Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Troj_zaccess and others won't go away


  • This topic is locked This topic is locked
14 replies to this topic

#1 mediamom

mediamom

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 12 July 2012 - 05:37 PM

Symptoms: My desktop icons have disappeared. I cannot get to a run command, "My Computer" or to "My documents". Windows update crashed on update 24 of 56. Now the updater will not complete. Trendmicro message says it had to roll back to older version because of a conflict. Computer is super slow and freezes up constantly.

Trendmicro keeps finding and removing the following trojans every time I restart and do a scan.

Troj_zaccess
Troj_gen.rc1c7E3
Troj_spnr.16DP12
Troj_kryptic.lnc
Troj_fakeav.bkt
Troj_cleaman.m
java dloader

Thank you in advance for your help! Here are my dds and gmer logs. I could not save and run gmer (can't get to it once it's saved) so I had to do a full scan without unchecking IAT/EAT.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Deanna Johnson at 17:01:19 on 2012-07-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1175 [GMT -4:00]
.
AV: Trend Micro Internet Security Pro *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.netaddress.usa.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103
uInternet Settings,ProxyServer = ucs.bess.misd.net:8080
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Artisan 710(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifsa.exe /fu "c:\windows\temp\E_S8A.tmp" /EF "HKCU"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10x_ActiveX.exe -update activex
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [dplaysvr] %APPDATA%\dplaysvr.exe
dRun: [Microsoft] rundll32.exe "c:\documents and settings\networkservice\local settings\application data\trend micro\microsoft\ihkpbqo.dll",DllRegisterServer
dRun: [dplaysvr] %APPDATA%\dplaysvr.exe
StartupFolder: c:\docume~1\deanna~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdback~1.lnk - c:\program files\my book\wd backup\uBBMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
uPolicies-explorer: NoDesktop = 1 (0x1)
dPolicies-explorer: NoDesktop = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\micros~2\office\1033\phdintl.dll/phdContext.htm
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342121310875
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342121289578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{CE558D8B-1EAE-47FE-941C-091BC17970F9} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 94.63.147.16 www.google.com
.
============= SERVICES / DRIVERS ===============
.
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};c:\program files\cyberlink\powerdvd dx\000.fcl [2008-7-11 41456]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-1-1 36624]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-1-1 339984]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-1-1 51792]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-1-1 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-1-1 689416]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-12 40776]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-3-5 11520]
.
=============== Created Last 30 ================
.
2012-07-12 19:29:01 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-07-12 15:31:54 22032 ----a-w- c:\windows\DCEBoot.exe
2012-07-12 15:28:56 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
.
==================== Find3M ====================
.
2012-07-12 20:38:15 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-07-12 19:47:26 102400 ----a-w- c:\windows\RegBootClean.exe
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-04-25 21:33:03 75127 ----a-w- c:\windows\system32\960e3db5.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS721010G9SA00 rev.MCZOC10H -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89939FD0]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AB48AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x899DC830]
\Driver\00001406[0x899655F0] -> IRP_MJ_CREATE -> 0x89939FD0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A9662C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 17:05:31.14 ===============




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Deanna Johnson at 17:01:19 on 2012-07-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1175 [GMT -4:00]
.
AV: Trend Micro Internet Security Pro *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.netaddress.usa.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103
uInternet Settings,ProxyServer = ucs.bess.misd.net:8080
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Artisan 710(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifsa.exe /fu "c:\windows\temp\E_S8A.tmp" /EF "HKCU"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10x_ActiveX.exe -update activex
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [dplaysvr] %APPDATA%\dplaysvr.exe
dRun: [Microsoft] rundll32.exe "c:\documents and settings\networkservice\local settings\application data\trend micro\microsoft\ihkpbqo.dll",DllRegisterServer
dRun: [dplaysvr] %APPDATA%\dplaysvr.exe
StartupFolder: c:\docume~1\deanna~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdback~1.lnk - c:\program files\my book\wd backup\uBBMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
uPolicies-explorer: NoDesktop = 1 (0x1)
dPolicies-explorer: NoDesktop = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\micros~2\office\1033\phdintl.dll/phdContext.htm
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342121310875
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342121289578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{CE558D8B-1EAE-47FE-941C-091BC17970F9} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 94.63.147.16 www.google.com
.
============= SERVICES / DRIVERS ===============
.
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};c:\program files\cyberlink\powerdvd dx\000.fcl [2008-7-11 41456]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-1-1 36624]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-1-1 339984]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-1-1 51792]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-1-1 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-1-1 689416]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-12 40776]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-3-5 11520]
.
=============== Created Last 30 ================
.
2012-07-12 19:29:01 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-07-12 15:31:54 22032 ----a-w- c:\windows\DCEBoot.exe
2012-07-12 15:28:56 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
.
==================== Find3M ====================
.
2012-07-12 20:38:15 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-07-12 19:47:26 102400 ----a-w- c:\windows\RegBootClean.exe
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-04-25 21:33:03 75127 ----a-w- c:\windows\system32\960e3db5.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS721010G9SA00 rev.MCZOC10H -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89939FD0]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AB48AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x899DC830]
\Driver\00001406[0x899655F0] -> IRP_MJ_CREATE -> 0x89939FD0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A9662C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 17:05:31.14 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-12 18:35:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HTS721010G9SA00 rev.MCZOC10H
Running: 320pqq4c[1].exe; Driver: C:\DOCUME~1\DEANNA~1\LOCALS~1\Temp\axdyapow.sys


---- System - GMER 1.0.15 ----

SSDT 8926FD60 ZwCreateKey
SSDT 89270F00 ZwCreateMutant
SSDT 8926F260 ZwCreateProcess
SSDT 8926F520 ZwCreateProcessEx
SSDT 89270BC0 ZwCreateThread
SSDT 892702E0 ZwDeleteKey
SSDT 892705A0 ZwDeleteValueKey
SSDT 89270D60 ZwLoadDriver
SSDT 8926F7E0 ZwOpenProcess
SSDT 892710A0 ZwSetSystemInformation
SSDT 89270020 ZwSetValueKey
SSDT 8926FAA0 ZwTerminateProcess
SSDT 89270A20 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\drivers\ACPI.sys section is writeable [0xB9F79300, 0x1AF00, 0xE8000020]
.rsrc C:\WINDOWS\system32\drivers\ACPI.sys section is executable [0xB9FA2F00, 0x18E8, 0xE8000040]
.reloc C:\WINDOWS\system32\drivers\ACPI.sys section is executable [0xB9FA4800, 0x2506, 0xE8000040]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8080380, 0x24916E, 0xE8000020]
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xB4FE0280]
C:\Program Files\CyberLink\PowerDVD DX\000.fcl entry point in "" section [0xA7970000]
.clc C:\Program Files\CyberLink\PowerDVD DX\000.fcl unknown last section [0xA7971000, 0x1000, 0x00000000]
? C:\DOCUME~1\DEANNA~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1152] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1152] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1152] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1152] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1152] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1152] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1152] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1152] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1152] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1152] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1152] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1152] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1152] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1152] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1152] CRYPT32.dll!CryptMsgCountersignEncoded + 27A 77A92F62 7 Bytes JMP 02BA1A30
.text C:\Program Files\Internet Explorer\iexplore.exe[1152] CRYPT32.dll!CertComparePublicKeyInfo + 1E8 77A9B76A 7 Bytes JMP 02BA1A10
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 0096000C
.text C:\WINDOWS\System32\svchost.exe[1556] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0122000A
.text C:\WINDOWS\System32\svchost.exe[1556] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 0123000A
.text C:\WINDOWS\System32\svchost.exe[1556] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 0124000A
.text C:\WINDOWS\System32\svchost.exe[1556] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00EA000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3944] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3944] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3944] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3944] CRYPT32.dll!CryptMsgCountersignEncoded + 27A 77A92F62 7 Bytes JMP 03AB1A30
.text C:\Program Files\Internet Explorer\iexplore.exe[3944] CRYPT32.dll!CertComparePublicKeyInfo + 1E8 77A9B76A 7 Bytes JMP 03AB1A10
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] CRYPT32.dll!CryptMsgCountersignEncoded + 27A 77A92F62 7 Bytes JMP 03AB1A30
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] CRYPT32.dll!CertComparePublicKeyInfo + 1E8 77A9B76A 7 Bytes JMP 03AB1A10

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[1152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3944] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4224] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A9662C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8A9662C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A9662C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A9662C6

AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \FileSystem\Fastfat \Fat A3FAED20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) B2D10000-B2D29000 (102400 bytes)

---- Threads - GMER 1.0.15 ----

Thread System [4:312] 8A8BA0F4

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 3568
Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 3692
Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 5592

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB42870$\1727472533 0 bytes
File C:\WINDOWS\$NtUninstallKB42870$\3915664914 0 bytes
File C:\WINDOWS\$NtUninstallKB42870$\3915664914\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB42870$\3915664914\cfg.ini 316 bytes
File C:\WINDOWS\$NtUninstallKB42870$\3915664914\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB42870$\3915664914\L 0 bytes
File C:\WINDOWS\$NtUninstallKB42870$\3915664914\L\pdmzmplg 162816 bytes
File C:\WINDOWS\$NtUninstallKB42870$\3915664914\U 0 bytes
File C:\WINDOWS\$NtUninstallKB42870$\3915664914\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB42870$\3915664914\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB42870$\3915664914\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB42870$\3915664914\U\80000000.@ 66560 bytes
File C:\WINDOWS\$NtUninstallKB42870$\3915664914\U\80000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB42870$\3915664914\U\80000032.@ 115712 bytes
File C:\WINDOWS\$NtUninstallKB42870$\3915664914\version 1271 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 AM

Posted 17 July 2012 - 09:48 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your Hosts file was compromised.
How do I reset the hosts file back to the default?
http://support.microsoft.com/kb/972034

Use the Fix it button on the page.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.
Do not run any tools unless I ask you to.
Wait for further instructions.

