 2012-01-23 02:23 . 2001-08-17 18:13 21530 c:\windows\system32\dllcache\ce2n5.sys
+ 2012-01-23 02:23 . 2001-08-17 17:13 21530 c:\windows\system32\dllcache\ce2n5.sys
- 2012-01-23 02:23 . 2001-08-17 18:13 46108 c:\windows\system32\dllcache\cben5.sys
+ 2012-01-23 02:23 . 2001-08-17 17:13 46108 c:\windows\system32\dllcache\cben5.sys
- 2012-01-23 02:23 . 2001-08-17 18:12 39680 c:\windows\system32\dllcache\cb325.sys
+ 2012-01-23 02:23 . 2001-08-17 17:12 39680 c:\windows\system32\dllcache\cb325.sys
- 2012-01-23 02:23 . 2001-08-17 18:12 37916 c:\windows\system32\dllcache\cb102.sys
+ 2012-01-23 02:23 . 2001-08-17 17:12 37916 c:\windows\system32\dllcache\cb102.sys
- 2012-01-23 02:23 . 2001-08-18 04:36 74240 c:\windows\system32\dllcache\camexo20.dll
+ 2012-01-23 02:23 . 2001-08-18 03:36 74240 c:\windows\system32\dllcache\camexo20.dll
- 2012-01-23 02:22 . 2001-08-17 19:51 13824 c:\windows\system32\dllcache\bulltlp3.sys
+ 2012-01-23 02:22 . 2001-08-17 18:51 13824 c:\windows\system32\dllcache\bulltlp3.sys
+ 2012-01-23 02:22 . 2001-08-17 17:11 31529 c:\windows\system32\dllcache\brzwlan.sys
- 2012-01-23 02:22 . 2001-08-17 18:11 31529 c:\windows\system32\dllcache\brzwlan.sys
- 2012-01-23 02:22 . 2001-08-17 19:12 10368 c:\windows\system32\dllcache\brusbscn.sys
+ 2012-01-23 02:22 . 2001-08-17 18:12 10368 c:\windows\system32\dllcache\brusbscn.sys
- 2012-01-23 02:22 . 2001-08-17 19:12 11008 c:\windows\system32\dllcache\brusbmdm.sys
+ 2012-01-23 02:22 . 2001-08-17 18:12 11008 c:\windows\system32\dllcache\brusbmdm.sys
+ 2012-01-23 02:22 . 2001-08-17 18:12 60416 c:\windows\system32\dllcache\brserwdm.sys
- 2012-01-23 02:22 . 2001-08-17 19:12 60416 c:\windows\system32\dllcache\brserwdm.sys
- 2012-01-23 02:22 . 2001-08-17 19:12 39552 c:\windows\system32\dllcache\brparwdm.sys
+ 2012-01-23 02:22 . 2001-08-17 18:12 39552 c:\windows\system32\dllcache\brparwdm.sys
- 2012-01-23 02:22 . 2001-08-18 04:36 41472 c:\windows\system32\dllcache\brmfusb.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 41472 c:\windows\system32\dllcache\brmfusb.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 32256 c:\windows\system32\dllcache\brmfrsmg.exe
- 2012-01-23 02:22 . 2001-08-18 04:36 32256 c:\windows\system32\dllcache\brmfrsmg.exe
- 2012-01-23 02:22 . 2001-08-18 04:36 29696 c:\windows\system32\dllcache\brmflpt.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 29696 c:\windows\system32\dllcache\brmflpt.dll
- 2012-01-23 02:22 . 2001-08-18 04:36 81408 c:\windows\system32\dllcache\brmfcwia.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 81408 c:\windows\system32\dllcache\brmfcwia.dll
- 2012-01-23 02:22 . 2001-08-18 04:36 15360 c:\windows\system32\dllcache\brmfbidi.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 15360 c:\windows\system32\dllcache\brmfbidi.dll
+ 2012-01-23 02:22 . 2001-08-17 18:12 12160 c:\windows\system32\dllcache\brfiltlo.sys
- 2012-01-23 02:22 . 2001-08-17 19:12 12160 c:\windows\system32\dllcache\brfiltlo.sys
