Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJackThis log analysis


  • This topic is locked This topic is locked
17 replies to this topic

#1 sleopard

sleopard

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 03 June 2012 - 11:20 AM

Dear Members,

I am new member and this is my first HijackThis log. I would appreciate if anyone of you could take a look at it and let me know if my system is infected, and how to fix it.

Thank you for your time and valuable input.

Regards,

SLeopard

BC AdBot (Login to Remove)

 


#2 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:02:42 AM

Posted 04 June 2012 - 06:35 AM

Hi SLeopard,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.
Regards,
M-K-D-B

#3 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:02:42 AM

Posted 05 June 2012 - 04:34 AM

Hi SLeopard,


:welcome: to BleepingComputer.

My name is M-K-D-B and I'll help you with the cleanup of your computer.

Please be aware of the following:
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 3 days, I am assuming that you don't need help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all malware. Formatting is usually faster and always the safest way.
  • If you decide to clean your PC, work with us until a team member tells you that you are clean.
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.





I would appreciate if anyone of you could take a look at it and let me know if my system is infected, and how to fix it.

Did you recognize any problems at the moment with you computer?
How is your machine running at the moment?





Step 1
We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE





Step 2
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.





Step 3
Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.





Step 4
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Skip is selected, then click Continue > Close to close the tool.
    Note: We don't want to fix anything here, but just get an overview of your computer!
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.07.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.





What you should post with your next answer:
  • both logfiles from DDS,
  • the logfile from aswMBR,
  • the logfile from TDSS Killer,
  • an answer to my questions and any further information that seems to be important in your eyes.

Regards,
M-K-D-B

#4 sleopard

sleopard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 07 June 2012 - 07:40 PM

Hi M-K-D-B,

Thanks for looking at my log. Let me first answer your questions. I get this error message when I run any application on my system:

16 bit ms-dos subsystem

c:\windows\system32\ctfmon.exe
The NTVDM CPU has encountered an illegal instruction.
CS:0558 IP:019c OP:f0 0a 00 00 a8 Choose 'Close' to terminate the application.

I have Microsoft Security Essential installed that I keep updated and scan regularly, however, the above message prompted me to take a close look at my system and that is why I posted the HiJackThis log and seek your help. Otherwise, my PC is running OK.

I would also like to tell you that after posting the log I installed Malwarebyte Anti-Malware and SuperAnit Spyware. The Malwarebyte scan reported and fixed some problems that I am posting below:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.03.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: ALPHA-DT [administrator]

6/3/2012 5:24:50 PM
mbam-log-2012-06-03 (17-24-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235162
Time elapsed: 7 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{597A9974-8CB0-4f41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\CLSID\{25514C64-8321-494e-BD3E-3DBAB3F8CEBA} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\TypeLib\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\RewardsArcade.FBApi.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\RewardsArcade.FBApi (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\RewardsArcade.BHO.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 15
C:\Program Files\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Files Detected: 57
C:\Program Files\RewardsArcade\RewardsArcade.dll (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\fb.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\appAPIinternalWrapper.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\jquery.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\json.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\RewardsArcade.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\Uninstall.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\UserConfirmation.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon128.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.

(end)

Please refer to the logs of other scans you have asked for below:

1.

Log I

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 19:18:31 on 2012-06-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1536.966 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mURLSearchHooks: H - No File
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5825.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dPolicies-explorer: NoSMHelp = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
Trusted Zone: opgonline.com\ras
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1315695699984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-9-18 54960]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\e:\iso's\vcdrom.sys --> e:\iso's\VCdRom.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-28 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-28 136176]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 zlportio;ZLPORTIO - Allow user access to I/O ports;\??\c:\ubcd4win\plugin\system-info\information\driverwizard\zlportio.sys --> c:\ubcd4win\plugin\system-info\information\driverwizard\zlportio.sys [?]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009-4-20 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009-4-20 5248]
S4 DirMngr;DirMngr;c:\program files\gnu\gnupg\dirmngr.exe [2011-3-2 224256]
S4 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S4 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
.
=============== Created Last 30 ================
.
2012-06-07 23:05:19 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6832ddf7-1877-42d3-8452-8ff16694fd10}\mpengine.dll
2012-06-07 01:38:36 6737808 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-05 17:47:46 -------- d-----w- c:\program files\MSECache
2012-06-03 22:02:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-03 21:22:19 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-06-03 21:22:02 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-06-03 21:22:00 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-03 21:22:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-03 16:40:27 -------- d-----w- c:\program files\winqfx16bit
2012-06-03 14:26:42 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-06-03 14:26:41 -------- d-----w- c:\program files\Trend Micro
.
==================== Find3M ====================
.
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 19:19:14.57 ===============

Log II:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/7/2009 6:37:33 PM
System Uptime: 6/7/2012 6:52:31 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P4S533MX
Processor: Intel® Pentium® 4 CPU 2.80GHz | PGA 478 | 2800/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 49 GiB total, 30.552 GiB free.
D: is FIXED (NTFS) - 26 GiB total, 25.599 GiB free.
E: is CDROM ()
X: is FIXED (NTFS) - 49 GiB total, 44.373 GiB free.
Y: is FIXED (NTFS) - 50 GiB total, 19.717 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_0000&PID_0000\90B81800EF3E45E0
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_0000&PID_0000\90B81800EF3E45E0
Service: USBSTOR
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Beep
Device ID: ROOT\LEGACY_BEEP\0000
Manufacturer:
Name: Beep
PNP Device ID: ROOT\LEGACY_BEEP\0000
Service: Beep
.
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: PnP BIOS Extension
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: PnP BIOS Extension
PNP Device ID: ROOT\SYSTEM\0003
Service: d347bus
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
3herosoft iPhone to Computer Transfer
7-Zip 4.65
Adobe Acrobat 6.0.1 Professional
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 6.1
Bonjour
calibre
CCleaner
Compatibility Pack for the 2007 Office system
DAEMON Tools
DDPB Installer
DH Driver Cleaner Professional Edition
File Shredder 2.0
Google Apps
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
Google Updater
Gpg4win (2.1.0)
HashOnClick
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
ImgBurn
Internet Explorer (Enable DEP)
iTunes
Java Auto Updater
Java™ 6 Update 31
Juniper Networks Setup Client Activex Control
K-Lite Mega Codec Pack 7.7.0
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Fix it Center
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Nero Suite
NVIDIA Drivers
Picasa 3
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SiS 900 PCI Fast Ethernet Adapter Driver
Skype™ 5.5
StudioTax 2011
SUPERAntiSpyware
TrueCrypt
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.1.11
VMware Workstation
WD Diagnostics
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows XP Service Pack 3
winqfx16bit
WinRAR archiver
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
6/6/2012 9:15:05 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: The requested name is valid and was found in the database, but it does not have the correct associated data being resolved for. (0x80072AFC)
6/6/2012 9:10:13 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1386.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/6/2012 9:00:04 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: The requested name is valid and was found in the database, but it does not have the correct associated data being resolved for. (0x80072AFC)
6/5/2012 7:33:14 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1279.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/5/2012 1:28:42 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
6/4/2012 9:19:53 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1279.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/2/2012 10:07:40 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1145.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
5/31/2012 9:22:15 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1022.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
5/31/2012 9:22:15 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/31/2012 9:12:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip truecrypt WS2IFSL
5/31/2012 9:12:40 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/31/2012 9:12:40 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/31/2012 9:12:40 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/31/2012 9:12:40 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/31/2012 9:12:35 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/31/2012 7:23:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
5/31/2012 6:38:50 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1022.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
5/31/2012 5:37:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================

Step 3.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-07 19:20:32
-----------------------------
19:20:32.343 OS Version: Windows 5.1.2600 Service Pack 3
19:20:32.343 Number of processors: 1 586 0x207
19:20:32.343 ComputerName: ALPHA-DT UserName: Owner
19:20:32.546 Initialize success
19:33:21.171 AVAST engine defs: 12060700
19:34:25.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
19:34:25.593 Disk 0 Vendor: WDC_WD800BB-00DKA0 77.07W77 Size: 76319MB BusType: 3
19:34:25.625 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
19:34:25.656 Disk 1 Vendor: WDC_WD1600JB-00GVA0 08.02D08 Size: 152627MB BusType: 3
19:34:25.687 Disk 0 MBR read successfully
19:34:25.687 Disk 0 MBR scan
19:34:25.765 Disk 0 unknown MBR code
19:34:25.765 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 50006 MB offset 63
19:34:25.890 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 26309 MB offset 102414375
19:34:25.984 Disk 0 scanning sectors +156296385
19:34:26.140 Disk 0 scanning C:\WINDOWS\system32\drivers
19:34:57.828 Service scanning
19:35:37.578 Modules scanning
19:35:51.843 Disk 0 trace - called modules:
19:35:51.843 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:35:51.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89892ab8]
19:35:51.843 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000066[0x899189e8]
19:35:51.843 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x898a8d98]
19:35:52.062 AVAST engine scan C:\WINDOWS
19:35:58.234 AVAST engine scan C:\WINDOWS\system32
19:40:44.343 AVAST engine scan C:\WINDOWS\system32\drivers
19:41:14.156 AVAST engine scan C:\Documents and Settings\Owner
19:46:32.937 AVAST engine scan C:\Documents and Settings\All Users
19:47:26.437 Scan finished successfully
19:48:43.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
19:48:43.203 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


Step 4.