#3 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 17 July 2012 - 10:57 AM

Before I begin... I ran combofix while I was waiting for a reply...sorry. I really needed to use the computer. I now have desktop and menu functionality. But my wireless connection won't work. Error message: Problem applying profile. I can connect using my LAN for now to continue fixing the machine. I will wait to do the above steps until you've looked at my combofix log. Here it is. THANKS SO MUCH in advance for your help.
Combofix rebooted several times trying to remove a rootkit.

ComboFix 12-07-16.01 - Deanna Johnson 07/17/2012 9:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1510 [GMT -4:00]
Running from: C:\ComboFix.exe
AV: Trend Micro Internet Security Pro *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *Enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\56b7be19
c:\windows\$NtUninstallKB42870$\1727472533
c:\windows\$NtUninstallKB42870$\3915664914\@
c:\windows\$NtUninstallKB42870$\3915664914\cfg.ini
c:\windows\$NtUninstallKB42870$\3915664914\Desktop.ini
c:\windows\$NtUninstallKB42870$\3915664914\L\00000004.@
c:\windows\$NtUninstallKB42870$\3915664914\L\201d3dde
c:\windows\$NtUninstallKB42870$\3915664914\L\pdmzmplg
c:\windows\$NtUninstallKB42870$\3915664914\U\00000001.@
c:\windows\$NtUninstallKB42870$\3915664914\U\00000002.@
c:\windows\$NtUninstallKB42870$\3915664914\U\00000004.@
c:\windows\$NtUninstallKB42870$\3915664914\U\80000000.@
c:\windows\$NtUninstallKB42870$\3915664914\U\80000004.@
c:\windows\$NtUninstallKB42870$\3915664914\U\80000032.@
c:\windows\$NtUninstallKB42870$\3915664914\version
c:\windows\system32\960e3db5.exe
c:\windows\system32\AegisI5Installer.exe
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\entech.dll
c:\windows\system32\service
c:\windows\system32\service\05022011_TIS17_SfFniAU.log
c:\windows\system32\service\10042010_TIS17_SfFniAU.log
c:\windows\system32\service\11042010_TIS17_SfFniAU.log
c:\windows\system32\service\11102010_TIS17_SfFniAU.log
c:\windows\system32\service\16082010_TIS17_SfFniAU.log
c:\windows\system32\service\18082011_TIS17_SfFniAU.log
c:\windows\system32\service\19012011_TIS17_SfFniAU.log
c:\windows\system32\service\19022011_TIS17_SfFniAU.log
c:\windows\system32\service\21032010_TIS17_SfFniAU.log
c:\windows\system32\service\27022011_TIS17_SfFniAU.log
c:\windows\system32\service\29042010_TIS17_SfFniAU.log
c:\windows\system32\SET109.tmp
c:\windows\system32\SET10B.tmp
c:\windows\system32\SET116.tmp
c:\windows\system32\SET143.tmp
c:\windows\system32\SETC7.tmp
c:\windows\system32\SETC8.tmp
c:\windows\system32\SETFA.tmp
c:\windows\system32\SETFD.tmp
c:\windows\system32\Thumbs.db
c:\windows\$NtUninstallKB42870$ . . . . Failed to delete
.
c:\windows\system32\drivers\bcbthub.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CoolerXPDriver
-------\Service_CoolerXPDriver
.
.
((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-16 01:36 . 2004-08-10 11:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2012-07-16 01:35 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-07-16 01:35 . 2004-08-10 11:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2012-07-16 01:35 . 2004-08-10 11:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2012-07-16 01:35 . 2004-08-10 11:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2012-07-16 01:35 . 2004-08-10 11:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2012-07-16 01:35 . 2004-08-10 11:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2012-07-16 01:35 . 2004-08-10 11:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2012-07-12 19:29 . 2012-06-02 19:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-07-12 15:31 . 2012-07-12 15:31 22032 ----a-w- c:\windows\DCEBoot.exe
2012-07-12 15:28 . 2012-07-12 15:29 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 19:47 . 2012-04-25 21:36 102400 ----a-w- c:\windows\RegBootClean.exe
2012-07-03 17:46 . 2009-12-16 03:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-04 21:35 . 2005-08-16 10:40 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 21:35 . 2005-05-26 08:19 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:19 . 2007-06-18 17:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-06-18 17:44 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2005-08-16 10:40 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2005-08-16 10:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2005-08-16 10:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2005-08-16 10:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-08-16 10:18 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2007-06-18 17:44 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2005-08-16 10:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2005-08-16 10:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2007-06-19 14:06 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2007-04-12 17:06 275696 ----a-w- c:\windows\system32\mucltui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-23 7692288]
"nwiz"="nwiz.exe" [2006-10-23 1622016]
"NVHotkey"="nvHotkey.dll" [2006-10-23 73728]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-09-08 1036288]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-09 761947]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"NvMediaCenter"="NvMCTray.dll" [2006-10-23 86016]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"WD Button Manager"="WDBtnMgr.exe" [2007-12-16 364544]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
.
c:\documents and settings\Deanna Johnson\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-3 24576]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-4 81920]
WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2007-3-17 98304]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-09-24 05:08 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};c:\program files\CyberLink\PowerDVD DX\000.fcl [7/11/2008 2:04 PM 41456]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [1/1/2010 5:36 PM 36624]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 12:28 PM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [1/1/2010 5:36 PM 339984]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [1/1/2010 6:29 PM 51792]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [1/1/2010 6:29 PM 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [1/1/2010 6:29 PM 689416]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/12/2012 11:28 AM 40776]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [3/5/2010 10:50 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mpservice
zpaction
MKEMUSB
trlokom_rmhsvc
pdlnemsg
avidstartup
aksusb
psdistributionagent
mssql$sony_mediamgr
s117mdfl
bwcsrv
cavasm
L1e
CoolerXPDriver
MobilityService
z525mdm
aslm75
pktfilter
iirsp
AlKernel
ireike
M3AD
w810bus
kbfiltr
VMAUDIO
EL2000
ifxtcs
sfrem01
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netaddress.usa.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103
uInternet Settings,ProxyServer = ucs.bess.misd.net:8080
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-dplaysvr - c:\documents and settings\Deanna Johnson\Application Data\dplaysvr.exe
HKU-Default-Run-dplaysvr - c:\documents and settings\Deanna Johnson\Application Data\dplaysvr.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-RoxioDragToDisc - c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-960e3db5 - c:\windows\system32\960e3db5.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-17 10:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS721010G9SA00 rev.MCZOC10H -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A94A2C6
NDIS: Intel® PRO/Wireless 3945ABG Network Connection -> SendHandler -> 0x8aaf34f0
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aksusb]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AlKernel]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aslm75]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avidstartup]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bwcsrv]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cavasm]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EL2000]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ifxtcs]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iirsp]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ireike]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbfiltr]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\L1e]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M3AD]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MKEMUSB]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MobilityService]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mpservice]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssql$sony_mediamgr]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdlnemsg]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pktfilter]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\psdistributionagent]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s117mdfl]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfrem01]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\trlokom_rmhsvc]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VMAUDIO]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w810bus]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\z525mdm]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zpaction]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1084)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(5408)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\eHome\ehSched.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
c:\program files\Photodex\ProShowProducer\ScsiAccess.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\windows\system32\rundll32.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\WDBtnMgr.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-07-17 10:16:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-17 14:16
.
Pre-Run: 13,084,655,616 bytes free
Post-Run: 13,741,264,896 bytes free
.
- - End Of File - - 45C0A271E3703849AD5329BCAF148449

#4 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 17 July 2012 - 04:42 PM

I'm getting this error code too:

Microsoft Visual C++
Runtime Error

Program C:Program Files\Trendmicro\Internet Security\SfCtlCom.exe
R6025
-pure virtual function call

#5 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 18 July 2012 - 07:19 AM

Should I still go ahead and reset the host file?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 AM

Posted 18 July 2012 - 10:00 AM

Looking over your topic I need you to run the two tools suggested in my post No 2.

Please post the logs.