- 2012-01-23 02:22 . 2001-08-18 04:36 12800 c:\windows\system32\dllcache\brevif.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 12800 c:\windows\system32\dllcache\brevif.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 19456 c:\windows\system32\dllcache\brbidiif.dll
- 2012-01-23 02:22 . 2001-08-18 04:36 19456 c:\windows\system32\dllcache\brbidiif.dll
- 2012-01-23 02:22 . 2001-08-17 18:11 26568 c:\windows\system32\dllcache\bcm4e5.sys
+ 2012-01-23 02:22 . 2001-08-17 17:11 26568 c:\windows\system32\dllcache\bcm4e5.sys
+ 2012-01-23 02:22 . 2001-08-17 17:11 54271 c:\windows\system32\dllcache\bcm42xx5.sys
- 2012-01-23 02:22 . 2001-08-17 18:11 54271 c:\windows\system32\dllcache\bcm42xx5.sys
+ 2012-01-23 02:22 . 2001-08-17 17:11 66557 c:\windows\system32\dllcache\bcm42u.sys
- 2012-01-23 02:22 . 2001-08-17 18:11 66557 c:\windows\system32\dllcache\bcm42u.sys
+ 2012-01-23 02:22 . 2001-08-17 18:57 14080 c:\windows\system32\dllcache\battc.sys
- 2012-01-23 02:22 . 2001-08-17 19:57 14080 c:\windows\system32\dllcache\battc.sys
+ 2012-01-23 02:22 . 2001-08-17 17:48 36128 c:\windows\system32\dllcache\banshee.sys
- 2012-01-23 02:22 . 2001-08-17 18:48 36128 c:\windows\system32\dllcache\banshee.sys
- 2012-01-23 02:22 . 2001-08-17 18:11 96640 c:\windows\system32\dllcache\b57xp32.sys
+ 2012-01-23 02:22 . 2001-08-17 17:11 96640 c:\windows\system32\dllcache\b57xp32.sys
+ 2012-01-23 02:22 . 2001-08-17 17:13 89952 c:\windows\system32\dllcache\b1cbase.sys
- 2012-01-23 02:22 . 2001-08-17 18:13 89952 c:\windows\system32\dllcache\b1cbase.sys
- 2012-01-23 02:22 . 2001-08-17 18:19 36992 c:\windows\system32\dllcache\aztw2320.sys
+ 2012-01-23 02:22 . 2001-08-17 17:19 36992 c:\windows\system32\dllcache\aztw2320.sys
- 2012-01-23 02:22 . 2001-08-17 18:13 37568 c:\windows\system32\dllcache\avmwan.sys
+ 2012-01-23 02:22 . 2001-08-17 17:13 37568 c:\windows\system32\dllcache\avmwan.sys
- 2012-01-23 02:22 . 2001-08-18 04:36 87552 c:\windows\system32\dllcache\avmcoxp.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 87552 c:\windows\system32\dllcache\avmcoxp.dll
- 2012-01-23 02:22 . 2004-08-04 06:09 13696 c:\windows\system32\dllcache\avcstrm.sys
+ 2012-01-23 02:22 . 2004-08-04 05:09 13696 c:\windows\system32\dllcache\avcstrm.sys
+ 2012-01-23 02:22 . 2001-08-17 19:01 36096 c:\windows\system32\dllcache\avcaudio.sys
- 2012-01-23 02:22 . 2001-08-17 20:01 36096 c:\windows\system32\dllcache\avcaudio.sys
+ 2012-01-23 02:22 . 2004-08-04 05:10 38912 c:\windows\system32\dllcache\avc.sys
- 2012-01-23 02:22 . 2004-08-04 06:10 38912 c:\windows\system32\dllcache\avc.sys
+ 2012-01-23 02:22 . 2001-08-17 17:49 23552 c:\windows\system32\dllcache\atixbar.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 23552 c:\windows\system32\dllcache\atixbar.sys
+ 2012-01-23 02:22 . 2001-08-17 17:49 26624 c:\windows\system32\dllcache\ativxbar.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 26624 c:\windows\system32\dllcache\ativxbar.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 19456 c:\windows\system32\dllcache\ativttxx.sys