19:50:44.0453 3264 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
19:50:44.0484 3264 ============================================================
19:50:44.0484 3264 Current date / time: 2012/06/07 19:50:44.0484
19:50:44.0484 3264 SystemInfo:
19:50:44.0484 3264
19:50:44.0484 3264 OS Version: 5.1.2600 ServicePack: 3.0
19:50:44.0484 3264 Product type: Workstation
19:50:44.0484 3264 ComputerName: ALPHA-DT
19:50:44.0484 3264 UserName: Owner
19:50:44.0484 3264 Windows directory: C:\WINDOWS
19:50:44.0484 3264 System windows directory: C:\WINDOWS
19:50:44.0484 3264 Processor architecture: Intel x86
19:50:44.0484 3264 Number of processors: 1
19:50:44.0484 3264 Page size: 0x1000
19:50:44.0484 3264 Boot type: Normal boot
19:50:44.0484 3264 ============================================================
19:50:46.0687 3264 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:50:46.0703 3264 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:50:46.0703 3264 ============================================================
19:50:46.0703 3264 \Device\Harddisk0\DR0:
19:50:46.0703 3264 MBR partitions:
19:50:46.0703 3264 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61AB7E8
19:50:46.0703 3264 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x61AB827, BlocksNum 0x3362C9A
19:50:46.0703 3264 \Device\Harddisk1\DR1:
19:50:46.0703 3264 MBR partitions:
19:50:46.0703 3264 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927
19:50:46.0703 3264 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x61A7966, BlocksNum 0x639D9E6
19:50:46.0750 3264 ============================================================
19:50:46.0781 3264 C: <-> \Device\Harddisk0\DR0\Partition0
19:50:46.0812 3264 X: <-> \Device\Harddisk1\DR1\Partition0
19:50:46.0843 3264 D: <-> \Device\Harddisk0\DR0\Partition1
19:50:46.0953 3264 Y: <-> \Device\Harddisk1\DR1\Partition1
19:50:46.0953 3264 ============================================================
19:50:46.0953 3264 Initialize success
19:50:46.0953 3264 ============================================================
19:50:54.0781 3752 ============================================================
19:50:54.0781 3752 Scan started
19:50:54.0781 3752 Mode: Manual;
19:50:54.0781 3752 ============================================================
19:50:55.0265 3752 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:50:55.0281 3752 !SASCORE - ok
19:50:55.0406 3752 Abiosdsk - ok
19:50:55.0421 3752 abp480n5 - ok
19:50:55.0484 3752 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:50:55.0484 3752 ACPI - ok
19:50:55.0531 3752 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:50:55.0531 3752 ACPIEC - ok
19:50:55.0546 3752 adpu160m - ok
19:50:55.0593 3752 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
19:50:55.0593 3752 aeaudio - ok
19:50:55.0640 3752 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:50:55.0656 3752 aec - ok
19:50:55.0703 3752 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:50:55.0718 3752 AFD - ok
19:50:55.0734 3752 Aha154x - ok
19:50:55.0750 3752 aic78u2 - ok
19:50:55.0765 3752 aic78xx - ok
19:50:55.0812 3752 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:50:55.0812 3752 ALG - ok
19:50:55.0828 3752 AliIde - ok
19:50:55.0843 3752 amsint - ok
19:50:55.0968 3752 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:50:55.0984 3752 Apple Mobile Device - ok
19:50:56.0015 3752 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
19:50:56.0031 3752 AppMgmt - ok
19:50:56.0046 3752 asc - ok
19:50:56.0062 3752 asc3350p - ok
19:50:56.0078 3752 asc3550 - ok
19:50:56.0187 3752 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:50:56.0187 3752 aspnet_state - ok
19:50:56.0218 3752 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:50:56.0218 3752 AsyncMac - ok
19:50:56.0265 3752 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:50:56.0265 3752 atapi - ok
19:50:56.0281 3752 Atdisk - ok
19:50:56.0312 3752 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:50:56.0312 3752 Atmarpc - ok
19:50:56.0359 3752 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:50:56.0359 3752 AudioSrv - ok
19:50:56.0406 3752 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:50:56.0406 3752 audstub - ok
19:50:56.0468 3752 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:50:56.0468 3752 Beep - ok
19:50:56.0531 3752 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:50:56.0562 3752 BITS - ok
19:50:56.0640 3752 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:50:56.0656 3752 Bonjour Service - ok
19:50:56.0687 3752 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:50:56.0703 3752 Browser - ok
19:50:56.0734 3752 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:50:56.0734 3752 cbidf2k - ok
19:50:56.0781 3752 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:50:56.0781 3752 CCDECODE - ok
19:50:56.0796 3752 cd20xrnt - ok
19:50:56.0843 3752 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:50:56.0843 3752 Cdaudio - ok
19:50:56.0890 3752 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:50:56.0890 3752 Cdfs - ok
19:50:56.0921 3752 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:50:56.0921 3752 Cdrom - ok
19:50:56.0937 3752 Changer - ok
19:50:56.0984 3752 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:50:56.0984 3752 CiSvc - ok
19:50:57.0015 3752 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:50:57.0015 3752 ClipSrv - ok
19:50:57.0125 3752 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:50:57.0156 3752 clr_optimization_v2.0.50727_32 - ok
19:50:57.0171 3752 CmdIde - ok
19:50:57.0187 3752 COMSysApp - ok
19:50:57.0203 3752 Cpqarray - ok
19:50:57.0250 3752 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:50:57.0250 3752 CryptSvc - ok
19:50:57.0312 3752 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
19:50:57.0312 3752 d347bus - ok
19:50:57.0328 3752 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\System32\Drivers\d347prt.sys
19:50:57.0343 3752 d347prt - ok
19:50:57.0343 3752 dac2w2k - ok
19:50:57.0359 3752 dac960nt - ok
19:50:57.0421 3752 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:50:57.0453 3752 DcomLaunch - ok
19:50:57.0500 3752 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:50:57.0515 3752 Dhcp - ok
19:50:57.0625 3752 DirMngr (4f26bb00747d41e7c0fe8ebb2900f862) C:\Program Files\GNU\GnuPG\dirmngr.exe
19:50:57.0687 3752 DirMngr - ok
19:50:57.0718 3752 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:50:57.0718 3752 Disk - ok
19:50:57.0734 3752 dmadmin - ok
19:50:57.0812 3752 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:50:57.0843 3752 dmboot - ok
19:50:57.0890 3752 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:50:57.0906 3752 dmio - ok
19:50:57.0921 3752 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:50:57.0921 3752 dmload - ok
19:50:57.0968 3752 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:50:57.0968 3752 dmserver - ok
19:50:58.0000 3752 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:50:58.0000 3752 DMusic - ok
19:50:58.0062 3752 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:50:58.0078 3752 Dnscache - ok
19:50:58.0125 3752 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:50:58.0125 3752 Dot3svc - ok
19:50:58.0140 3752 dpti2o - ok
19:50:58.0171 3752 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:50:58.0171 3752 drmkaud - ok
19:50:58.0203 3752 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:50:58.0203 3752 EapHost - ok
19:50:58.0250 3752 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:50:58.0250 3752 ERSvc - ok
19:50:58.0296 3752 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:50:58.0296 3752 Eventlog - ok
19:50:58.0359 3752 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
19:50:58.0359 3752 EventSystem - ok
19:50:58.0421 3752 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:50:58.0421 3752 Fastfat - ok
19:50:58.0484 3752 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:50:58.0500 3752 FastUserSwitchingCompatibility - ok
19:50:58.0515 3752 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:50:58.0515 3752 Fdc - ok
19:50:58.0531 3752 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:50:58.0531 3752 Fips - ok
19:50:58.0593 3752 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:50:58.0593 3752 Flpydisk - ok
19:50:58.0625 3752 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:50:58.0625 3752 FltMgr - ok
19:50:58.0718 3752 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:50:58.0718 3752 FontCache3.0.0.0 - ok
19:50:58.0765 3752 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:50:58.0765 3752 Fs_Rec - ok
19:50:58.0796 3752 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:50:58.0812 3752 Ftdisk - ok
19:50:58.0843 3752 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:50:58.0843 3752 gameenum - ok
19:50:58.0875 3752 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:50:58.0890 3752 GEARAspiWDM - ok
19:50:58.0921 3752 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:50:58.0921 3752 Gpc - ok
19:50:59.0015 3752 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:50:59.0031 3752 gupdate - ok
19:50:59.0046 3752 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:50:59.0046 3752 gupdatem - ok
19:50:59.0109 3752 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:50:59.0125 3752 gusvc - ok
19:50:59.0171 3752 hcmon (aa90c2ece098a108a9178ac2c04a7649) C:\WINDOWS\system32\drivers\hcmon.sys
19:50:59.0171 3752 hcmon - ok
19:50:59.0187 3752 HidServ - ok
19:50:59.0234 3752 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:50:59.0234 3752 HidUsb - ok
19:50:59.0281 3752 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:50:59.0281 3752 hkmsvc - ok
19:50:59.0296 3752 hpn - ok
19:50:59.0359 3752 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:50:59.0359 3752 HTTP - ok
19:50:59.0406 3752 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:50:59.0406 3752 HTTPFilter - ok
19:50:59.0421 3752 i2omgmt - ok
19:50:59.0437 3752 i2omp - ok
19:50:59.0484 3752 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:50:59.0484 3752 i8042prt - ok
19:50:59.0593 3752 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:50:59.0625 3752 idsvc - ok
19:50:59.0656 3752 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:50:59.0656 3752 Imapi - ok
19:50:59.0703 3752 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:50:59.0718 3752 ImapiService - ok
19:50:59.0734 3752 ini910u - ok
19:50:59.0750 3752 IntelIde - ok
19:50:59.0812 3752 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:50:59.0812 3752 intelppm - ok
19:50:59.0843 3752 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:50:59.0843 3752 Ip6Fw - ok
19:50:59.0906 3752 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:50:59.0906 3752 IpFilterDriver - ok
19:50:59.0937 3752 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:50:59.0937 3752 IpInIp - ok
19:50:59.0984 3752 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:51:00.0000 3752 IpNat - ok