#7 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 18 July 2012 - 11:33 AM

Ok. Here the tdsskiller:

12:07:38.0031 5080 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
12:07:38.0718 5080 ============================================================
12:07:38.0718 5080 Current date / time: 2012/07/18 12:07:38.0718
12:07:38.0718 5080 SystemInfo:
12:07:38.0718 5080
12:07:38.0718 5080 OS Version: 5.1.2600 ServicePack: 3.0
12:07:38.0718 5080 Product type: Workstation
12:07:38.0718 5080 ComputerName: DEJENXPS
12:07:38.0718 5080 UserName: Deanna Johnson
12:07:38.0718 5080 Windows directory: C:\WINDOWS
12:07:38.0718 5080 System windows directory: C:\WINDOWS
12:07:38.0718 5080 Processor architecture: Intel x86
12:07:38.0718 5080 Number of processors: 2
12:07:38.0718 5080 Page size: 0x1000
12:07:38.0718 5080 Boot type: Normal boot
12:07:38.0718 5080 ============================================================
12:07:43.0203 5080 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:07:43.0218 5080 ============================================================
12:07:43.0218 5080 \Device\Harddisk0\DR0:
12:07:43.0218 5080 MBR partitions:
12:07:43.0218 5080 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0xACECF57
12:07:43.0218 5080 ============================================================
12:07:43.0343 5080 C: <-> \Device\Harddisk0\DR0\Partition0
12:07:43.0343 5080 ============================================================
12:07:43.0343 5080 Initialize success
12:07:43.0343 5080 ============================================================
12:07:47.0328 5348 ============================================================
12:07:47.0328 5348 Scan started
12:07:47.0328 5348 Mode: Manual;
12:07:47.0328 5348 ============================================================
12:07:48.0609 5348 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
12:07:48.0640 5348 61883 - ok
12:07:48.0640 5348 Abiosdsk - ok
12:07:48.0687 5348 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:07:48.0734 5348 abp480n5 - ok
12:07:48.0781 5348 ACPI (ea38c961260f29295c6d03070fa9d0b5) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:07:48.0828 5348 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: ea38c961260f29295c6d03070fa9d0b5, Fake md5: 998d7c98a831f069aa17a217a9811201
12:07:48.0828 5348 ACPI ( Virus.Win32.Rloader.a ) - infected
12:07:48.0828 5348 ACPI - detected Virus.Win32.Rloader.a (0)
12:07:48.0843 5348 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:07:48.0875 5348 ACPIEC - ok
12:07:49.0000 5348 AdobeActiveFileMonitor4.0 (2486c8e3f14496341e90cf2ab8bc82ed) C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
12:07:49.0000 5348 AdobeActiveFileMonitor4.0 - ok
12:07:49.0093 5348 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:07:49.0140 5348 adpu160m - ok
12:07:49.0171 5348 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:07:49.0234 5348 aec - ok
12:07:49.0234 5348 AegisP - ok
12:07:49.0265 5348 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
12:07:49.0296 5348 Afc - ok
12:07:49.0359 5348 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
12:07:49.0406 5348 AFD - ok
12:07:49.0437 5348 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:07:49.0468 5348 agp440 - ok
12:07:49.0500 5348 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:07:49.0531 5348 agpCPQ - ok
12:07:49.0546 5348 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:07:49.0578 5348 Aha154x - ok
12:07:49.0578 5348 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:07:49.0625 5348 aic78u2 - ok
12:07:49.0625 5348 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:07:49.0671 5348 aic78xx - ok
12:07:49.0703 5348 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:07:49.0734 5348 Alerter - ok
12:07:49.0781 5348 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:07:49.0828 5348 ALG - ok
12:07:49.0875 5348 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
12:07:49.0906 5348 AliIde - ok
12:07:49.0937 5348 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:07:49.0968 5348 alim1541 - ok
12:07:50.0000 5348 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:07:50.0031 5348 amdagp - ok
12:07:50.0046 5348 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
12:07:50.0078 5348 amsint - ok
12:07:50.0109 5348 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
12:07:50.0125 5348 APPDRV - ok
12:07:50.0203 5348 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:07:50.0203 5348 Apple Mobile Device - ok
12:07:50.0265 5348 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
12:07:50.0312 5348 AppMgmt - ok
12:07:50.0343 5348 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:07:50.0375 5348 Arp1394 - ok
12:07:50.0421 5348 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
12:07:50.0468 5348 asc - ok
12:07:50.0468 5348 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:07:50.0515 5348 asc3350p - ok
12:07:50.0515 5348 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:07:50.0546 5348 asc3550 - ok
12:07:50.0687 5348 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:07:50.0828 5348 aspnet_state - ok
12:07:50.0843 5348 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:07:50.0875 5348 AsyncMac - ok
12:07:50.0890 5348 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:07:50.0890 5348 atapi - ok
12:07:50.0921 5348 Atdisk - ok
12:07:50.0937 5348 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:07:50.0984 5348 Atmarpc - ok
12:07:51.0062 5348 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:07:51.0078 5348 AudioSrv - ok
12:07:51.0125 5348 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:07:51.0156 5348 audstub - ok
12:07:51.0453 5348 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
12:07:51.0468 5348 Avc - ok
12:07:51.0640 5348 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
12:07:51.0671 5348 b57w2k - ok
12:07:51.0812 5348 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:07:51.0859 5348 Beep - ok
12:07:52.0140 5348 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:07:52.0296 5348 BITS - ok
12:07:52.0609 5348 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
12:07:52.0640 5348 Bonjour Service - ok
12:07:52.0671 5348 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:07:52.0687 5348 Browser - ok
12:07:52.0687 5348 btaudio - ok
12:07:52.0687 5348 BTDriver - ok
12:07:52.0703 5348 BTKRNL - ok
12:07:52.0703 5348 BTSERIAL - ok
12:07:52.0828 5348 btwdins (3a462eba453d84d036046772104cfbcb) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
12:07:52.0828 5348 btwdins - ok
12:07:52.0828 5348 BTWDNDIS - ok
12:07:52.0843 5348 btwhid - ok
12:07:52.0843 5348 btwmodem - ok
12:07:52.0843 5348 BTWUSB - ok
12:07:52.0859 5348 catchme - ok
12:07:52.0906 5348 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:07:52.0921 5348 cbidf - ok
12:07:52.0921 5348 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:07:52.0921 5348 cbidf2k - ok
12:07:52.0937 5348 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:07:52.0953 5348 CCDECODE - ok
12:07:52.0968 5348 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:07:52.0968 5348 cd20xrnt - ok
12:07:52.0984 5348 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:07:53.0000 5348 Cdaudio - ok
12:07:53.0015 5348 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:07:53.0031 5348 Cdfs - ok
12:07:53.0046 5348 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:07:53.0062 5348 Cdrom - ok
12:07:53.0078 5348 Changer - ok
12:07:53.0109 5348 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:07:53.0125 5348 CiSvc - ok
12:07:53.0125 5348 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:07:53.0156 5348 ClipSrv - ok
12:07:53.0265 5348 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:07:53.0343 5348 clr_optimization_v2.0.50727_32 - ok
12:07:53.0390 5348 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:07:53.0390 5348 CmBatt - ok
12:07:53.0453 5348 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:07:53.0453 5348 CmdIde - ok
12:07:53.0468 5348 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:07:53.0484 5348 Compbatt - ok
12:07:53.0484 5348 COMSysApp - ok
12:07:53.0515 5348 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:07:53.0531 5348 Cpqarray - ok
12:07:53.0562 5348 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:07:53.0578 5348 CryptSvc - ok
12:07:53.0625 5348 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
12:07:53.0671 5348 ctsfm2k - ok
12:07:53.0703 5348 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
12:07:53.0750 5348 CTUSFSYN - ok
12:07:53.0765 5348 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:07:53.0812 5348 dac2w2k - ok
12:07:53.0859 5348 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:07:53.0875 5348 dac960nt - ok
12:07:53.0937 5348 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:07:53.0953 5348 DcomLaunch - ok
12:07:53.0984 5348 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:07:53.0984 5348 Dhcp - ok
12:07:54.0000 5348 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:07:54.0015 5348 Disk - ok
12:07:54.0015 5348 dmadmin - ok
12:07:54.0046 5348 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:07:54.0093 5348 dmboot - ok
12:07:54.0125 5348 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:07:54.0140 5348 dmio - ok
12:07:54.0187 5348 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:07:54.0187 5348 dmload - ok
12:07:54.0218 5348 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:07:54.0234 5348 dmserver - ok
12:07:54.0281 5348 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:07:54.0296 5348 DMusic - ok
12:07:54.0343 5348 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:07:54.0359 5348 Dnscache - ok
12:07:54.0406 5348 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:07:54.0421 5348 Dot3svc - ok
12:07:54.0453 5348 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
12:07:54.0484 5348 Dot4 - ok
12:07:54.0515 5348 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
12:07:54.0531 5348 Dot4Print - ok
12:07:54.0546 5348 dot4ufd (0a57b5876530febb4ebf6ad501864f96) C:\WINDOWS\system32\DRIVERS\hppaufd0.sys
12:07:54.0546 5348 dot4ufd - ok
12:07:54.0593 5348 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:07:54.0609 5348 dpti2o - ok
12:07:54.0640 5348 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:07:54.0656 5348 drmkaud - ok
12:07:54.0765 5348 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
12:07:54.0781 5348 DSproct - ok
12:07:54.0796 5348 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:07:54.0828 5348 E100B - ok
12:07:54.0890 5348 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:07:54.0906 5348 EapHost - ok
12:07:54.0984 5348 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
12:07:55.0015 5348 ehRecvr - ok
12:07:55.0046 5348 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
12:07:55.0046 5348 ehSched - ok
12:07:55.0125 5348 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
12:07:55.0171 5348 EpsonBidirectionalService - ok
12:07:55.0312 5348 EPSON_EB_RPCV4_01 (ec6a73cd8413f68655e5e0b99c415a21) C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