+ 2012-01-23 02:22 . 2001-08-17 17:49 19456 c:\windows\system32\dllcache\ativttxx.sys
+ 2012-01-23 02:22 . 2001-08-17 17:49 17152 c:\windows\system32\dllcache\atitvsnd.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 17152 c:\windows\system32\dllcache\atitvsnd.sys
+ 2012-01-23 02:22 . 2001-08-17 17:49 17152 c:\windows\system32\dllcache\atitunep.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 17152 c:\windows\system32\dllcache\atitunep.sys
+ 2012-01-23 02:22 . 2001-08-17 17:49 26880 c:\windows\system32\dllcache\atirtsnd.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 26880 c:\windows\system32\dllcache\atirtsnd.sys
+ 2012-01-23 02:22 . 2001-08-17 17:49 49920 c:\windows\system32\dllcache\atirtcap.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 49920 c:\windows\system32\dllcache\atirtcap.sys
- 2012-01-23 02:22 . 2001-08-17 18:48 70528 c:\windows\system32\dllcache\atiragem.sys
+ 2012-01-23 02:22 . 2001-08-17 17:48 70528 c:\windows\system32\dllcache\atiragem.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 10240 c:\windows\system32\dllcache\atipcxxx.sys
+ 2012-01-23 02:22 . 2001-08-17 17:49 10240 c:\windows\system32\dllcache\atipcxxx.sys
+ 2012-01-23 02:22 . 2001-08-17 17:49 75136 c:\windows\system32\dllcache\atimpae.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 75136 c:\windows\system32\dllcache\atimpae.sys
+ 2012-01-23 02:22 . 2001-08-18 03:36 37376 c:\windows\system32\dllcache\atievxx.exe
- 2012-01-23 02:22 . 2001-08-18 04:36 37376 c:\windows\system32\dllcache\atievxx.exe
+ 2012-01-23 02:22 . 2001-08-17 17:49 46464 c:\windows\system32\dllcache\atibt829.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 46464 c:\windows\system32\dllcache\atibt829.sys
- 2012-01-23 02:22 . 2001-08-17 19:57 77568 c:\windows\system32\dllcache\ati.sys
+ 2012-01-23 02:22 . 2001-08-17 18:57 77568 c:\windows\system32\dllcache\ati.sys
- 2012-01-23 02:22 . 2001-08-17 20:55 96128 c:\windows\system32\dllcache\ati.dll
+ 2012-01-23 02:22 . 2001-08-17 19:55 96128 c:\windows\system32\dllcache\ati.dll
- 2012-01-23 02:22 . 2001-08-17 18:12 97354 c:\windows\system32\dllcache\aspndis3.sys
+ 2012-01-23 02:22 . 2001-08-17 17:12 97354 c:\windows\system32\dllcache\aspndis3.sys
+ 2012-01-23 02:22 . 2001-08-17 18:51 14848 c:\windows\system32\dllcache\asc3550.sys
- 2012-01-23 02:22 . 2001-08-17 19:51 14848 c:\windows\system32\dllcache\asc3550.sys
+ 2012-01-23 02:22 . 2001-08-17 18:52 22400 c:\windows\system32\dllcache\asc3350p.sys
- 2012-01-23 02:22 . 2001-08-17 19:52 22400 c:\windows\system32\dllcache\asc3350p.sys
- 2012-01-23 02:22 . 2001-08-17 19:52 26496 c:\windows\system32\dllcache\asc.sys
+ 2012-01-23 02:22 . 2001-08-17 18:52 26496 c:\windows\system32\dllcache\asc.sys
+ 2012-01-23 02:22 . 2002-08-29 03:59 36224 c:\windows\system32\dllcache\an983.sys
- 2012-01-23 02:22 . 2002-08-29 04:59 36224 c:\windows\system32\dllcache\an983.sys
+ 2012-01-23 02:22 . 2001-08-17 18:52 12032 c:\windows\system32\dllcache\amsint.sys