19:51:00.0125 3752 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
19:51:00.0156 3752 iPod Service - ok
19:51:00.0203 3752 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:51:00.0203 3752 IPSec - ok
19:51:00.0234 3752 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:51:00.0234 3752 IRENUM - ok
19:51:00.0281 3752 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:51:00.0281 3752 isapnp - ok
19:51:00.0375 3752 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
19:51:00.0375 3752 JavaQuickStarterService - ok
19:51:00.0406 3752 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:51:00.0406 3752 Kbdclass - ok
19:51:00.0468 3752 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:51:00.0468 3752 kmixer - ok
19:51:00.0515 3752 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:51:00.0531 3752 KSecDD - ok
19:51:00.0578 3752 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:51:00.0578 3752 lanmanserver - ok
19:51:00.0640 3752 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:51:00.0640 3752 lanmanworkstation - ok
19:51:00.0656 3752 lbrtfdc - ok
19:51:00.0718 3752 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:51:00.0718 3752 LmHosts - ok
19:51:00.0781 3752 LVRS (b6e1ccd6572984adcae68439afd07011) C:\WINDOWS\system32\DRIVERS\lvrs.sys
19:51:00.0796 3752 LVRS - ok
19:51:00.0812 3752 LVUSBSta - ok
19:51:01.0046 3752 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
19:51:01.0171 3752 LVUVC - ok
19:51:01.0281 3752 MatSvc (ddf15a42e27e8efe27b18fd403151a86) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
19:51:01.0296 3752 MatSvc - ok
19:51:01.0359 3752 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:51:01.0375 3752 MDM - ok
19:51:01.0531 3752 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:51:01.0531 3752 mnmdd - ok
19:51:01.0578 3752 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:51:01.0578 3752 mnmsrvc - ok
19:51:01.0609 3752 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:51:01.0609 3752 Modem - ok
19:51:01.0640 3752 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:51:01.0656 3752 Mouclass - ok
19:51:01.0703 3752 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:51:01.0703 3752 mouhid - ok
19:51:01.0718 3752 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:51:01.0718 3752 MountMgr - ok
19:51:01.0781 3752 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:51:01.0781 3752 MpFilter - ok
19:51:01.0812 3752 mraid35x - ok
19:51:01.0859 3752 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:51:01.0859 3752 MRxDAV - ok
19:51:01.0921 3752 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:51:01.0953 3752 MRxSmb - ok
19:51:02.0000 3752 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:51:02.0000 3752 MSDTC - ok
19:51:02.0031 3752 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:51:02.0031 3752 Msfs - ok
19:51:02.0062 3752 MSIServer - ok
19:51:02.0078 3752 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:51:02.0078 3752 MSKSSRV - ok
19:51:02.0140 3752 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:51:02.0156 3752 MsMpSvc - ok
19:51:02.0171 3752 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:51:02.0171 3752 MSPCLOCK - ok
19:51:02.0187 3752 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:51:02.0187 3752 MSPQM - ok
19:51:02.0218 3752 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:51:02.0218 3752 mssmbios - ok
19:51:02.0265 3752 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:51:02.0265 3752 MSTEE - ok
19:51:02.0312 3752 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:51:02.0312 3752 Mup - ok
19:51:02.0359 3752 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:51:02.0359 3752 NABTSFEC - ok
19:51:02.0421 3752 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:51:02.0437 3752 napagent - ok
19:51:02.0484 3752 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:51:02.0484 3752 NDIS - ok
19:51:02.0515 3752 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:51:02.0515 3752 NdisIP - ok
19:51:02.0562 3752 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:51:02.0562 3752 NdisTapi - ok
19:51:02.0609 3752 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:51:02.0609 3752 Ndisuio - ok
19:51:02.0625 3752 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:51:02.0640 3752 NdisWan - ok
19:51:02.0687 3752 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:51:02.0687 3752 NDProxy - ok
19:51:02.0734 3752 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:51:02.0734 3752 NetBIOS - ok
19:51:02.0765 3752 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:51:02.0781 3752 NetBT - ok
19:51:02.0828 3752 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:51:02.0843 3752 NetDDE - ok
19:51:02.0843 3752 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:51:02.0859 3752 NetDDEdsdm - ok
19:51:02.0890 3752 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:51:02.0890 3752 Netlogon - ok
19:51:02.0921 3752 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:51:02.0921 3752 Netman - ok
19:51:03.0015 3752 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:51:03.0031 3752 NetTcpPortSharing - ok
19:51:03.0078 3752 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:51:03.0093 3752 Nla - ok
19:51:03.0140 3752 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:51:03.0156 3752 Npfs - ok
19:51:03.0187 3752 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:51:03.0218 3752 Ntfs - ok
19:51:03.0234 3752 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:51:03.0234 3752 NtLmSsp - ok
19:51:03.0281 3752 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:51:03.0281 3752 Null - ok
19:51:03.0468 3752 nv (29b9163a6d9c486dcaefed190130acb0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:51:03.0593 3752 nv - ok
19:51:03.0734 3752 NVSvc (aa78c4677e06cfd4fe048718ee7f6332) C:\WINDOWS\system32\nvsvc32.exe
19:51:03.0734 3752 NVSvc - ok
19:51:03.0812 3752 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:51:03.0812 3752 NwlnkFlt - ok
19:51:03.0828 3752 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:51:03.0828 3752 NwlnkFwd - ok
19:51:03.0906 3752 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:51:03.0921 3752 ose - ok
19:51:03.0984 3752 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:51:03.0984 3752 Parport - ok
19:51:04.0000 3752 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:51:04.0015 3752 PartMgr - ok
19:51:04.0062 3752 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:51:04.0062 3752 ParVdm - ok
19:51:04.0078 3752 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:51:04.0078 3752 PCI - ok
19:51:04.0093 3752 PCIDump - ok
19:51:04.0125 3752 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:51:04.0125 3752 PCIIde - ok
19:51:04.0156 3752 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:51:04.0171 3752 Pcmcia - ok
19:51:04.0171 3752 PDCOMP - ok
19:51:04.0187 3752 PDFRAME - ok
19:51:04.0203 3752 PDRELI - ok
19:51:04.0218 3752 PDRFRAME - ok
19:51:04.0234 3752 pepifilter - ok
19:51:04.0250 3752 perc2 - ok
19:51:04.0265 3752 perc2hib - ok
19:51:04.0296 3752 PID_PEPI - ok
19:51:04.0343 3752 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:51:04.0343 3752 PlugPlay - ok
19:51:04.0375 3752 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:51:04.0375 3752 PolicyAgent - ok
19:51:04.0406 3752 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:51:04.0406 3752 PptpMiniport - ok
19:51:04.0421 3752 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:51:04.0437 3752 ProtectedStorage - ok
19:51:04.0453 3752 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:51:04.0453 3752 PSched - ok
19:51:04.0484 3752 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:51:04.0484 3752 Ptilink - ok
19:51:04.0500 3752 ql1080 - ok
19:51:04.0515 3752 Ql10wnt - ok
19:51:04.0531 3752 ql12160 - ok
19:51:04.0546 3752 ql1240 - ok
19:51:04.0562 3752 ql1280 - ok
19:51:04.0578 3752 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:51:04.0578 3752 RasAcd - ok
19:51:04.0625 3752 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:51:04.0625 3752 RasAuto - ok
19:51:04.0671 3752 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:51:04.0671 3752 Rasl2tp - ok
19:51:04.0718 3752 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:51:04.0734 3752 RasMan - ok
19:51:04.0750 3752 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:51:04.0750 3752 RasPppoe - ok
19:51:04.0796 3752 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:51:04.0796 3752 Raspti - ok
19:51:04.0828 3752 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:51:04.0828 3752 Rdbss - ok
19:51:04.0859 3752 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:51:04.0859 3752 RDPCDD - ok
19:51:04.0921 3752 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:51:04.0921 3752 rdpdr - ok
19:51:04.0984 3752 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:51:04.0984 3752 RDPWD - ok
19:51:05.0031 3752 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:51:05.0046 3752 RDSessMgr - ok
19:51:05.0062 3752 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:51:05.0062 3752 redbook - ok
19:51:05.0109 3752 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:51:05.0109 3752 RemoteAccess - ok
19:51:05.0140 3752 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
19:51:05.0140 3752 RemoteRegistry - ok
19:51:05.0187 3752 RimUsb (4f4a4c09cc5be58a76cac1c337e004e6) C:\WINDOWS\system32\Drivers\RimUsb.sys
19:51:05.0203 3752 RimUsb - ok
19:51:05.0250 3752 RimVSerPort (3a5633ad615e2b15291bd0b1b97ccd8a) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
19:51:05.0250 3752 RimVSerPort - ok
19:51:05.0281 3752 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
19:51:05.0281 3752 ROOTMODEM - ok
19:51:05.0328 3752 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:51:05.0328 3752 RpcLocator - ok
19:51:05.0390 3752 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:51:05.0390 3752 RpcSs - ok
19:51:05.0437 3752 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:51:05.0453 3752 RSVP - ok
19:51:05.0500 3752 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:51:05.0500 3752 SamSs - ok
19:51:05.0609 3752 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:51:05.0609 3752 SASDIFSV - ok
19:51:05.0640 3752 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:51:05.0640 3752 SASKUTIL - ok
19:51:05.0687 3752 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:51:05.0687 3752 SCardSvr - ok
19:51:05.0750 3752 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:51:05.0765 3752 Schedule - ok
19:51:05.0812 3752 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:51:05.0828 3752 Secdrv - ok
19:51:05.0859 3752 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:51:05.0859 3752 seclogon - ok
19:51:05.0921 3752 senfilt (bb596a578330ad794c6769b588af6bb4) C:\WINDOWS\system32\drivers\senfilt.sys
19:51:05.0937 3752 senfilt - ok