12:07:55.0312 5348 EPSON_EB_RPCV4_01 - ok
12:07:55.0343 5348 EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
12:07:55.0343 5348 EPSON_PM_RPCV4_01 - ok
12:07:55.0390 5348 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:07:55.0406 5348 ERSvc - ok
12:07:55.0437 5348 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:07:55.0515 5348 Eventlog - ok
12:07:55.0546 5348 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:07:55.0578 5348 EventSystem - ok
12:07:55.0671 5348 EvtEng (788c72b145c75a7ee5f5d6a32542d912) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
12:07:55.0734 5348 EvtEng - ok
12:07:55.0812 5348 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:07:55.0843 5348 Fastfat - ok
12:07:55.0921 5348 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:07:55.0937 5348 FastUserSwitchingCompatibility - ok
12:07:55.0984 5348 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
12:07:56.0015 5348 Fax - ok
12:07:56.0015 5348 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:07:56.0031 5348 Fdc - ok
12:07:56.0046 5348 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:07:56.0062 5348 Fips - ok
12:07:56.0078 5348 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:07:56.0093 5348 Flpydisk - ok
12:07:56.0109 5348 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:07:56.0125 5348 FltMgr - ok
12:07:56.0234 5348 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:07:56.0250 5348 FontCache3.0.0.0 - ok
12:07:56.0281 5348 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:07:56.0296 5348 Fs_Rec - ok
12:07:56.0328 5348 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:07:56.0359 5348 Ftdisk - ok
12:07:56.0406 5348 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
12:07:56.0421 5348 GEARAspiWDM - ok
12:07:56.0453 5348 GoogleDesktopManager - ok
12:07:56.0500 5348 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:07:56.0515 5348 Gpc - ok
12:07:56.0515 5348 gusvc - ok
12:07:56.0531 5348 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:07:56.0562 5348 HDAudBus - ok
12:07:56.0625 5348 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:07:56.0640 5348 helpsvc - ok
12:07:56.0671 5348 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:07:56.0687 5348 HidServ - ok
12:07:56.0718 5348 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:07:56.0734 5348 HidUsb - ok
12:07:56.0765 5348 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:07:56.0796 5348 hkmsvc - ok
12:07:56.0859 5348 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
12:07:56.0890 5348 hpn - ok
12:07:57.0062 5348 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
12:07:57.0171 5348 HSF_DPV - ok
12:07:57.0187 5348 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
12:07:57.0203 5348 HSXHWAZL - ok
12:07:57.0265 5348 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:07:57.0281 5348 HTTP - ok
12:07:57.0328 5348 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:07:57.0328 5348 HTTPFilter - ok
12:07:57.0359 5348 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
12:07:57.0375 5348 i2omgmt - ok
12:07:57.0390 5348 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:07:57.0390 5348 i2omp - ok
12:07:57.0406 5348 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:07:57.0437 5348 i8042prt - ok
12:07:57.0562 5348 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:07:57.0609 5348 IDriverT - ok
12:07:57.0765 5348 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:07:57.0828 5348 idsvc - ok
12:07:57.0859 5348 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:07:57.0875 5348 Imapi - ok
12:07:57.0953 5348 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:07:58.0015 5348 ImapiService - ok
12:07:58.0046 5348 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:07:58.0078 5348 ini910u - ok
12:07:58.0109 5348 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:07:58.0125 5348 IntelIde - ok
12:07:58.0171 5348 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:07:58.0203 5348 intelppm - ok
12:07:58.0203 5348 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:07:58.0250 5348 Ip6Fw - ok
12:07:58.0250 5348 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:07:58.0281 5348 IpFilterDriver - ok
12:07:58.0296 5348 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:07:58.0328 5348 IpInIp - ok
12:07:58.0359 5348 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:07:58.0406 5348 IpNat - ok
12:07:58.0515 5348 iPod Service (e51bd095b2fdf56b17ee010bb794d6ed) C:\Program Files\iPod\bin\iPodService.exe
12:07:58.0578 5348 iPod Service - ok
12:07:58.0593 5348 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:07:58.0640 5348 IPSec - ok
12:07:58.0656 5348 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:07:58.0671 5348 IRENUM - ok
12:07:58.0687 5348 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:07:58.0765 5348 isapnp - ok
12:07:58.0765 5348 ivusb - ok
12:07:58.0875 5348 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
12:07:58.0875 5348 JavaQuickStarterService - ok
12:07:58.0937 5348 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:07:58.0953 5348 Kbdclass - ok
12:07:58.0968 5348 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:07:58.0984 5348 kbdhid - ok
12:07:59.0015 5348 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:07:59.0031 5348 kmixer - ok
12:07:59.0203 5348 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:07:59.0328 5348 KSecDD - ok
12:07:59.0375 5348 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:07:59.0390 5348 lanmanserver - ok
12:07:59.0437 5348 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:07:59.0468 5348 lanmanworkstation - ok
12:07:59.0468 5348 lbrtfdc - ok
12:07:59.0515 5348 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:07:59.0531 5348 LmHosts - ok
12:07:59.0562 5348 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
12:07:59.0578 5348 MBAMSwissArmy - ok
12:07:59.0656 5348 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
12:07:59.0703 5348 McrdSvc - ok
12:07:59.0781 5348 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
12:07:59.0796 5348 MDM - ok
12:07:59.0843 5348 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:07:59.0875 5348 mdmxsdk - ok
12:07:59.0921 5348 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:07:59.0937 5348 Messenger - ok
12:08:00.0000 5348 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
12:08:00.0031 5348 MHN - ok
12:08:00.0062 5348 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:08:00.0093 5348 MHNDRV - ok
12:08:00.0109 5348 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:08:00.0125 5348 mnmdd - ok
12:08:00.0156 5348 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:08:00.0203 5348 mnmsrvc - ok
12:08:00.0234 5348 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:08:00.0265 5348 Modem - ok
12:08:00.0453 5348 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
12:08:00.0546 5348 monfilt - ok
12:08:00.0703 5348 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys
12:08:00.0765 5348 motccgp - ok
12:08:00.0765 5348 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
12:08:00.0796 5348 motccgpfl - ok
12:08:00.0812 5348 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
12:08:00.0843 5348 motmodem - ok
12:08:00.0875 5348 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys
12:08:00.0906 5348 motport - ok
12:08:00.0968 5348 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:08:01.0015 5348 Mouclass - ok
12:08:01.0109 5348 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:08:01.0125 5348 mouhid - ok
12:08:01.0390 5348 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:08:01.0453 5348 MountMgr - ok
12:08:01.0484 5348 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:08:01.0500 5348 mraid35x - ok
12:08:01.0531 5348 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:08:01.0546 5348 MRxDAV - ok
12:08:01.0625 5348 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:08:01.0671 5348 MRxSmb - ok
12:08:01.0703 5348 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:08:01.0718 5348 MSDTC - ok
12:08:01.0750 5348 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
12:08:01.0765 5348 MSDV - ok
12:08:01.0781 5348 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:08:01.0781 5348 Msfs - ok
12:08:01.0781 5348 MSIServer - ok
12:08:01.0796 5348 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:08:01.0812 5348 MSKSSRV - ok
12:08:01.0812 5348 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:08:01.0828 5348 MSPCLOCK - ok
12:08:01.0843 5348 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:08:01.0859 5348 MSPQM - ok
12:08:01.0859 5348 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:08:01.0875 5348 mssmbios - ok
12:08:02.0968 5348 MSSQL$MICROSOFTSMLBIZ (1b959a0614d575d0ab3b09095f0a8b83) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
12:08:03.0328 5348 MSSQL$MICROSOFTSMLBIZ - ok
12:08:03.0437 5348 MSSQLServerADHelper (1d1b22613eab9287af902398867bc93c) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
12:08:03.0500 5348 MSSQLServerADHelper - ok
12:08:03.0687 5348 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:08:03.0703 5348 MSTEE - ok
12:08:03.0734 5348 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:08:03.0781 5348 Mup - ok
12:08:03.0812 5348 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:08:03.0859 5348 NABTSFEC - ok
12:08:03.0921 5348 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:08:03.0968 5348 napagent - ok
12:08:04.0015 5348 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:08:04.0078 5348 NDIS - ok
12:08:04.0078 5348 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:08:04.0109 5348 NdisIP - ok
12:08:04.0125 5348 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:08:04.0140 5348 NdisTapi - ok
12:08:04.0156 5348 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:08:04.0187 5348 Ndisuio - ok
12:08:04.0203 5348 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:08:04.0234 5348 NdisWan - ok
12:08:04.0421 5348 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:08:04.0453 5348 NDProxy - ok
12:08:04.0468 5348 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:08:04.0515 5348 NetBIOS - ok
12:08:04.0562 5348 NetBT (d1dc05712ed8f07040631762e5bfba81) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:08:04.0593 5348 NetBT ( Virus.Win32.ZAccess.k ) - infected
12:08:04.0593 5348 NetBT - detected Virus.Win32.ZAccess.k (0)
12:08:04.0640 5348 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:08:04.0718 5348 NetDDE - ok
12:08:04.0718 5348 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:08:04.0718 5348 NetDDEdsdm - ok
12:08:04.0750 5348 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:08:04.0781 5348 Netlogon - ok
12:08:04.0812 5348 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:08:04.0859 5348 Netman - ok
12:08:04.0953 5348 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:08:05.0000 5348 NetTcpPortSharing - ok
12:08:05.0203 5348 NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
12:08:05.0359 5348 NETw3x32 - ok