- 2012-01-23 02:22 . 2001-08-17 19:52 12032 c:\windows\system32\dllcache\amsint.sys
+ 2012-01-23 02:22 . 2001-08-17 17:11 16969 c:\windows\system32\dllcache\amb8002.sys
- 2012-01-23 02:22 . 2001-08-17 18:11 16969 c:\windows\system32\dllcache\amb8002.sys
+ 2012-01-23 02:22 . 2001-08-17 18:49 26624 c:\windows\system32\dllcache\alifir.sys
- 2012-01-23 02:22 . 2001-08-17 19:49 26624 c:\windows\system32\dllcache\alifir.sys
- 2012-01-23 02:22 . 2001-08-17 18:11 27678 c:\windows\system32\dllcache\ali5261.sys
+ 2012-01-23 02:22 . 2001-08-17 17:11 27678 c:\windows\system32\dllcache\ali5261.sys
+ 2012-01-23 02:22 . 2001-08-17 19:07 56960 c:\windows\system32\dllcache\aic78xx.sys
- 2012-01-23 02:22 . 2001-08-17 20:07 56960 c:\windows\system32\dllcache\aic78xx.sys
- 2012-01-23 02:22 . 2001-08-17 20:07 55168 c:\windows\system32\dllcache\aic78u2.sys
+ 2012-01-23 02:22 . 2001-08-17 19:07 55168 c:\windows\system32\dllcache\aic78u2.sys
+ 2012-01-23 02:22 . 2001-08-17 18:52 12800 c:\windows\system32\dllcache\aha154x.sys
- 2012-01-23 02:22 . 2001-08-17 19:52 12800 c:\windows\system32\dllcache\aha154x.sys
- 2012-01-23 02:21 . 2001-08-17 18:11 46112 c:\windows\system32\dllcache\adptsf50.sys
+ 2012-01-23 02:21 . 2001-08-17 17:11 46112 c:\windows\system32\dllcache\adptsf50.sys
+ 2012-01-23 02:21 . 2002-08-29 04:00 10880 c:\windows\system32\dllcache\admjoy.sys
- 2012-01-23 02:21 . 2002-08-29 05:00 10880 c:\windows\system32\dllcache\admjoy.sys
+ 2012-01-23 02:21 . 2001-08-17 17:11 20160 c:\windows\system32\dllcache\adm8511.sys
- 2012-01-23 02:21 . 2001-08-17 18:11 20160 c:\windows\system32\dllcache\adm8511.sys
- 2012-01-23 02:21 . 2001-08-18 04:36 61440 c:\windows\system32\dllcache\acerscad.dll
+ 2012-01-23 02:21 . 2001-08-18 03:36 61440 c:\windows\system32\dllcache\acerscad.dll
+ 2012-01-23 02:21 . 2002-08-29 04:00 84480 c:\windows\system32\dllcache\ac97via.sys
- 2012-01-23 02:21 . 2002-08-29 05:00 84480 c:\windows\system32\dllcache\ac97via.sys
+ 2012-01-23 02:21 . 2001-08-17 17:20 96256 c:\windows\system32\dllcache\ac97intc.sys
- 2012-01-23 02:21 . 2001-08-17 18:20 96256 c:\windows\system32\dllcache\ac97intc.sys
- 2012-01-23 02:21 . 2001-08-17 19:52 23552 c:\windows\system32\dllcache\abp480n5.sys
+ 2012-01-23 02:21 . 2001-08-17 18:52 23552 c:\windows\system32\dllcache\abp480n5.sys
+ 2012-01-23 02:21 . 2001-08-17 19:55 38400 c:\windows\system32\dllcache\8514a.dll
- 2012-01-23 02:21 . 2001-08-17 20:55 38400 c:\windows\system32\dllcache\8514a.dll
+ 2012-01-23 02:21 . 2004-08-04 05:10 48128 c:\windows\system32\dllcache\61883.sys
- 2012-01-23 02:21 . 2004-08-04 06:10 48128 c:\windows\system32\dllcache\61883.sys
- 2012-01-23 02:21 . 2004-08-04 06:00 12288 c:\windows\system32\dllcache\4mmdat.sys
+ 2012-01-23 02:21 . 2004-08-04 05:00 12288 c:\windows\system32\dllcache\4mmdat.sys
+ 2012-01-23 02:21 . 2001-08-17 19:06 11264 c:\windows\system32\dllcache\1394vdbg.sys
- 2012-01-23 02:21 . 2001-08-17 20:06 11264 c:\windows\system32\dllcache\1394vdbg.sys