19:51:05.0953 3752 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:51:05.0968 3752 SENS - ok
19:51:05.0984 3752 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:51:05.0984 3752 serenum - ok
19:51:06.0031 3752 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:51:06.0031 3752 Serial - ok
19:51:06.0078 3752 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:51:06.0078 3752 Sfloppy - ok
19:51:06.0140 3752 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:51:06.0156 3752 SharedAccess - ok
19:51:06.0218 3752 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:51:06.0234 3752 ShellHWDetection - ok
19:51:06.0250 3752 Simbad - ok
19:51:06.0296 3752 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
19:51:06.0296 3752 SISAGP - ok
19:51:06.0312 3752 SISNICXP (a1348a901a44760ccd76043525e851d0) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
19:51:06.0312 3752 SISNICXP - ok
19:51:06.0359 3752 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:51:06.0359 3752 SLIP - ok
19:51:06.0437 3752 smwdm (bf208c85119770e6a9b6577019a3d810) C:\WINDOWS\system32\drivers\smwdm.sys
19:51:06.0453 3752 smwdm - ok
19:51:06.0453 3752 Sparrow - ok
19:51:06.0484 3752 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:51:06.0484 3752 splitter - ok
19:51:06.0531 3752 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:51:06.0531 3752 Spooler - ok
19:51:06.0593 3752 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:51:06.0609 3752 sr - ok
19:51:06.0656 3752 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:51:06.0671 3752 srservice - ok
19:51:06.0734 3752 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:51:06.0750 3752 Srv - ok
19:51:06.0812 3752 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:51:06.0828 3752 SSDPSRV - ok
19:51:06.0875 3752 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:51:06.0937 3752 stisvc - ok
19:51:06.0984 3752 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:51:06.0984 3752 streamip - ok
19:51:07.0000 3752 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:51:07.0015 3752 swenum - ok
19:51:07.0062 3752 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:51:07.0062 3752 swmidi - ok
19:51:07.0078 3752 SwPrv - ok
19:51:07.0109 3752 symc810 - ok
19:51:07.0125 3752 symc8xx - ok
19:51:07.0140 3752 sym_hi - ok
19:51:07.0156 3752 sym_u3 - ok
19:51:07.0171 3752 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:51:07.0171 3752 sysaudio - ok
19:51:07.0218 3752 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:51:07.0234 3752 SysmonLog - ok
19:51:07.0265 3752 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:51:07.0281 3752 TapiSrv - ok
19:51:07.0328 3752 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:51:07.0359 3752 Tcpip - ok
19:51:07.0406 3752 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:51:07.0406 3752 TDPIPE - ok
19:51:07.0437 3752 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:51:07.0437 3752 TDTCP - ok
19:51:07.0468 3752 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:51:07.0468 3752 TermDD - ok
19:51:07.0531 3752 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:51:07.0546 3752 TermService - ok
19:51:07.0609 3752 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:51:07.0609 3752 Themes - ok
19:51:07.0656 3752 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:51:07.0671 3752 TlntSvr - ok
19:51:07.0687 3752 TosIde - ok
19:51:07.0718 3752 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:51:07.0734 3752 TrkWks - ok
19:51:07.0796 3752 truecrypt (746b8cf9cededdd865472544edf626da) C:\WINDOWS\system32\drivers\truecrypt.sys
19:51:07.0796 3752 truecrypt - ok
19:51:07.0859 3752 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:51:07.0859 3752 Udfs - ok
19:51:07.0968 3752 ufad-ws60 (6abd5558d8216587b324e9c2028f6622) C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
19:51:07.0984 3752 ufad-ws60 - ok
19:51:08.0000 3752 ultra - ok
19:51:08.0125 3752 UMVPFSrv (8b802b483cbde06f62dbc04dc7afaf8e) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
19:51:08.0156 3752 UMVPFSrv - ok
19:51:08.0218 3752 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:51:08.0250 3752 Update - ok
19:51:08.0296 3752 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:51:08.0296 3752 upnphost - ok
19:51:08.0328 3752 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:51:08.0343 3752 UPS - ok
19:51:08.0375 3752 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:51:08.0375 3752 USBAAPL - ok
19:51:08.0437 3752 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:51:08.0437 3752 usbaudio - ok
19:51:08.0484 3752 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:51:08.0484 3752 usbccgp - ok
19:51:08.0515 3752 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:51:08.0515 3752 usbehci - ok
19:51:08.0562 3752 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:51:08.0562 3752 usbhub - ok
19:51:08.0578 3752 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:51:08.0578 3752 usbohci - ok
19:51:08.0609 3752 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:51:08.0625 3752 usbscan - ok
19:51:08.0656 3752 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:51:08.0656 3752 USBSTOR - ok
19:51:08.0687 3752 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:51:08.0687 3752 usbvideo - ok
19:51:08.0718 3752 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
19:51:08.0718 3752 usb_rndisx - ok
19:51:08.0734 3752 vcdrom - ok
19:51:08.0750 3752 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:51:08.0750 3752 VgaSave - ok
19:51:08.0781 3752 ViaIde - ok
19:51:08.0906 3752 VMAuthdService (2f7a7619d15ba2f031d4e881d44d611e) C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
19:51:08.0921 3752 VMAuthdService - ok
19:51:08.0984 3752 vmci (d02a1df2e6809fc9c2b1126fb264a3e3) C:\WINDOWS\system32\Drivers\vmci.sys
19:51:08.0984 3752 vmci - ok
19:51:09.0046 3752 vmkbd (097d71a222afae1fbe3e95a36aae32cc) C:\WINDOWS\system32\drivers\VMkbd.sys
19:51:09.0046 3752 vmkbd - ok
19:51:09.0078 3752 VMnetAdapter (898706a05d20b706848a440961c52436) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
19:51:09.0078 3752 VMnetAdapter - ok
19:51:09.0093 3752 VMnetBridge (5692cbd2a25e04c62707bfc311884b65) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
19:51:09.0093 3752 VMnetBridge - ok
19:51:09.0140 3752 VMnetDHCP (fe295b8e7bf9f85a610ebcdc998f08e0) C:\WINDOWS\system32\vmnetdhcp.exe
19:51:09.0156 3752 VMnetDHCP - ok
19:51:09.0187 3752 VMnetuserif (fc7b0b68a2a4afbab81fbb8aeeda1d21) C:\WINDOWS\system32\drivers\vmnetuserif.sys
19:51:09.0187 3752 VMnetuserif - ok
19:51:09.0234 3752 VMparport (07853acc99421d5752a4205cd6298570) C:\WINDOWS\system32\Drivers\VMparport.sys
19:51:09.0234 3752 VMparport - ok
19:51:09.0281 3752 vmusb (25017db6451b002158db425961a82b7b) C:\WINDOWS\system32\Drivers\vmusb.sys
19:51:09.0281 3752 vmusb - ok
19:51:09.0328 3752 VMware NAT Service (1374bca00eaddb6d115011a069bf38f2) C:\WINDOWS\system32\vmnat.exe
19:51:09.0359 3752 VMware NAT Service - ok
19:51:09.0453 3752 vmx86 (935582f833ba49b6265e66322c6fb382) C:\WINDOWS\system32\Drivers\vmx86.sys
19:51:09.0484 3752 vmx86 - ok
19:51:09.0531 3752 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:51:09.0531 3752 VolSnap - ok
19:51:09.0593 3752 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:51:09.0609 3752 VSS - ok
19:51:09.0703 3752 vstor2-ws60 (e511cfb4b43b72cf9d1497e7c5bd1534) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
19:51:09.0703 3752 vstor2-ws60 - ok
19:51:09.0843 3752 VX1000 (f4fab0b9d43a65f79fc838c94006f643) C:\WINDOWS\system32\DRIVERS\VX1000.sys
19:51:09.0921 3752 VX1000 - ok
19:51:10.0078 3752 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:51:10.0093 3752 W32Time - ok
19:51:10.0187 3752 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:51:10.0187 3752 Wanarp - ok
19:51:10.0234 3752 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
19:51:10.0234 3752 WDC_SAM - ok
19:51:10.0296 3752 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
19:51:10.0312 3752 Wdf01000 - ok
19:51:10.0328 3752 WDICA - ok
19:51:10.0359 3752 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:51:10.0375 3752 wdmaud - ok
19:51:10.0421 3752 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:51:10.0421 3752 WebClient - ok
19:51:10.0531 3752 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:51:10.0531 3752 winmgmt - ok
19:51:10.0593 3752 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:51:10.0593 3752 WmdmPmSN - ok
19:51:10.0671 3752 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
19:51:10.0687 3752 Wmi - ok
19:51:10.0750 3752 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:51:10.0750 3752 WmiApSrv - ok
19:51:10.0796 3752 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:51:10.0796 3752 WpdUsb - ok
19:51:10.0843 3752 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:51:10.0843 3752 WS2IFSL - ok
19:51:10.0906 3752 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:51:10.0921 3752 wscsvc - ok
19:51:10.0968 3752 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:51:10.0968 3752 WSTCODEC - ok
19:51:11.0000 3752 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:51:11.0000 3752 wuauserv - ok
19:51:11.0046 3752 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:51:11.0046 3752 WudfPf - ok
19:51:11.0093 3752 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:51:11.0093 3752 WudfRd - ok
19:51:11.0140 3752 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:51:11.0140 3752 WudfSvc - ok
19:51:11.0218 3752 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:51:11.0234 3752 WZCSVC - ok
19:51:11.0265 3752 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:51:11.0281 3752 xmlprov - ok
19:51:11.0296 3752 zlportio - ok
19:51:11.0343 3752 MBR (0x1B8) (8e734bd7aa1d4f7e9af58df495f6cf9e) \Device\Harddisk0\DR0
19:51:11.0375 3752 \Device\Harddisk0\DR0 - ok
19:51:11.0406 3752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:51:11.0406 3752 \Device\Harddisk1\DR1 - ok
19:51:11.0421 3752 Boot (0x1200) (77448b40ffd39429c07a195b9adcaa3b) \Device\Harddisk0\DR0\Partition0
19:51:11.0421 3752 \Device\Harddisk0\DR0\Partition0 - ok
19:51:11.0453 3752 Boot (0x1200) (d22ab3b85e527725c98a89a83614d3d1) \Device\Harddisk0\DR0\Partition1
19:51:11.0453 3752 \Device\Harddisk0\DR0\Partition1 - ok
19:51:11.0468 3752 Boot (0x1200) (c2e14ad881efae5afb46ee3986eeac30) \Device\Harddisk1\DR1\Partition0
19:51:11.0468 3752 \Device\Harddisk1\DR1\Partition0 - ok
19:51:11.0500 3752 Boot (0x1200) (0af228ad2356dc66a5cab83d989eb9a5) \Device\Harddisk1\DR1\Partition1
19:51:11.0500 3752 \Device\Harddisk1\DR1\Partition1 - ok
19:51:11.0500 3752 ============================================================
19:51:11.0500 3752 Scan finished
19:51:11.0500 3752 ============================================================
19:51:11.0531 1236 Detected object count: 0
19:51:11.0531 1236 Actual detected object count: 0
19:51:24.0859 0404 Deinitialize success