12:08:05.0531 5348 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:08:05.0546 5348 NIC1394 - ok
12:08:05.0671 5348 NICCONFIGSVC (20841c9f01ce3201748a0351380e1b56) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
12:08:05.0734 5348 NICCONFIGSVC - ok
12:08:05.0781 5348 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:08:05.0796 5348 Nla - ok
12:08:05.0812 5348 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:08:05.0812 5348 Npfs - ok
12:08:05.0875 5348 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:08:05.0906 5348 Ntfs - ok
12:08:05.0921 5348 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:08:05.0921 5348 NtLmSsp - ok
12:08:05.0984 5348 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:08:06.0046 5348 NtmsSvc - ok
12:08:06.0078 5348 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:08:06.0078 5348 Null - ok
12:08:06.0421 5348 nv (0ea4a4377361943a2f2d8e6951b01d9d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:08:06.0578 5348 nv - ok
12:08:06.0765 5348 NVSvc (cced1645d1581b0b18d22ff8ec664986) C:\WINDOWS\system32\nvsvc32.exe
12:08:06.0875 5348 NVSvc - ok
12:08:06.0953 5348 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:08:06.0968 5348 NwlnkFlt - ok
12:08:06.0968 5348 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:08:06.0984 5348 NwlnkFwd - ok
12:08:07.0062 5348 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:08:07.0078 5348 ohci1394 - ok
12:08:07.0140 5348 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:08:07.0156 5348 ose - ok
12:08:07.0203 5348 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
12:08:07.0234 5348 ossrv - ok
12:08:07.0265 5348 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:08:07.0281 5348 Parport - ok
12:08:07.0312 5348 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:08:07.0328 5348 PartMgr - ok
12:08:07.0328 5348 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:08:07.0343 5348 ParVdm - ok
12:08:07.0359 5348 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:08:07.0375 5348 PCI - ok
12:08:07.0390 5348 PCIDump - ok
12:08:07.0421 5348 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:08:07.0437 5348 PCIIde - ok
12:08:07.0453 5348 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:08:07.0484 5348 Pcmcia - ok
12:08:07.0484 5348 PDCOMP - ok
12:08:07.0484 5348 PDFRAME - ok
12:08:07.0500 5348 PDRELI - ok
12:08:07.0500 5348 PDRFRAME - ok
12:08:07.0515 5348 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
12:08:07.0531 5348 perc2 - ok
12:08:07.0546 5348 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:08:07.0562 5348 perc2hib - ok
12:08:07.0609 5348 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:08:07.0609 5348 PlugPlay - ok
12:08:07.0640 5348 Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\WINDOWS\system32\HPZipm12.dll
12:08:07.0656 5348 Pml Driver HPZ12 - ok
12:08:07.0687 5348 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:08:07.0687 5348 PolicyAgent - ok
12:08:07.0718 5348 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:08:07.0734 5348 PptpMiniport - ok
12:08:07.0734 5348 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:08:07.0750 5348 ProtectedStorage - ok
12:08:07.0765 5348 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:08:07.0781 5348 PSched - ok
12:08:07.0812 5348 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:08:07.0828 5348 Ptilink - ok
12:08:07.0828 5348 PxHelp20 - ok
12:08:07.0890 5348 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:08:07.0906 5348 ql1080 - ok
12:08:07.0906 5348 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:08:07.0937 5348 Ql10wnt - ok
12:08:07.0937 5348 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:08:07.0953 5348 ql12160 - ok
12:08:07.0968 5348 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:08:07.0984 5348 ql1240 - ok
12:08:08.0000 5348 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:08:08.0031 5348 ql1280 - ok
12:08:08.0031 5348 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:08:08.0062 5348 RasAcd - ok
12:08:08.0125 5348 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:08:08.0140 5348 RasAuto - ok
12:08:08.0171 5348 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:08:08.0203 5348 Rasl2tp - ok
12:08:08.0265 5348 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:08:08.0312 5348 RasMan - ok
12:08:08.0343 5348 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:08:08.0375 5348 RasPppoe - ok
12:08:08.0390 5348 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:08:08.0421 5348 Raspti - ok
12:08:08.0437 5348 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:08:08.0484 5348 Rdbss - ok
12:08:08.0531 5348 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:08:08.0546 5348 RDPCDD - ok
12:08:08.0578 5348 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:08:08.0625 5348 rdpdr - ok
12:08:08.0687 5348 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
12:08:08.0718 5348 RDPWD - ok
12:08:08.0765 5348 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:08:08.0843 5348 RDSessMgr - ok
12:08:08.0859 5348 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:08:08.0906 5348 redbook - ok
12:08:09.0031 5348 RegSrvc (d8894acefe1a607de7d0e628285bfff4) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
12:08:09.0140 5348 RegSrvc - ok
12:08:09.0187 5348 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:08:09.0203 5348 RemoteAccess - ok
12:08:09.0234 5348 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
12:08:09.0265 5348 RemoteRegistry - ok
12:08:09.0312 5348 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
12:08:09.0328 5348 Revoflt - ok
12:08:09.0359 5348 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
12:08:09.0390 5348 rimmptsk - ok
12:08:09.0437 5348 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
12:08:09.0468 5348 rimsptsk - ok
12:08:09.0500 5348 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
12:08:09.0562 5348 rismxdp - ok
12:08:09.0750 5348 RoxMediaDB (bf35e294bb15bfd07b62734f7866cde8) C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
12:08:09.0859 5348 RoxMediaDB - ok
12:08:09.0906 5348 RoxWatch (da03dfefe31a110ebd6c1f4762d35e7b) C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
12:08:09.0984 5348 RoxWatch - ok
12:08:10.0109 5348 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:08:10.0156 5348 RpcLocator - ok
12:08:10.0218 5348 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
12:08:10.0218 5348 RpcSs - ok
12:08:10.0281 5348 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:08:10.0343 5348 RSVP - ok
12:08:10.0531 5348 S24EventMonitor (c17c3a529ce14012f9731a6e264c1911) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
12:08:10.0546 5348 S24EventMonitor - ok
12:08:10.0609 5348 s24trans (daef68fc328342d219de928c8ee610b2) C:\WINDOWS\system32\DRIVERS\s24trans.sys
12:08:10.0640 5348 s24trans - ok
12:08:10.0671 5348 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:08:10.0671 5348 SamSs - ok
12:08:10.0703 5348 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
12:08:10.0734 5348 sbp2port - ok
12:08:10.0781 5348 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:08:10.0781 5348 SCardSvr - ok
12:08:10.0828 5348 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:08:10.0859 5348 Schedule - ok
12:08:10.0953 5348 ScsiAccess (958e956e119eb7b9aba142afed1b5ff4) C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
12:08:10.0984 5348 ScsiAccess - ok
12:08:11.0000 5348 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:08:11.0031 5348 sdbus - ok
12:08:11.0062 5348 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:08:11.0062 5348 Secdrv - ok
12:08:11.0078 5348 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:08:11.0093 5348 seclogon - ok
12:08:11.0140 5348 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:08:11.0140 5348 SENS - ok
12:08:11.0156 5348 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:08:11.0171 5348 serenum - ok
12:08:11.0187 5348 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:08:11.0203 5348 Serial - ok
12:08:11.0359 5348 SfCtlCom (58c52cf9dd452817b9f4ba0781014836) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
12:08:11.0390 5348 SfCtlCom - ok
12:08:11.0406 5348 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
12:08:11.0421 5348 sffdisk - ok
12:08:11.0468 5348 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
12:08:11.0468 5348 sffp_sd - ok
12:08:11.0500 5348 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:08:11.0515 5348 Sfloppy - ok
12:08:11.0578 5348 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:08:11.0593 5348 SharedAccess - ok
12:08:11.0640 5348 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:08:11.0640 5348 ShellHWDetection - ok
12:08:11.0640 5348 Simbad - ok
12:08:11.0656 5348 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:08:11.0671 5348 sisagp - ok
12:08:11.0687 5348 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:08:11.0687 5348 SLIP - ok
12:08:11.0718 5348 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:08:11.0734 5348 SONYPVU1 - ok
12:08:11.0765 5348 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:08:11.0781 5348 Sparrow - ok
12:08:11.0796 5348 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:08:11.0812 5348 splitter - ok
12:08:11.0843 5348 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:08:11.0843 5348 Spooler - ok
12:08:11.0968 5348 SQLAgent$MICROSOFTSMLBIZ (352e375ab298c23b0f9bc307652c7f50) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE
12:08:12.0046 5348 SQLAgent$MICROSOFTSMLBIZ - ok
12:08:12.0093 5348 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:08:12.0125 5348 sr - ok
12:08:12.0171 5348 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:08:12.0203 5348 srservice - ok
12:08:12.0281 5348 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:08:12.0375 5348 Srv - ok
12:08:12.0390 5348 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:08:12.0421 5348 SSDPSRV - ok
12:08:12.0421 5348 STHDA - ok
12:08:12.0453 5348 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:08:12.0484 5348 stisvc - ok
12:08:12.0578 5348 stllssvr (81bb4eb59df3f1c36a34c30a434aa345) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
12:08:12.0609 5348 stllssvr - ok
12:08:12.0640 5348 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:08:12.0656 5348 streamip - ok
12:08:12.0687 5348 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:08:12.0687 5348 swenum - ok
12:08:12.0703 5348 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:08:12.0718 5348 swmidi - ok
12:08:12.0734 5348 SwPrv - ok
12:08:12.0750 5348 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
12:08:12.0765 5348 symc810 - ok
12:08:12.0765 5348 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:08:12.0796 5348 symc8xx - ok
12:08:12.0796 5348 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:08:12.0812 5348 sym_hi - ok
12:08:12.0828 5348 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:08:12.0859 5348 sym_u3 - ok
12:08:12.0890 5348 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:08:12.0921 5348 SynTP - ok