- 2012-01-23 02:21 . 2004-08-04 06:10 53248 c:\windows\system32\dllcache\1394bus.sys
+ 2012-01-23 02:21 . 2004-08-04 05:10 53248 c:\windows\system32\dllcache\1394bus.sys
- 2003-10-11 10:16 . 2001-08-18 04:36 5632 c:\windows\system32\dllcache\EXCH_adsiisex.dll
+ 2003-10-11 10:16 . 2001-08-18 03:36 5632 c:\windows\system32\dllcache\EXCH_adsiisex.dll
+ 2012-01-23 02:23 . 2001-08-17 18:58 9344 c:\windows\system32\dllcache\compbatt.sys
- 2012-01-23 02:23 . 2001-08-17 19:58 9344 c:\windows\system32\dllcache\compbatt.sys
- 2012-01-23 02:23 . 2001-08-17 19:51 6656 c:\windows\system32\dllcache\cmdide.sys
+ 2012-01-23 02:23 . 2001-08-17 18:51 6656 c:\windows\system32\dllcache\cmdide.sys
+ 2012-01-23 02:23 . 2004-08-04 05:00 8192 c:\windows\system32\dllcache\changer.sys
- 2012-01-23 02:23 . 2004-08-04 06:00 8192 c:\windows\system32\dllcache\changer.sys
- 2012-01-23 02:23 . 2001-08-17 19:52 7680 c:\windows\system32\dllcache\cd20xrnt.sys
+ 2012-01-23 02:23 . 2001-08-17 18:52 7680 c:\windows\system32\dllcache\cd20xrnt.sys
- 2012-01-23 02:22 . 2001-08-18 04:36 9728 c:\windows\system32\dllcache\brserif.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 9728 c:\windows\system32\dllcache\brserif.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 5120 c:\windows\system32\dllcache\brscnrsm.dll
- 2012-01-23 02:22 . 2001-08-18 04:36 5120 c:\windows\system32\dllcache\brscnrsm.dll
+ 2012-01-23 02:22 . 2001-08-17 18:12 3168 c:\windows\system32\dllcache\brparimg.sys
- 2012-01-23 02:22 . 2001-08-17 19:12 3168 c:\windows\system32\dllcache\brparimg.sys
- 2012-01-23 02:22 . 2001-08-17 19:12 3968 c:\windows\system32\dllcache\brfiltup.sys
+ 2012-01-23 02:22 . 2001-08-17 18:12 3968 c:\windows\system32\dllcache\brfiltup.sys
+ 2012-01-23 02:22 . 2001-08-17 18:12 2944 c:\windows\system32\dllcache\brfilt.sys
- 2012-01-23 02:22 . 2001-08-17 19:12 2944 c:\windows\system32\dllcache\brfilt.sys
+ 2012-01-23 02:22 . 2001-08-18 03:36 9728 c:\windows\system32\dllcache\brcoinst.dll
- 2012-01-23 02:22 . 2001-08-18 04:36 9728 c:\windows\system32\dllcache\brcoinst.dll
+ 2012-01-23 02:22 . 2001-08-17 17:49 9472 c:\windows\system32\dllcache\ativmdcd.sys
- 2012-01-23 02:22 . 2001-08-17 18:49 9472 c:\windows\system32\dllcache\ativmdcd.sys
+ 2012-01-23 02:22 . 2001-08-17 18:47 6272 c:\windows\system32\dllcache\apmbatt.sys
- 2012-01-23 02:22 . 2001-08-17 19:47 6272 c:\windows\system32\dllcache\apmbatt.sys
+ 2012-01-23 02:22 . 2001-08-17 18:51 5248 c:\windows\system32\dllcache\aliide.sys
- 2012-01-23 02:22 . 2001-08-17 19:51 5248 c:\windows\system32\dllcache\aliide.sys
+ 2012-01-23 02:21 . 2001-08-17 18:53 7424 c:\windows\system32\dllcache\adicvls.sys
- 2012-01-23 02:21 . 2001-08-17 19:53 7424 c:\windows\system32\dllcache\adicvls.sys
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
- 2009-07-12 06:05 . 2009-07-12 06:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2012-05-30 23:40 . 2008-05-20 22:23 200704 c:\windows\system32\UpdateDriver.exe