Thank you for your time.

Regards,

SLeopard

#5 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:02:42 AM

Posted 09 June 2012 - 05:13 AM

Hi SLeopard,



Step 1
I would like you to answer the following questions as exactly and detailed as you can:
  • How long do you get the posted message from "16 bit ms-dos subsystem"?
  • Which programs do you have installed lately before this problem occur?
  • The following entry disables the Windows File Protection:
    mWinlogon: SfcDisable=-99 (0xffffff9d)
    
    I've seen in your logfile that you have used nLite. It might be a reason for this entry.
    What you can you tell me about it?





Step 2
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please include the C:\ComboFix.txt in your next reply for further review.





What you should post with your next answer:
  • an answer to my questions,
  • the logfile from ComboFix.

Regards,
M-K-D-B

#6 sleopard

sleopard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 10 June 2012 - 01:22 PM

Hi M-K-D-B,

Thanks for your message. To answer your question about the 16 bit ms-dos subsystem, I was puzzled why that happened because I did not start getting this message after I installed anything. Anyways, I finished the ComboFix scan as you have asked me to do and that I am posting below. As you can see from the log the original ctfmon.exe file was changed that ComboFix now restored. I am not getting the 16 bit message anymore. I would appreciate if you cold tell me that could have been done by some malware and what sort of damage those malware do.

ComboFix 12-06-09.01 - Owner 06/10/2012 13:38:06.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1536.1033 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\JuniperSetup.exe
c:\windows\daemon.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\msconfig.exe
.
Infected copy of c:\windows\system32\ctfmon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ctfmon.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 )))))))))))))))))))))))))))))))
.
.
2012-06-10 14:33 . 2012-05-08 13:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BBE28D3-849D-4DB8-AD16-0E3841B5B3B9}\mpengine.dll
2012-06-09 17:34 . 2012-06-09 17:34 -------- d-----w- c:\program files\BHOK IT Consulting
2012-06-09 15:01 . 2012-05-08 13:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-05 17:47 . 2012-06-05 17:47 -------- d-----w- c:\program files\MSECache
2012-06-03 22:02 . 2012-06-03 22:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-03 21:22 . 2012-06-03 21:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-06-03 21:22 . 2012-06-03 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-03 21:22 . 2012-06-03 21:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-03 21:22 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-03 16:40 . 2012-06-03 16:40 -------- d-----w- c:\program files\winqfx16bit
2012-06-03 14:26 . 2012-06-03 14:26 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-03 14:26 . 2012-06-03 14:26 -------- d-----w- c:\program files\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-28 11:31 . 2012-04-14 23:56 1324 ----a-w- c:\documents and settings\Alfa\Local Settings\Application Data\d3d9caps.tmp
2012-04-11 13:12 . 2006-02-28 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2006-02-28 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-21 00:44 . 2011-04-18 17:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-28 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Alfa\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [N/A]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 04:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-23 17:59 136176 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-03-09 19:29 1519616 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-09-01 22:47 90448 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-08-18 21:54 19558024 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-08-28 22:09 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2008-09-19 03:11 84528 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2007-04-10 21:46 709992 ----a-w- c:\windows\vVX1000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"UMVPFSrv"=2 (0x2)
"ufad-ws60"=3 (0x3)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"MDM"=2 (0x2)
"MatSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"DirMngr"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [9/18/2008 11:12 PM 54960]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\e:\iso's\VCdRom.sys --> e:\iso's\VCdRom.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/28/2011 6:12 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/28/2011 6:12 PM 136176]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S3 zlportio;ZLPORTIO - Allow user access to I/O ports;\??\c:\ubcd4win\plugin\System-Info\Information\DriverWizard\zlportio.sys --> c:\ubcd4win\plugin\System-Info\Information\DriverWizard\zlportio.sys [?]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [4/20/2009 8:38 AM 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [4/20/2009 8:38 AM 5248]
S4 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [3/2/2011 11:20 AM 224256]
S4 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S4 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [4/1/2011 5:11 AM 428640]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HELPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-08-28 15:34]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-28 22:12]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-28 22:12]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1078145449-839522115-1001Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-23 17:59]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1078145449-839522115-1001UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-23 17:59]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1078145449-839522115-1005Core.job
- c:\documents and settings\Alfa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-29 22:19]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1078145449-839522115-1005UA.job
- c:\documents and settings\Alfa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-29 22:19]
.
2012-06-07 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: opgonline.com\ras
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-10 13:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3372)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-06-10 13:52:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-10 17:52
.
Pre-Run: 34,129,883,136 bytes free
Post-Run: 34,420,273,152 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
.
- - End Of File - - 2803E9733B9D260401D564D0C55B395C

Thank you and best regards,

SLeopard

#7 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:02:42 AM

Posted 11 June 2012 - 11:50 PM

Hi SLeopard,



I would appreciate if you cold tell me that could have been done by some malware and what sort of damage those malware do.

Actually it's possible that the malware was responsible for the error message. Particularly since the prolem has been resolved, the malware was removed by ComboFix.
I would like you to work with us for further analysis. Thank you! :)





Step 1
Please visit VirusTotal.
Click Choose File.
Copy and paste the following code into the search field and press enter for each for the following files:
C:\Qoobox\Quarantine\C\WINDOWS\system32\msconfig.exe.vir
Click on Scan it.
If the file was already uploaded to VirusTotal before, click on Reanalyse.
VirusTotal will show you the results of the uploaded file. This may take some time. Please be patient.
After VirusTotal has finished analysing the file, please copy the link from your adress bar and post it with your next answer.





What you should post with your next answer:
  • the link from VirusTotal.

Regards,
M-K-D-B

#8 sleopard

sleopard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 14 June 2012 - 05:46 PM

Hi M-K-D-B,

Here is the VirusTotal link you have asked for:

https://www.virustotal.com/file/882e52f06fc8169280156b9774796a16a30abd38efe6ea0638db4f8b52a39f06/analysis/1339713723/

Let me know if you need me do anything else.

Regards,

SLeopard

#9 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:02:42 AM

Posted 16 June 2012 - 03:47 AM

Hi SLeopard,



Step 1
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    msconfig.*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt





What you should post with your next answer:
  • the logfile from SystemLook.