12:08:12.0921 5348 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:08:12.0937 5348 sysaudio - ok
12:08:12.0968 5348 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:08:13.0015 5348 SysmonLog - ok
12:08:13.0062 5348 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:08:13.0093 5348 TapiSrv - ok
12:08:13.0203 5348 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:08:13.0234 5348 Tcpip - ok
12:08:13.0265 5348 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:08:13.0281 5348 TDPIPE - ok
12:08:13.0281 5348 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:08:13.0296 5348 TDTCP - ok
12:08:13.0312 5348 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:08:13.0328 5348 TermDD - ok
12:08:13.0375 5348 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:08:13.0421 5348 TermService - ok
12:08:13.0453 5348 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:08:13.0453 5348 Themes - ok
12:08:13.0500 5348 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
12:08:13.0531 5348 TlntSvr - ok
12:08:13.0562 5348 tmactmon (ca9e9c2c04a198ed345c1752222a5f3e) C:\WINDOWS\system32\drivers\tmactmon.sys
12:08:13.0562 5348 tmactmon - ok
12:08:13.0687 5348 TMBMServer (b365e817e398ff2ac5706eab232ef6c1) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
12:08:13.0703 5348 TMBMServer - ok
12:08:13.0750 5348 tmcfw (fcfa40e475ff5549f5cd335f4046aba4) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
12:08:13.0796 5348 tmcfw - ok
12:08:13.0843 5348 tmcomm (a3d20789b3ff0576a29462bef25bcfcc) C:\WINDOWS\system32\drivers\tmcomm.sys
12:08:13.0843 5348 tmcomm - ok
12:08:13.0859 5348 tmevtmgr (21f215e54770c4bf93efaf63f58fe57e) C:\WINDOWS\system32\drivers\tmevtmgr.sys
12:08:13.0859 5348 tmevtmgr - ok
12:08:13.0953 5348 TmPfw (255328cf08d602368b69ff1f55ebd93e) C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
12:08:13.0968 5348 TmPfw - ok
12:08:14.0000 5348 tmpreflt (379c4f99994a56b66e11d1e32bb22a1c) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
12:08:14.0015 5348 tmpreflt - ok
12:08:14.0093 5348 TmProxy (0fec6c50b2be07c57651573cdd1c721f) C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
12:08:14.0093 5348 TmProxy - ok
12:08:14.0109 5348 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
12:08:14.0109 5348 tmtdi - ok
12:08:14.0156 5348 tmxpflt (717e406972bbc07f8fb2a989416cab73) C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
12:08:14.0203 5348 tmxpflt - ok
12:08:14.0234 5348 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
12:08:14.0234 5348 TosIde - ok
12:08:14.0281 5348 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:08:14.0296 5348 TrkWks - ok
12:08:14.0343 5348 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:08:14.0375 5348 Udfs - ok
12:08:14.0390 5348 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
12:08:14.0421 5348 ultra - ok
12:08:14.0468 5348 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:08:14.0500 5348 Update - ok
12:08:14.0515 5348 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:08:14.0546 5348 upnphost - ok
12:08:14.0562 5348 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:08:14.0578 5348 UPS - ok
12:08:14.0609 5348 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:08:14.0625 5348 USBAAPL - ok
12:08:14.0656 5348 usbbus (5aadc9297c39aa249cd994acdba19034) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
12:08:14.0671 5348 usbbus - ok
12:08:14.0671 5348 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:08:14.0687 5348 usbccgp - ok
12:08:14.0734 5348 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
12:08:14.0750 5348 USBCCID - ok
12:08:14.0750 5348 UsbDiag (4650ffe04e5922399b0e932319e6b215) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
12:08:14.0765 5348 UsbDiag - ok
12:08:14.0796 5348 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:08:14.0812 5348 usbehci - ok
12:08:14.0828 5348 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:08:14.0843 5348 usbhub - ok
12:08:14.0859 5348 USBModem (2666fe171e0c2e7085ccd5fe0bac09e3) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
12:08:14.0875 5348 USBModem - ok
12:08:14.0890 5348 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:08:14.0906 5348 usbprint - ok
12:08:14.0906 5348 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:08:14.0921 5348 usbscan - ok
12:08:14.0937 5348 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:08:14.0953 5348 USBSTOR - ok
12:08:14.0953 5348 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:08:14.0968 5348 usbuhci - ok
12:08:14.0984 5348 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:08:15.0000 5348 VgaSave - ok
12:08:15.0031 5348 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:08:15.0046 5348 viaagp - ok
12:08:15.0046 5348 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:08:15.0062 5348 ViaIde - ok
12:08:15.0078 5348 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:08:15.0093 5348 VolSnap - ok
12:08:15.0296 5348 vsapint (642eb152cb980ad9181b2161066be629) C:\WINDOWS\system32\DRIVERS\vsapint.sys
12:08:15.0328 5348 vsapint - ok
12:08:15.0500 5348 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:08:15.0531 5348 VSS - ok
12:08:15.0578 5348 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:08:15.0593 5348 w32time - ok
12:08:15.0718 5348 w39n51 (95c7421f8bafc85ba09d33364058937d) C:\WINDOWS\system32\DRIVERS\w39n51.sys
12:08:15.0843 5348 w39n51 - ok
12:08:15.0875 5348 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:08:15.0906 5348 Wanarp - ok
12:08:15.0937 5348 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
12:08:15.0953 5348 WDC_SAM - ok
12:08:16.0531 5348 WDDMService (7d1e301e2eeaf6d3730887de933413e6) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
12:08:16.0625 5348 WDDMService - ok
12:08:16.0890 5348 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:08:16.0937 5348 Wdf01000 - ok
12:08:16.0953 5348 WDICA - ok
12:08:16.0968 5348 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:08:16.0984 5348 wdmaud - ok
12:08:17.0015 5348 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
12:08:17.0031 5348 WDSmartWareBackgroundService - ok
12:08:17.0078 5348 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:08:17.0093 5348 WebClient - ok
12:08:17.0234 5348 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
12:08:17.0312 5348 winachsf - ok
12:08:17.0390 5348 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:08:17.0406 5348 winmgmt - ok
12:08:17.0515 5348 WLANKEEPER (22516ed8e0d89323d4e0d9ccc2848819) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
12:08:17.0625 5348 WLANKEEPER - ok
12:08:17.0656 5348 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:08:17.0687 5348 WmdmPmSN - ok
12:08:17.0781 5348 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
12:08:17.0796 5348 Wmi - ok
12:08:17.0875 5348 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:08:17.0906 5348 WmiAcpi - ok
12:08:17.0953 5348 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:08:18.0015 5348 WmiApSrv - ok
12:08:18.0156 5348 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:08:18.0343 5348 WMPNetworkSvc - ok
12:08:18.0375 5348 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
12:08:18.0390 5348 WpdUsb - ok
12:08:18.0390 5348 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:08:18.0390 5348 WS2IFSL - ok
12:08:18.0437 5348 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
12:08:18.0453 5348 wscsvc - ok
12:08:18.0468 5348 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:08:18.0484 5348 WSTCODEC - ok
12:08:18.0500 5348 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:08:18.0515 5348 wuauserv - ok
12:08:18.0546 5348 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:08:18.0578 5348 WudfPf - ok
12:08:18.0593 5348 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:08:18.0609 5348 WudfRd - ok
12:08:18.0625 5348 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:08:18.0640 5348 WudfSvc - ok
12:08:18.0703 5348 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:08:18.0734 5348 WZCSVC - ok
12:08:18.0765 5348 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:08:18.0796 5348 xmlprov - ok
12:08:18.0921 5348 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (5867ce254625645345c833510d24f124) C:\Program Files\CyberLink\PowerDVD DX\000.fcl
12:08:19.0000 5348 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
12:08:19.0000 5348 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok
12:08:19.0046 5348 MBR (0x1B8) (dbfb101d7442c448a7964bbb128e1250) \Device\Harddisk0\DR0
12:08:19.0062 5348 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
12:08:19.0062 5348 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
12:08:19.0093 5348 Boot (0x1200) (151effafb79b945577f393643154ce2c) \Device\Harddisk0\DR0\Partition0
12:08:19.0093 5348 \Device\Harddisk0\DR0\Partition0 - ok
12:08:19.0093 5348 ============================================================
12:08:19.0093 5348 Scan finished
12:08:19.0093 5348 ============================================================
12:08:19.0093 3792 Detected object count: 3
12:08:19.0093 3792 Actual detected object count: 3
12:08:28.0484 3792 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
12:08:28.0593 3792 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\acpi.sys) error 1813
12:08:32.0406 3792 Backup copy found, using it..
12:08:32.0765 3792 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
12:08:32.0765 3792 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
12:08:32.0828 3792 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
12:08:35.0093 3792 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
12:08:38.0671 3792 Backup copy found, using it..
12:08:38.0734 3792 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
12:08:40.0250 3792 NetBT ( Virus.Win32.ZAccess.k ) - User select action: Cure
12:08:41.0156 3792 \Device\Harddisk0\DR0\# - copied to quarantine
12:08:41.0171 3792 \Device\Harddisk0\DR0 - copied to quarantine
12:08:41.0312 3792 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
12:08:41.0328 3792 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
12:08:41.0343 3792 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
12:08:41.0359 3792 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
12:08:41.0421 3792 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
12:08:41.0468 3792 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
12:08:41.0500 3792 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
12:08:41.0515 3792 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
12:08:41.0531 3792 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
12:08:41.0531 3792 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
12:08:41.0546 3792 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
12:08:41.0562 3792 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
12:08:41.0859 3792 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
12:08:41.0875 3792 \Device\Harddisk0\DR0 - ok
12:08:41.0875 3792 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
12:09:15.0578 5064 Deinitialize success