+ 2003-10-11 10:06 . 2012-05-30 23:32 417352 c:\windows\system32\perfh009.dat
- 2003-10-11 10:06 . 2012-03-11 23:05 417352 c:\windows\system32\perfh009.dat
+ 2012-05-31 07:16 . 2008-07-30 20:44 619136 c:\windows\system32\DRVSTORE\rt2870_469F300C6BCD378A9671F90E48D485AE5FE7D92F\rt2870.sys
+ 2012-01-23 02:23 . 2001-08-17 17:13 164923 c:\windows\system32\dllcache\diapi2.sys
- 2012-01-23 02:23 . 2001-08-17 18:13 164923 c:\windows\system32\dllcache\diapi2.sys
+ 2012-01-23 02:23 . 2001-08-17 18:57 248064 c:\windows\system32\dllcache\cl546xm.sys
- 2012-01-23 02:23 . 2001-08-17 19:57 248064 c:\windows\system32\dllcache\cl546xm.sys
+ 2012-01-23 02:23 . 2001-08-17 19:56 170880 c:\windows\system32\dllcache\cl546x.dll
- 2012-01-23 02:23 . 2001-08-17 20:56 170880 c:\windows\system32\dllcache\cl546x.dll
- 2012-01-23 02:23 . 2001-08-17 20:56 111232 c:\windows\system32\dllcache\cl5465.dll
+ 2012-01-23 02:23 . 2001-08-17 19:56 111232 c:\windows\system32\dllcache\cl5465.dll
- 2012-01-23 02:23 . 2001-08-17 20:02 272640 c:\windows\system32\dllcache\cinemclc.sys
+ 2012-01-23 02:23 . 2001-08-17 19:02 272640 c:\windows\system32\dllcache\cinemclc.sys
- 2012-01-23 02:23 . 2001-08-17 18:13 980034 c:\windows\system32\dllcache\cicap.sys
+ 2012-01-23 02:23 . 2001-08-17 17:13 980034 c:\windows\system32\dllcache\cicap.sys
+ 2012-01-23 02:23 . 2001-08-17 18:28 714698 c:\windows\system32\dllcache\cbmdmkxx.sys
- 2012-01-23 02:23 . 2001-08-17 19:28 714698 c:\windows\system32\dllcache\cbmdmkxx.sys
+ 2012-01-23 02:23 . 2001-08-18 03:36 119296 c:\windows\system32\dllcache\camext30.dll
- 2012-01-23 02:23 . 2001-08-18 04:36 119296 c:\windows\system32\dllcache\camext30.dll
+ 2012-01-23 02:23 . 2001-08-18 03:36 236032 c:\windows\system32\dllcache\camext20.dll
- 2012-01-23 02:23 . 2001-08-18 04:36 236032 c:\windows\system32\dllcache\camext20.dll
- 2012-01-23 02:23 . 2001-08-17 20:04 171264 c:\windows\system32\dllcache\camdrv30.sys
+ 2012-01-23 02:23 . 2001-08-17 19:04 171264 c:\windows\system32\dllcache\camdrv30.sys
- 2012-01-23 02:23 . 2001-08-17 20:04 223232 c:\windows\system32\dllcache\camdrv21.sys
+ 2012-01-23 02:23 . 2001-08-17 19:04 223232 c:\windows\system32\dllcache\camdrv21.sys
+ 2012-01-23 02:23 . 2001-08-17 19:05 314752 c:\windows\system32\dllcache\camdro21.sys
- 2012-01-23 02:23 . 2001-08-17 20:05 314752 c:\windows\system32\dllcache\camdro21.sys
+ 2012-01-23 02:22 . 2001-08-18 03:36 102400 c:\windows\system32\dllcache\binlsvc.dll
- 2012-01-23 02:22 . 2001-08-18 04:36 102400 c:\windows\system32\dllcache\binlsvc.dll
+ 2012-01-23 02:22 . 2001-08-17 18:28 871388 c:\windows\system32\dllcache\bcmdm.sys
- 2012-01-23 02:22 . 2001-08-17 19:28 871388 c:\windows\system32\dllcache\bcmdm.sys
- 2012-01-23 02:22 . 2001-08-17 20:56 342336 c:\windows\system32\dllcache\banshee.dll
+ 2012-01-23 02:22 . 2001-08-17 19:56 342336 c:\windows\system32\dllcache\banshee.dll
+ 2012-01-23 02:22 . 2001-08-18 03:36 144384 c:\windows\system32\dllcache\avmenum.dll