Regards,
M-K-D-B

#10 sleopard

sleopard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 16 June 2012 - 02:11 PM

Hi M-K-D-B,

Here is the SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 15:04 on 16/06/2012 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "msconfig.*"
C:\Qoobox\Quarantine\C\WINDOWS\system32\msconfig.exe.vir --a---- 158208 bytes [12:00 28/02/2006] [12:00 28/02/2006] 4FD22142F54692463A7B98B7DE175573
C:\WINDOWS\ServicePackFiles\i386\msconfig.exe ------- 169984 bytes [00:12 14/04/2008] [00:12 14/04/2008] A81135541C9D4EBCE43EFA8AD31395B4

-= EOF =-

Is this the reason, because msconfig.exe has been quarantined I can not run it from windows command?

Regards,

SLeopard

#11 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:02:42 AM

Posted 18 June 2012 - 08:17 AM

Hi SLeopard,



Is this the reason, because msconfig.exe has been quarantined I can not run it from windows command?

Yes, msconfig.exe was quarantined, so it doesn't exist any longer and thus you can't start it.
I've found a clean copy. Now we're going to copy it to the location it should be. :)

First of all, please right click on ComboFix.exe on your desktop and delete it.
After that, please follow these instructions:





Step 1
Please download a new copy of CF from here to your desktop.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

FCopy::
C:\Windows\ServicePackFiles\i386\msconfig.exe | C:\Windows\system32\msconfig.exe

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.





What you should post with your next answer:
  • the logfile from ComboFix.

Regards,
M-K-D-B

#12 sleopard

sleopard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 19 June 2012 - 08:17 AM

Hi M-K-D-B,

I ran SuperAntiSpyware scan other day and that found and removed another trojan in my system. Here are the logs from the ComboFix and the SuperAntiSpyware:

CF:

ComboFix 12-06-16.02 - Owner 06/19/2012 0:33.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1536.1030 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\msconfig.exe --> c:\windows\system32\msconfig.exe
.
((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-19 04:33 . 2008-04-14 00:12 169984 ----a-w- c:\windows\system32\msconfig.exe
2012-06-18 17:36 . 2012-06-18 17:42 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2012-06-17 18:42 . 2012-06-17 18:42 -------- d-----w- c:\windows\Performance
2012-06-17 18:42 . 2012-06-17 18:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Microsoft Corporation
2012-06-17 18:42 . 2012-06-17 18:42 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2012-06-17 18:24 . 2012-06-17 18:24 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{342617CD-265A-4BB3-BB0A-D26988251776}\offreg.dll
2012-06-17 18:22 . 2012-05-08 13:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{342617CD-265A-4BB3-BB0A-D26988251776}\mpengine.dll
2012-06-17 12:16 . 2012-05-08 13:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-16 19:00 . 2012-06-16 19:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 22:12 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-09 17:34 . 2012-06-09 17:34 -------- d-----w- c:\program files\BHOK IT Consulting
2012-06-05 17:47 . 2012-06-05 17:47 -------- d-----w- c:\program files\MSECache
2012-06-03 22:02 . 2012-06-17 23:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-03 21:22 . 2012-06-03 21:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-06-03 21:22 . 2012-06-03 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-03 21:22 . 2012-06-03 21:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-03 21:22 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-03 16:40 . 2012-06-03 16:40 -------- d-----w- c:\program files\winqfx16bit
2012-06-03 14:26 . 2012-06-03 14:26 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-03 14:26 . 2012-06-03 14:26 -------- d-----w- c:\program files\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 19:00 . 2011-08-23 15:17 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-28 11:31 . 2012-04-14 23:56 1324 ----a-w- c:\documents and settings\Alfa\Local Settings\Application Data\d3d9caps.tmp
2012-05-16 15:08 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2006-02-28 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2006-02-28 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-04-07 22:33 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-10_17.48.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-18 03:19 . 2012-06-18 03:19 16384 c:\windows\Temp\Perflib_Perfdata_188.dat
+ 2006-02-28 12:00 . 2012-06-14 22:28 70006 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2012-05-30 12:49 70006 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2012-05-11 14:42 67072 c:\windows\system32\mshtmled.dll
- 2007-08-13 22:54 . 2012-03-01 11:01 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 22:54 . 2012-05-11 14:42 55296 c:\windows\system32\msfeedsbs.dll
- 2006-02-28 12:00 . 2012-03-01 11:01 25600 c:\windows\system32\jsproxy.dll
+ 2006-02-28 12:00 . 2012-05-11 14:42 25600 c:\windows\system32\jsproxy.dll
- 2009-06-13 21:15 . 2012-03-01 11:01 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-13 21:15 . 2012-05-11 14:42 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2007-08-13 22:54 . 2012-05-11 14:42 67072 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-04-08 16:02 . 2012-05-11 14:42 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-04-08 16:02 . 2012-03-01 11:01 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-08-13 22:44 . 2012-03-01 11:01 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 22:44 . 2012-05-11 14:42 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2007-08-13 22:54 . 2012-03-01 11:01 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-13 22:54 . 2012-05-11 14:42 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2012-06-14 22:20 . 2012-03-01 11:01 12800 c:\windows\ie8updates\KB2699988-IE8\xpshims.dll
+ 2012-06-14 22:20 . 2012-03-01 11:01 66560 c:\windows\ie8updates\KB2699988-IE8\mshtmled.dll
+ 2012-06-14 22:20 . 2012-03-01 11:01 55296 c:\windows\ie8updates\KB2699988-IE8\msfeedsbs.dll
+ 2012-06-14 22:20 . 2012-03-01 11:01 43520 c:\windows\ie8updates\KB2699988-IE8\licmgr10.dll
+ 2012-06-14 22:20 . 2012-03-01 11:01 25600 c:\windows\ie8updates\KB2699988-IE8\jsproxy.dll
+ 2012-06-14 23:35 . 2012-06-14 23:35 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3b34fc2c8c94ffe21f75168980b69dfe\System.Web.DynamicData.Design.ni.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-30 12:49 . 2012-05-30 12:49 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-02-16 01:27 . 2012-05-30 12:49 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-02-16 01:27 . 2012-05-30 12:49 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2006-02-28 12:00 . 2012-05-11 14:42 105984 c:\windows\system32\url.dll
- 2006-02-28 12:00 . 2012-03-01 11:01 105984 c:\windows\system32\url.dll
- 2006-02-28 12:00 . 2012-05-30 12:49 438710 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2012-06-14 22:28 438710 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2012-03-01 11:01 206848 c:\windows\system32\occache.dll
+ 2006-02-28 12:00 . 2012-05-11 14:42 206848 c:\windows\system32\occache.dll
+ 2006-02-28 12:00 . 2012-05-11 14:42 611840 c:\windows\system32\mstime.dll
- 2006-02-28 12:00 . 2012-03-01 11:01 611840 c:\windows\system32\mstime.dll
+ 2007-08-13 22:54 . 2012-05-11 14:42 629760 c:\windows\system32\msfeeds.dll
+ 2012-06-16 19:00 . 2012-06-16 19:00 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
+ 2012-06-16 19:00 . 2012-06-16 19:00 465096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.dll
+ 2012-06-16 19:00 . 2012-06-16 19:00 257224 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2006-02-28 12:00 . 2012-05-11 14:42 184320 c:\windows\system32\iepeers.dll
- 2006-02-28 12:00 . 2012-03-01 11:01 184320 c:\windows\system32\iepeers.dll
+ 2006-02-28 12:00 . 2012-05-11 14:42 387584 c:\windows\system32\iedkcs32.dll
- 2006-02-28 12:00 . 2012-03-01 11:01 387584 c:\windows\system32\iedkcs32.dll
- 2006-02-28 12:00 . 2012-02-29 12:17 174080 c:\windows\system32\ie4uinit.exe
+ 2006-02-28 12:00 . 2012-05-11 11:38 174080 c:\windows\system32\ie4uinit.exe
+ 2009-04-07 18:08 . 2012-06-14 22:51 264616 c:\windows\system32\FNTCACHE.DAT
- 2009-04-07 18:08 . 2012-06-05 18:15 264616 c:\windows\system32\FNTCACHE.DAT
- 2009-04-08 15:53 . 2012-03-01 11:01 916992 c:\windows\system32\dllcache\wininet.dll
+ 2009-04-08 15:53 . 2012-05-16 15:08 916992 c:\windows\system32\dllcache\wininet.dll
- 2007-08-13 22:44 . 2012-03-01 11:01 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-13 22:44 . 2012-05-11 14:42 105984 c:\windows\system32\dllcache\url.dll
+ 2011-08-23 13:41 . 2012-05-02 13:46 139656 c:\windows\system32\dllcache\rdpwd.sys
+ 2007-08-13 22:44 . 2012-05-11 14:42 206848 c:\windows\system32\dllcache\occache.dll
- 2007-08-13 22:44 . 2012-03-01 11:01 206848 c:\windows\system32\dllcache\occache.dll
- 2007-08-13 22:54 . 2012-03-01 11:01 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-08-13 22:54 . 2012-05-11 14:42 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-04-08 16:02 . 2012-05-11 14:42 629760 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-13 21:15 . 2012-05-11 14:42 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-13 21:15 . 2012-03-01 11:01 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2007-08-13 22:54 . 2012-03-01 11:01 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 22:54 . 2012-05-11 14:42 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2011-08-23 13:36 . 2012-05-11 14:42 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2011-08-23 13:36 . 2012-03-01 11:01 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2007-08-13 22:39 . 2012-05-11 14:42 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-13 22:39 . 2012-03-01 11:01 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 22:39 . 2012-05-11 11:38 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-13 22:39 . 2012-02-29 12:17 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2012-01-31 07:38 . 2012-01-31 07:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-04-21 11:15 . 2012-04-21 11:15 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-06-17 18:42 . 2012-06-17 18:42 602624 c:\windows\Installer\478e805.msi
+ 2012-04-22 01:55 . 2012-04-22 01:55 980480 c:\windows\Installer\1593ef57.msp
+ 2012-06-14 22:20 . 2012-03-01 11:01 916992 c:\windows\ie8updates\KB2699988-IE8\wininet.dll
+ 2012-06-14 22:20 . 2012-03-01 11:01 105984 c:\windows\ie8updates\KB2699988-IE8\url.dll
+ 2012-06-14 22:20 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2699988-IE8\spuninst\updspapi.dll
+ 2012-06-14 22:20 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2699988-IE8\spuninst\spuninst.exe
+ 2012-06-14 22:20 . 2012-03-01 11:01 206848 c:\windows\ie8updates\KB2699988-IE8\occache.dll
+ 2012-06-14 22:20 . 2012-03-01 11:01 611840 c:\windows\ie8updates\KB2699988-IE8\mstime.dll
+ 2012-06-14 22:20 . 2012-03-01 11:01 602112 c:\windows\ie8updates\KB2699988-IE8\msfeeds.dll
+ 2012-06-14 22:20 . 2009-03-08 08:35 521216 c:\windows\ie8updates\KB2699988-IE8\jsdbgui.dll
+ 2012-06-14 22:20 . 2012-03-01 11:01 247808 c:\windows\ie8updates\KB2699988-IE8\ieproxy.dll
+ 2012-06-14 22:20 . 2012-03-01 11:01 184320 c:\windows\ie8updates\KB2699988-IE8\iepeers.dll
+ 2012-06-14 22:20 . 2012-03-01 11:01 743424 c:\windows\ie8updates\KB2699988-IE8\iedvtool.dll
+ 2012-06-14 22:20 . 2012-03-01 11:01 387584 c:\windows\ie8updates\KB2699988-IE8\iedkcs32.dll
+ 2012-06-14 22:20 . 2012-02-29 12:17 174080 c:\windows\ie8updates\KB2699988-IE8\ie4uinit.exe
+ 2012-02-16 01:27 . 2012-05-30 12:49 261632 c:\windows\assembly\temp\SZ49DINSW2\System.Transactions.dll
+ 2012-02-16 01:27 . 2012-05-30 12:49 630784 c:\windows\assembly\temp\LTY37CHMRV\System.Drawing.dll
+ 2012-02-16 01:27 . 2012-05-30 12:49 113664 c:\windows\assembly\temp\4BGLQVZ5AE\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 01:27 . 2012-05-30 12:49 258048 c:\windows\assembly\temp\4BGLQVZ5AE\System.EnterpriseServices.dll
+ 2012-02-16 01:27 . 2012-05-30 12:49 425984 c:\windows\assembly\temp\4AFKPUZ49D\System.configuration.dll
+ 2012-06-14 22:30 . 2012-06-14 22:30 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\86e11a59f02b2dda27ec2e7cba351744\WindowsFormsIntegration.ni.dll
+ 2012-06-14 23:35 . 2012-06-14 23:35 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\698c2093d7ac57af935b399d1c0b1790\System.Web.Routing.ni.dll
+ 2012-06-14 23:36 . 2012-06-14 23:36 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\75248baf640115daeb0e580f1c5ff98b\System.Web.Extensions.Design.ni.dll
+ 2012-06-14 23:35 . 2012-06-14 23:35 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\40c3b61ac38613e2b4b0f196e86185eb\System.Web.Entity.ni.dll
+ 2012-06-14 23:36 . 2012-06-14 23:36 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\39cc9a830f7f08fd9f397be452fd78b0\System.Web.Entity.Design.ni.dll
+ 2012-06-14 23:35 . 2012-06-14 23:35 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\88b1fd4792e7b698b788594d8e5e3c09\System.Web.DynamicData.ni.dll
+ 2012-06-14 23:35 . 2012-06-14 23:35 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6333d22a2ea347432d46c40d93194c68\System.Web.Abstractions.ni.dll
+ 2012-06-14 23:35 . 2012-06-14 23:35 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
+ 2012-06-14 22:30 . 2012-06-14 22:30 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\96a3fc1f74a00b618b70bd1701600408\System.Drawing.Design.ni.dll
+ 2012-06-14 23:35 . 2012-06-14 23:35 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll
+ 2012-06-14 23:34 . 2012-06-14 23:34 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c0045c1c7c29c7e7cc7bd60001b729a7\AspNetMMCExt.ni.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-04-13 13:40 . 2012-05-30 12:49 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-02-16 01:27 . 2012-05-30 12:49 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-02-16 01:27 . 2012-05-30 12:49 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-02-16 01:27 . 2012-05-30 12:49 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-02-16 01:27 . 2012-05-30 12:49 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-16 01:27 . 2012-05-30 12:49 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2006-02-28 12:00 . 2012-03-01 11:01 1212416 c:\windows\system32\urlmon.dll
+ 2006-02-28 12:00 . 2012-05-11 14:42 1212416 c:\windows\system32\urlmon.dll
+ 2006-02-28 12:00 . 2012-05-11 14:42 6007808 c:\windows\system32\mshtml.dll
+ 2007-08-13 22:34 . 2012-05-11 14:42 2000384 c:\windows\system32\iertutil.dll
- 2007-08-13 22:34 . 2012-03-01 11:01 2000384 c:\windows\system32\iertutil.dll
+ 2009-04-08 15:18 . 2012-05-15 13:20 1863168 c:\windows\system32\dllcache\win32k.sys
- 2009-04-08 15:53 . 2012-03-01 11:01 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2009-04-08 15:53 . 2012-05-11 14:42 1212416 c:\windows\system32\dllcache\urlmon.dll
- 2009-04-08 15:49 . 2012-04-11 13:10 2192640 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-04-08 15:49 . 2012-05-04 13:12 2192640 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-04-08 15:49 . 2012-04-11 12:35 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-04-08 15:49 . 2012-05-04 12:32 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-04-08 15:49 . 2012-05-04 12:32 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-04-08 15:49 . 2012-04-11 12:35 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-04-08 15:49 . 2012-05-04 13:16 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-04-08 15:49 . 2012-04-11 13:14 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-04-08 15:18 . 2012-05-11 14:42 6007808 c:\windows\system32\dllcache\mshtml.dll
- 2009-04-08 16:02 . 2012-03-01 11:01 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2009-04-08 16:02 . 2012-05-11 14:42 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2012-03-20 09:23 . 2012-03-20 09:23 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2011-12-25 07:50 . 2011-12-25 07:50 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-03-20 09:23 . 2012-03-20 09:23 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2008-07-25 15:17 . 2008-07-25 15:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2012-03-21 03:57 . 2012-03-21 03:57 6188544 c:\windows\Installer\1593ef4c.msp
+ 2012-06-14 22:20 . 2012-03-01 11:01 1212416 c:\windows\ie8updates\KB2699988-IE8\urlmon.dll
+ 2012-06-14 22:20 . 2012-03-01 11:01 5978624 c:\windows\ie8updates\KB2699988-IE8\mshtml.dll
+ 2012-06-14 22:20 . 2012-03-01 11:01 2000384 c:\windows\ie8updates\KB2699988-IE8\iertutil.dll
- 2009-04-08 15:49 . 2012-04-11 13:10 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-04-08 15:49 . 2012-05-04 13:12 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-04-08 15:49 . 2012-05-04 12:32 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-04-08 15:49 . 2012-04-11 12:35 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-04-08 15:49 . 2012-05-04 12:32 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-04-08 15:49 . 2012-04-11 12:35 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-04-08 15:49 . 2012-05-04 13:16 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-04-08 15:49 . 2012-04-11 13:14 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-02-16 01:27 . 2012-05-30 12:49 3186688 c:\windows\assembly\temp\NTY38DINSX\System.dll
+ 2012-02-16 01:27 . 2012-05-30 12:49 2933248 c:\windows\assembly\temp\CKOTY27CHM\System.Data.dll
+ 2012-02-16 01:27 . 2012-05-30 12:49 2048000 c:\windows\assembly\temp\8HMRW15AFK\System.XML.dll
+ 2012-02-16 01:27 . 2012-05-30 12:49 5025792 c:\windows\assembly\temp\18DINRW16B\System.Windows.Forms.dll
+ 2012-06-14 23:36 . 2012-06-14 23:36 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bd5bd406670d483b82bd51249eee59e3\System.WorkflowServices.ni.dll
+ 2012-06-14 23:36 . 2012-06-14 23:36 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\77361ebe9ad8ff77cc9a8d7f8363eb05\System.Workflow.Runtime.ni.dll
+ 2012-06-14 23:36 . 2012-06-14 23:36 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1c12dfa7826b331b243b7b45daf9904d\System.Workflow.ComponentModel.ni.dll
+ 2012-06-14 23:36 . 2012-06-14 23:36 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\514bf0e69e2c9fc8509cd23236057356\System.Workflow.Activities.ni.dll
+ 2012-06-14 23:36 . 2012-06-14 23:36 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll
+ 2012-06-14 23:36 . 2012-06-14 23:36 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\77f8cde07b131839f1841be702837e8e\System.Web.Mobile.ni.dll
+ 2012-06-14 23:35 . 2012-06-14 23:35 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\242b168aaca18197eca371ec269e23ac\System.Web.Extensions.ni.dll
+ 2012-06-14 22:30 . 2012-06-14 22:30 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d380f1813e27c2a086e62f0218669d67\System.Printing.ni.dll
+ 2012-06-14 22:30 . 2012-06-14 22:30 1592320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
+ 2012-06-14 23:35 . 2012-06-14 23:35 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7a53d68ad544f8e9edfdbd5a90a48fd3\System.Deployment.ni.dll
+ 2012-06-14 22:30 . 2012-06-14 22:30 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\443dd7f0b84c3de54b1a72be655e307c\ReachFramework.ni.dll
+ 2012-06-14 22:29 . 2012-06-14 22:29 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\48ddcafff1a5603fb3289e90330275c0\PresentationUI.ni.dll
+ 2012-06-14 23:35 . 2012-06-14 23:35 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 23:35 . 2012-06-14 23:35 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\4e463dcf2a03c71913a61b44c32e2389\Microsoft.Build.Tasks.ni.dll
+ 2012-06-14 23:35 . 2012-06-14 23:35 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\395b4a85c7941ac4dd9d1c6f5eb444c7\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-02-16 01:27 . 2012-05-30 12:49 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-02-16 01:27 . 2012-05-30 12:49 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-02-16 01:27 . 2012-05-30 12:49 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-05-30 12:49 . 2012-05-30 12:49 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-16 01:27 . 2012-05-30 12:49 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-16 01:27 . 2012-05-30 12:49 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-14 22:27 . 2012-06-14 22:27 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-04-08 15:57 . 2012-06-14 22:21 56731752 c:\windows\system32\MRT.exe
+ 2007-08-13 22:54 . 2012-05-12 00:12 11111424 c:\windows\system32\ieframe.dll
+ 2009-04-08 16:02 . 2012-05-12 00:12 11111424 c:\windows\system32\dllcache\ieframe.dll
+ 2012-06-14 22:20 . 2012-03-02 10:01 11082752 c:\windows\ie8updates\KB2699988-IE8\ieframe.dll
+ 2012-06-14 22:30 . 2012-06-14 22:30 12433920 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
+ 2012-06-14 23:35 . 2012-06-14 23:35 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
+ 2012-06-14 22:30 . 2012-06-14 22:30 10682368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f73a8455f384e90f6925309336fece24\System.Design.ni.dll
+ 2012-06-14 22:29 . 2012-06-14 22:29 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
+ 2012-06-14 22:29 . 2012-06-14 22:29 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-28 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Alfa\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [N/A]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 04:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-23 17:59 136176 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-03-09 19:29 1519616 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-09-01 22:47 90448 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-08-18 21:54 19558024 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-08-28 22:09 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2008-09-19 03:11 84528 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2007-04-10 21:46 709992 ----a-w- c:\windows\vVX1000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"UMVPFSrv"=2 (0x2)
"ufad-ws60"=3 (0x3)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"MDM"=2 (0x2)
"MatSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"DirMngr"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [9/18/2008 11:12 PM 54960]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\e:\iso's\VCdRom.sys --> e:\iso's\VCdRom.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/28/2011 6:12 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/28/2011 6:12 PM 136176]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S3 zlportio;ZLPORTIO - Allow user access to I/O ports;\??\c:\ubcd4win\plugin\System-Info\Information\DriverWizard\zlportio.sys --> c:\ubcd4win\plugin\System-Info\Information\DriverWizard\zlportio.sys [?]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [4/20/2009 8:38 AM 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [4/20/2009 8:38 AM 5248]
S4 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [3/2/2011 11:20 AM 224256]
S4 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S4 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [4/1/2011 5:11 AM 428640]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-08-28 15:34]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-28 22:12]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-28 22:12]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1078145449-839522115-1001Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-23 17:59]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1078145449-839522115-1001UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-23 17:59]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1078145449-839522115-1005Core.job
- c:\documents and settings\Alfa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-29 22:19]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1078145449-839522115-1005UA.job
- c:\documents and settings\Alfa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-29 22:19]
.
2012-06-18 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: opgonline.com\ras
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-19 00:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3028)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-06-19 00:41:32
ComboFix-quarantined-files.txt 2012-06-19 04:41
ComboFix2.txt 2012-06-10 17:52
.
Pre-Run: 33,495,134,208 bytes free
Post-Run: 33,468,289,024 bytes free
.
- - End Of File - - 1E489DE4AF3C5DB26CD7456DF94116A6