#8 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 18 July 2012 - 12:11 PM

Here is the aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-18 12:18:06
-----------------------------
12:18:06.828 OS Version: Windows 5.1.2600 Service Pack 3
12:18:06.828 Number of processors: 2 586 0xF06
12:18:06.843 ComputerName: DEJENXPS UserName:
12:18:28.484 Initialize success
12:21:17.562 AVAST engine defs: 12071800
12:21:22.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:21:22.218 Disk 0 Vendor: Hitachi_HTS721010G9SA00 MCZOC10H Size: 95396MB BusType: 3
12:21:22.546 Disk 0 MBR read successfully
12:21:22.546 Disk 0 MBR scan
12:21:22.656 Disk 0 unknown MBR code
12:21:22.656 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
12:21:22.796 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 88537 MB offset 96390
12:21:22.796 Disk 0 Partition - 00 0F Extended LBA 2047 MB offset 181438110
12:21:22.859 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 185631075
12:21:23.031 Disk 0 Partition 4 00 DD MSDOS5.0 2047 MB offset 181438173
12:21:23.500 Disk 0 scanning sectors +195366465
12:21:23.703 Disk 0 scanning C:\WINDOWS\system32\drivers
12:22:34.437 Service scanning
12:25:25.546 Modules scanning
12:26:22.562 Disk 0 trace - called modules:
12:26:22.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys tsk14.tmp hal.dll atapi.sys pciide.sys
12:26:22.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aafaab8]
12:26:22.750 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000080[0x8ab5a4e8]
12:26:22.750 5 tsk14.tmp[b9f68620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aaccd98]
12:26:46.218 AVAST engine scan C:\WINDOWS
12:27:46.406 AVAST engine scan C:\WINDOWS\system32
12:35:50.906 AVAST engine scan C:\WINDOWS\system32\drivers
12:36:20.375 AVAST engine scan C:\Documents and Settings\Deanna Johnson
13:04:36.812 AVAST engine scan C:\Documents and Settings\All Users
13:06:50.421 Scan finished successfully
13:10:26.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Deanna Johnson\Desktop\MBR.dat"
13:10:26.109 The log file has been saved successfully to "C:\Documents and Settings\Deanna Johnson\Desktop\aswMBR.txt"

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 AM

Posted 18 July 2012 - 01:07 PM

Can you please run ComboFix again and post the log.

Let me know what problem persists.

#10 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 18 July 2012 - 05:20 PM

Here it is...