- 2012-01-23 02:22 . 2001-08-18 04:36 144384 c:\windows\system32\dllcache\avmenum.dll
- 2012-01-23 02:22 . 2001-08-17 20:56 104832 c:\windows\system32\dllcache\atiraged.dll
+ 2012-01-23 02:22 . 2001-08-17 19:56 104832 c:\windows\system32\dllcache\atiraged.dll
+ 2012-01-23 02:22 . 2001-08-17 17:48 281600 c:\windows\system32\dllcache\atimtai.sys
- 2012-01-23 02:22 . 2001-08-17 18:48 281600 c:\windows\system32\dllcache\atimtai.sys
+ 2012-01-23 02:22 . 2001-08-17 17:48 289664 c:\windows\system32\dllcache\atimpab.sys
- 2012-01-23 02:22 . 2001-08-17 18:48 289664 c:\windows\system32\dllcache\atimpab.sys
+ 2012-01-23 02:22 . 2001-08-17 19:56 268160 c:\windows\system32\dllcache\atidvai.dll
- 2012-01-23 02:22 . 2001-08-17 20:56 268160 c:\windows\system32\dllcache\atidvai.dll
+ 2012-01-23 02:22 . 2001-08-17 19:56 137216 c:\windows\system32\dllcache\atidrae.dll
- 2012-01-23 02:22 . 2001-08-17 20:56 137216 c:\windows\system32\dllcache\atidrae.dll
+ 2012-01-23 02:22 . 2001-08-17 19:55 382592 c:\windows\system32\dllcache\atidrab.dll
- 2012-01-23 02:22 . 2001-08-17 20:55 382592 c:\windows\system32\dllcache\atidrab.dll
- 2012-01-23 02:21 . 2001-08-17 20:07 101888 c:\windows\system32\dllcache\adpu160m.sys
+ 2012-01-23 02:21 . 2001-08-17 19:07 101888 c:\windows\system32\dllcache\adpu160m.sys
- 2012-01-23 02:21 . 2001-08-17 18:19 747392 c:\windows\system32\dllcache\adm8830.sys
+ 2012-01-23 02:21 . 2001-08-17 17:19 747392 c:\windows\system32\dllcache\adm8830.sys
+ 2012-01-23 02:21 . 2001-08-17 17:19 553984 c:\windows\system32\dllcache\adm8820.sys
- 2012-01-23 02:21 . 2001-08-17 18:19 553984 c:\windows\system32\dllcache\adm8820.sys
+ 2012-01-23 02:21 . 2001-08-17 17:19 584448 c:\windows\system32\dllcache\adm8810.sys
- 2012-01-23 02:21 . 2001-08-17 18:19 584448 c:\windows\system32\dllcache\adm8810.sys
+ 2012-01-23 02:21 . 2001-08-17 17:20 297728 c:\windows\system32\dllcache\ac97sis.sys
- 2012-01-23 02:21 . 2001-08-17 18:20 297728 c:\windows\system32\dllcache\ac97sis.sys
+ 2012-01-23 02:21 . 2002-08-29 04:00 231552 c:\windows\system32\dllcache\ac97ali.sys
- 2012-01-23 02:21 . 2002-08-29 05:00 231552 c:\windows\system32\dllcache\ac97ali.sys
+ 2012-01-23 02:21 . 2001-08-17 17:48 148352 c:\windows\system32\dllcache\3dfxvsm.sys
- 2012-01-23 02:21 . 2001-08-17 18:48 148352 c:\windows\system32\dllcache\3dfxvsm.sys
- 2012-01-23 02:21 . 2001-08-17 20:55 689216 c:\windows\system32\dllcache\3dfxvs.dll
+ 2012-01-23 02:21 . 2001-08-17 19:55 689216 c:\windows\system32\dllcache\3dfxvs.dll
- 2012-01-23 02:21 . 2001-08-17 19:28 762780 c:\windows\system32\dllcache\3cwmcru.sys
+ 2012-01-23 02:21 . 2001-08-17 18:28 762780 c:\windows\system32\dllcache\3cwmcru.sys
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2006-04-12 00:54 . 2012-05-31 02:03 25281564 c:\windows\system32\Restore\rstrlog.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-08-19 852038]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-08-20 155648]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"F5D8055v1"="c:\program files\Belkin\F5D8055\v1\Belkinwcui.exe" [2008-09-04 1662976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"mmtask"=c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