SAS:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/17/2012 at 08:22 PM

Application Version : 5.0.1150

Core Rules Database Version : 8750
Trace Rules Database Version: 6562

Scan type : Complete Scan
Total Scan Time : 00:40:21

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 354
Memory threats detected : 0
Registry items scanned : 34477
Registry threats detected : 0
File items scanned : 29882
File threats detected : 25

Adware.Tracking Cookie
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pcworldcommunication.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
insight.torbit.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sympatico.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.msnbc.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.vlcmediaplayer.org [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.vlcmediaplayer.org [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.vlcmediaplayer.org [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.vlcmediaplayer.org [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wstat.wibiya.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftwindows.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UPGQDS24 ]

Trojan.Agent/Gen-Decay
C:\PROGRAM FILES\ADOBE\READER 10.0\READER\READER_SL.EXE
C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744AA0100000010\10.1.0\READER_SL.EXE

Regards,

SLeopard

#13 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:02:42 AM

Posted 20 June 2012 - 08:21 AM

Hi SLeopard,



I ran SuperAntiSpyware scan other day and that found and removed another trojan in my system.

Trojan.Agent/Gen-Decay
C:\PROGRAM FILES\ADOBE\READER 10.0\READER\READER_SL.EXE
C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744AA0100000010\10.1.0\READER_SL.EXE

These two entries are false positives from SuperAntiSpyware and clean, so don't worry.
Let's do some control scans for any leftover that might still be on your computer. :)





Step 1
  • Please start Malwarebytes' Anti-Malware.
  • Click on the Update tab and download the newest definitions updates.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.





Step 2
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586.exe (or jre-7u5-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.





Step 3
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!





Step 4
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.





What you should post with your next answer:
  • the logfile from Malwarebytes' Anti-Malware,
  • the logfile from ESET Online Scanner,
  • the logfile from SecurityCheck,
  • any further information about how your computer is running at the moment.

Regards,
M-K-D-B

#14 sleopard

sleopard
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 21 June 2012 - 07:25 AM

Hi M-K-D-B,

My computer seems to be running fine now. Please find below the logs you have asked for:

Malwarebytes

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.20.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: ALPHA-DT [administrator]

6/20/2012 10:50:17 AM
mbam-log-2012-06-20 (10-50-17).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 515083
Time elapsed: 6 hour(s), 11 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
F:\System Volume Information\_restore{A59C831A-A49E-49B3-B148-181254AC40DC}\RP14\A0004914.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{A59C831A-A49E-49B3-B148-181254AC40DC}\RP14\A0004918.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
F:\WD Passport SW and Big Ext Drive Backup\DmailerSync_v9_0_16292.exe (Malware.Packer.as) -> Quarantined and deleted successfully.

(end)

ESET

Y:\Downloads\BBLOGGER.zip probably a variant of Win32/Spy.Banker.MYITSXX trojan

SecurityCheck

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
DH Driver Cleaner Professional Edition
Java™ 7 Update 5
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````

Let me know what do I need to do further.

Regards,

SLeopard

#15 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:02:42 AM

Posted 22 June 2012 - 07:13 AM

Hi SLeopard,



F:\WD Passport SW and Big Ext Drive Backup\DmailerSync_v9_0_16292.exe (Malware.Packer.as) -> Quarantined and deleted successfully.
Y:\Downloads\BBLOGGER.zip probably a variant of Win32/Spy.Banker.MYITSXX trojan

The first entry seems to be a false positive from Malwarebytes' Anti-malware to me.
According to the second entry, if you're not 100% sure that this zip file BBLOGGER.zip is clean, I would like you to delete it.





If you have no more problems, then we're done here. Your computer is clean. :thumbup2:
Finally, we have to take a few steps to clean up and protect your computer.





Step 1
  • Press the "windows key" + "R"
  • Copy and past the following into the box
ComboFix /Uninstall
  • Click ok
  • ComboFix will be uninstalled now.





Step 2
Your version of Adobe Flash Player is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow the next steps to update your Adobe Flash components:
  • Please visit the following site from Adobe
  • Choose your operating system and your browser ("Internet Explorer" or "other" for Firefox for example)
  • Please download the latest version to your Desktop.
  • Double click the file to start the installation process.
Adobe Flash Player is up to date now!





Step 3
To protect your computer from similar infections in the future, I recommend a couple of useful programs, including a few tips:


Practice Safe Internet

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.

    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

Visit Microsoft's Windows Update Site Frequently
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiMalware Program
A highly recommended and free Anti-Malware program is Malwarebytes' Anti-Malware.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiMalware program on a regular basis just as you would an antivirus software.


Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.





Step 4
Please give me a short notice, when you're done and have no more questions, so I can delete the topic from my subscriptions.
Regards,
M-K-D-B




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users