"KBD"=c:\hp\KBD\KBD.EXE
"CamMonitor"=c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"Lexmark X5100 Series"="c:\program files\Lexmark X5100 Series\lxbabmgr.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/30/2012 6:34 AM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/30/2012 6:35 AM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/30/2012 6:35 AM 20696]
R2 MSSQL$VECTORVEST;MSSQL$VECTORVEST;c:\program files\Microsoft SQL Server\MSSQL$VECTORVEST\Binn\sqlservr.exe -sVECTORVEST --> c:\program files\Microsoft SQL Server\MSSQL$VECTORVEST\Binn\sqlservr.exe -sVECTORVEST [?]
S2 mrtRate;mrtRate; [x]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/30/2012 6:14 AM 129976]
S3 SQLAgent$VECTORVEST;SQLAgent$VECTORVEST;c:\program files\Microsoft SQL Server\MSSQL$VECTORVEST\Binn\sqlagent.EXE -i VECTORVEST --> c:\program files\Microsoft SQL Server\MSSQL$VECTORVEST\Binn\sqlagent.EXE -i VECTORVEST [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe [2004-03-31 23:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/
uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/
mSearch Bar = hxxp://srch-qus10.hpwis.com/
uInternet Connection Wizard,ShellNext = hxxp://qus10.hpwis.com/
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: SpSubLSP.dll
Trusted Zone: adobe.com\www
Trusted Zone: scottrade.com\trading
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z5fmv8xb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-09 10:57
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\SpSubLSP.dll
.
- - - - - - - > 'explorer.exe'(3396)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Microsoft SQL Server\MSSQL$VECTORVEST\Binn\sqlservr.exe
c:\windows\system32\wscntfy.exe
c:\windows\LTMSG.exe
c:\windows\ALCXMNTR.EXE
.
**************************************************************************
.
Completion time: 2012-06-09 11:07:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-09 16:06
ComboFix2.txt 2012-05-30 06:14
.
Pre-Run: 15,258,947,584 bytes free
Post-Run: 15,311,421,440 bytes free
.
- - End Of File - - 4E463ADF8C46FCA4D754AD632815EF11
I hope I did this right this time. thanx.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:50 PM

Posted 12 June 2012 - 08:31 AM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    hal.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log
===

Belkin issue.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • List Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size
Click Go and copy/paste the log (Result.txt) into your next post.

Have a look at this article
http://www.belkin.com/uk/support/article/?lid=enu&pid=F5D7633uk4A&aid=8168&scid=0
Can it help you in finding a solution?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users