ComboFix 12-07-18.04 - Deanna Johnson 07/18/2012 17:51:19.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1505 [GMT -4:00]
Running from: C:\ComboFix.exe
AV: Trend Micro Internet Security Pro *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *Enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\service
c:\windows\system32\service\17072012_TIS17_SfFniAU.log
.
.
((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
.
.
2012-07-18 16:11 . 2012-06-02 19:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-18 16:08 . 2012-07-18 16:08 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-17 15:11 . 2012-07-17 15:11 -------- d-----w- c:\documents and settings\Deanna Johnson\Local Settings\Application Data\VS Revo Group
2012-07-17 15:10 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-07-17 15:10 . 2012-07-17 15:10 -------- d-----w- c:\program files\VS Revo Group
2012-07-16 01:36 . 2004-08-10 11:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2012-07-16 01:35 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-07-16 01:35 . 2004-08-10 11:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2012-07-16 01:35 . 2004-08-10 11:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2012-07-16 01:35 . 2004-08-10 11:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2012-07-16 01:35 . 2004-08-10 11:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2012-07-16 01:35 . 2004-08-10 11:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2012-07-16 01:35 . 2004-08-10 11:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2012-07-12 19:29 . 2012-06-02 19:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-07-12 15:31 . 2012-07-12 15:31 22032 ----a-w- c:\windows\DCEBoot.exe
2012-07-12 15:28 . 2012-07-12 15:29 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 16:10 . 2005-08-16 10:18 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-07-18 16:10 . 2004-08-04 05:07 187776 -c--a-w- c:\windows\system32\drivers\acpi.sys
2012-07-18 16:09 . 2012-04-25 21:36 102400 ----a-w- c:\windows\RegBootClean.exe
2012-07-03 17:46 . 2009-12-16 03:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-04 21:35 . 2005-08-16 10:40 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 21:35 . 2005-05-26 08:19 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:19 . 2007-06-18 17:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-06-18 17:44 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2005-08-16 10:40 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2005-08-16 10:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2005-08-16 10:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2005-08-16 10:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-08-16 10:18 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2007-06-18 17:44 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2005-08-16 10:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2005-08-16 10:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2007-06-19 14:06 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2007-04-12 17:06 275696 ----a-w- c:\windows\system32\mucltui.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-17_14.11.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-18 21:10 . 2012-07-18 21:10 16384 c:\windows\Temp\Perflib_Perfdata_d78.dat
+ 2012-07-18 21:10 . 2012-07-18 21:10 16384 c:\windows\Temp\Perflib_Perfdata_414.dat
+ 2012-07-18 21:10 . 2012-07-18 21:10 16384 c:\windows\Temp\Perflib_Perfdata_2e4.dat
- 2005-08-16 10:18 . 2012-07-17 14:11 81178 c:\windows\system32\perfc009.dat
+ 2005-08-16 10:18 . 2012-07-18 16:52 81178 c:\windows\system32\perfc009.dat
- 2012-07-12 19:52 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\f361b4bac7097c011eed3107adbf0411\update\spcustom.dll
- 2012-07-12 19:52 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\f361b4bac7097c011eed3107adbf0411\spmsg.dll
- 2012-07-12 19:44 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\e7e3f2641db6f1463fbb38295b32ff54\update\spcustom.dll
- 2012-07-12 19:44 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\e7e3f2641db6f1463fbb38295b32ff54\spmsg.dll
- 2012-07-12 19:45 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\spcustom.dll
- 2012-07-12 19:45 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\spmsg.dll
- 2012-07-12 19:44 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\aed4d56139363b579c1082a39bd5dcdd\update\spcustom.dll
- 2012-07-12 19:44 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\aed4d56139363b579c1082a39bd5dcdd\spmsg.dll
- 2012-07-12 19:50 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\a125f3c2923de81c1d8e6a190c228a16\update\spcustom.dll
- 2012-07-12 19:50 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\a125f3c2923de81c1d8e6a190c228a16\spmsg.dll
- 2012-07-12 19:46 . 2012-04-11 13:53 30208 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\w32ksign.dll
- 2012-07-12 19:46 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\spcustom.dll
- 2012-07-12 19:46 . 2012-04-11 13:53 16896 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\mpsyschk.dll
- 2012-07-12 19:46 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\spmsg.dll
- 2012-07-12 19:53 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\5166918af850719d0de1e5e59bad86c4\update\spcustom.dll
- 2012-07-12 19:53 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\5166918af850719d0de1e5e59bad86c4\spmsg.dll
- 2012-07-12 19:39 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\update\spcustom.dll
- 2012-07-12 19:39 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\spmsg.dll
- 2012-07-12 19:52 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\2b1811e24bead4a9f2af4d8ed16bdab7\update\spcustom.dll
- 2012-07-12 19:52 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\2b1811e24bead4a9f2af4d8ed16bdab7\spmsg.dll
- 2012-07-12 19:45 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\update\spcustom.dll
- 2012-07-12 19:45 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\spmsg.dll
- 2012-07-12 19:43 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\1dfa26aa7c55425acf0fd8a07e6aaee7\update\spcustom.dll
- 2012-07-12 19:43 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\1dfa26aa7c55425acf0fd8a07e6aaee7\spmsg.dll
- 2012-07-12 19:43 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\update\spcustom.dll
- 2012-07-12 19:43 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\spmsg.dll
- 2012-07-12 19:45 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\spcustom.dll
- 2012-07-12 19:45 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\spmsg.dll
- 2012-07-12 19:44 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\update\spcustom.dll
- 2012-07-12 19:44 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\spmsg.dll
- 2012-07-12 19:51 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\update\spcustom.dll
- 2012-07-12 19:51 . 2012-05-05 03:16 16896 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\update\mpsyschk.dll
- 2012-07-12 19:51 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\spmsg.dll
+ 2011-12-25 07:49 . 2011-12-25 07:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2007-01-03 06:42 . 2012-07-12 19:56 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-01-03 06:42 . 2012-07-18 16:31 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-01-03 06:42 . 2012-07-18 16:31 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-01-03 06:42 . 2012-07-12 19:56 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-01-03 06:42 . 2012-07-12 19:56 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-01-03 06:42 . 2012-07-18 16:31 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-01-03 06:42 . 2012-07-18 16:31 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-01-03 06:42 . 2012-07-12 19:56 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-01-03 06:42 . 2012-07-18 16:31 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-01-03 06:42 . 2012-07-12 19:56 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2011-06-21 21:58 . 2011-06-21 21:58 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-07-18 16:54 . 2012-07-18 16:54 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-06-07 21:25 . 2011-06-21 21:58 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-07 21:25 . 2012-07-18 16:23 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2009-02-26 22:43 . 2009-02-26 22:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-26 21:45 . 2009-02-26 21:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2009-02-26 17:06 . 2009-02-26 17:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 17:06 . 2009-02-26 17:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2012-07-18 16:25 . 2012-07-18 16:25 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_41d2d621\System.Drawing.Design.dll
+ 2012-07-18 16:56 . 2012-07-18 16:56 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll
+ 2012-07-18 17:03 . 2012-07-18 17:03 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\316e223f2ab8c69cd6a5a06de21650ec\System.Windows.Presentation.ni.dll
+ 2012-07-18 17:03 . 2012-07-18 17:03 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3b34fc2c8c94ffe21f75168980b69dfe\System.Web.DynamicData.Design.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\34c988dea48c291b4e648941207e83fb\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\7bb7e51275fa19f8b4894c772bdb1e10\System.AddIn.Contract.ni.dll
+ 2012-07-18 16:50 . 2012-07-18 16:50 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\f0c4a4528f130ef2ff1ae63dd7b39075\PresentationFontCache.ni.exe
+ 2012-07-18 16:49 . 2012-07-18 16:49 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\53931181e5a5e194da82605613cda6af\PresentationCFFRasterizer.ni.dll
+ 2012-07-18 17:02 . 2012-07-18 17:02 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2be3ad4cda6853d7959a84cec0414c5\Microsoft.Vsa.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8fab9cd28bbc860a34feec119512664d\Microsoft.Build.Framework.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\0eac132c7c36f1c100ae23c956b379e7\Microsoft.Build.Framework.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\d66bc03eb7eae89b4dde2d09eda1414f\dfsvc.ni.exe
+ 2012-07-18 17:01 . 2012-07-18 17:01 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2007-01-03 06:42 . 2012-07-12 19:56 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-01-03 06:42 . 2012-07-18 16:31 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2012-07-18 16:51 . 2012-07-18 16:51 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-06-21 22:03 . 2011-06-21 22:03 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-04-06 03:13 . 2012-04-06 03:13 299080 c:\windows\system32\XPSViewer\XPSViewer.exe
- 2005-08-16 10:18 . 2012-07-17 14:11 464216 c:\windows\system32\perfh009.dat
+ 2005-08-16 10:18 . 2012-07-18 16:52 464216 c:\windows\system32\perfh009.dat
- 2007-01-03 06:13 . 2012-07-16 02:28 140328 c:\windows\system32\nvModes.dat
+ 2007-01-03 06:13 . 2012-07-17 23:18 140328 c:\windows\system32\nvModes.dat
- 2012-07-12 19:52 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\f361b4bac7097c011eed3107adbf0411\update\updspapi.dll
- 2012-07-12 19:52 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\f361b4bac7097c011eed3107adbf0411\update\update.exe
- 2012-07-12 19:52 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\f361b4bac7097c011eed3107adbf0411\spuninst.exe
- 2012-07-12 19:44 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\e7e3f2641db6f1463fbb38295b32ff54\update\updspapi.dll
- 2012-07-12 19:44 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\e7e3f2641db6f1463fbb38295b32ff54\update\update.exe
- 2012-07-12 19:44 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\e7e3f2641db6f1463fbb38295b32ff54\spuninst.exe
- 2012-07-12 19:45 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\updspapi.dll
- 2012-07-12 19:45 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\update.exe
- 2012-07-12 19:45 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\spuninst.exe
- 2012-07-12 19:44 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\aed4d56139363b579c1082a39bd5dcdd\update\updspapi.dll
- 2012-07-12 19:44 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\aed4d56139363b579c1082a39bd5dcdd\update\update.exe
- 2012-07-12 19:44 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\aed4d56139363b579c1082a39bd5dcdd\spuninst.exe
- 2012-07-12 19:50 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\a125f3c2923de81c1d8e6a190c228a16\update\updspapi.dll
- 2012-07-12 19:50 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\a125f3c2923de81c1d8e6a190c228a16\update\update.exe
- 2012-07-12 19:50 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\a125f3c2923de81c1d8e6a190c228a16\spuninst.exe
- 2012-07-12 19:46 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\updspapi.dll
- 2012-07-12 19:46 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\update.exe
- 2012-07-12 19:46 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\spuninst.exe
- 2012-07-12 19:53 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\5166918af850719d0de1e5e59bad86c4\update\updspapi.dll
- 2012-07-12 19:53 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\5166918af850719d0de1e5e59bad86c4\update\update.exe
- 2012-07-12 19:53 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\5166918af850719d0de1e5e59bad86c4\spuninst.exe
- 2012-07-12 19:39 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\update\updspapi.dll
- 2012-07-12 19:39 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\update\update.exe
- 2012-07-12 19:39 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\spuninst.exe
- 2012-07-12 19:52 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\2b1811e24bead4a9f2af4d8ed16bdab7\update\updspapi.dll
- 2012-07-12 19:52 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\2b1811e24bead4a9f2af4d8ed16bdab7\update\update.exe
- 2012-07-12 19:52 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\2b1811e24bead4a9f2af4d8ed16bdab7\spuninst.exe
- 2012-07-12 19:45 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\update\updspapi.dll
- 2012-07-12 19:45 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\update\update.exe
- 2012-07-12 19:45 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\spuninst.exe
- 2012-07-12 19:43 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\1dfa26aa7c55425acf0fd8a07e6aaee7\update\updspapi.dll
- 2012-07-12 19:43 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\1dfa26aa7c55425acf0fd8a07e6aaee7\update\update.exe
- 2012-07-12 19:43 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\1dfa26aa7c55425acf0fd8a07e6aaee7\spuninst.exe
- 2012-07-12 19:43 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\update\updspapi.dll
- 2012-07-12 19:43 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\update\update.exe
- 2012-07-12 19:43 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\spuninst.exe
- 2012-07-12 19:45 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\updspapi.dll
- 2012-07-12 19:45 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\update.exe
- 2012-07-12 19:45 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\spuninst.exe
- 2012-07-12 19:44 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\update\updspapi.dll
- 2012-07-12 19:44 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\update\update.exe
- 2012-07-12 19:44 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\spuninst.exe
- 2012-07-12 19:51 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\update\updspapi.dll
- 2012-07-12 19:51 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\update\update.exe
- 2012-07-12 19:51 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\spuninst.exe
+ 2012-04-06 03:52 . 2012-04-06 03:52 131168 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2011-12-25 07:49 . 2011-12-25 07:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2012-04-21 11:15 . 2012-04-21 11:15 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 389888 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 364816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 989968 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2012-04-25 21:45 . 2012-04-25 21:45 471040 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2011-12-22 20:50 . 2011-12-22 20:50 256000 c:\windows\Installer\46bd2.msp
+ 2012-04-22 01:55 . 2012-04-22 01:55 980480 c:\windows\Installer\46bcb.msp
+ 2011-12-25 09:40 . 2011-12-25 09:40 819200 c:\windows\Installer\46bae.msp
+ 2007-01-03 06:42 . 2012-07-18 16:31 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-01-03 06:42 . 2012-07-12 19:56 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-01-03 06:42 . 2012-07-12 19:56 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-01-03 06:42 . 2012-07-18 16:31 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-01-03 06:42 . 2012-07-18 16:31 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-01-03 06:42 . 2012-07-12 19:56 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-01-03 06:42 . 2012-07-18 16:31 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-01-03 06:42 . 2012-07-12 19:56 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-01-03 06:42 . 2012-07-18 16:31 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-01-03 06:42 . 2012-07-12 19:56 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-01-14 11:10 . 2011-01-14 11:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 11:10 . 2011-01-14 11:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2005-08-17 03:02 . 2005-08-17 03:02 466944 c:\windows\assembly\temp\8GOW4QZT19\System.Drawing.dll
+ 2011-06-21 22:03 . 2011-06-21 22:03 303104 c:\windows\assembly\temp\4DLT19HP1D\System.Runtime.Remoting.dll
+ 2012-07-18 16:26 . 2012-07-18 16:26 843776 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_68c0a8bb\System.Drawing.dll
+ 2012-07-18 16:26 . 2012-07-18 16:26 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_07ecdd89\System.Drawing.Design.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\ac4fc3032c19946f9b2729468888206d\WsatConfig.ni.exe
+ 2012-07-18 16:56 . 2012-07-18 16:56 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\86e11a59f02b2dda27ec2e7cba351744\WindowsFormsIntegration.ni.dll
+ 2012-07-18 16:56 . 2012-07-18 16:56 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\be27ab5913cec2b292a019c2a13ec701\UIAutomationTypes.ni.dll
+ 2012-07-18 16:56 . 2012-07-18 16:56 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\04e5e2be34a70ee7f4c87550238095a0\UIAutomationClient.ni.dll
+ 2012-07-18 17:03 . 2012-07-18 17:03 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\1c13b08593e99d6f5bef49ae7939c78b\System.Xml.Linq.ni.dll
+ 2012-07-18 17:03 . 2012-07-18 17:03 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\698c2093d7ac57af935b399d1c0b1790\System.Web.Routing.ni.dll
+ 2012-07-18 17:03 . 2012-07-18 17:03 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6c7765c10516d375e9ddedad2dbab848\System.Web.RegularExpressions.ni.dll
+ 2012-07-18 17:03 . 2012-07-18 17:03 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\75248baf640115daeb0e580f1c5ff98b\System.Web.Extensions.Design.ni.dll
+ 2012-07-18 17:03 . 2012-07-18 17:03 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\40c3b61ac38613e2b4b0f196e86185eb\System.Web.Entity.ni.dll
+ 2012-07-18 17:03 . 2012-07-18 17:03 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\39cc9a830f7f08fd9f397be452fd78b0\System.Web.Entity.Design.ni.dll
+ 2012-07-18 17:03 . 2012-07-18 17:03 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\88b1fd4792e7b698b788594d8e5e3c09\System.Web.DynamicData.ni.dll
+ 2012-07-18 17:03 . 2012-07-18 17:03 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6333d22a2ea347432d46c40d93194c68\System.Web.Abstractions.ni.dll
+ 2012-07-18 17:02 . 2012-07-18 17:02 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
+ 2012-07-18 17:02 . 2012-07-18 17:02 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
+ 2012-07-18 17:02 . 2012-07-18 17:02 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-07-18 17:02 . 2012-07-18 17:02 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\4a9eb43005a041959ddc5c7e586ab746\System.Net.ni.dll
+ 2012-07-18 17:02 . 2012-07-18 17:02 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
+ 2012-07-18 17:02 . 2012-07-18 17:02 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\3182a049ba953010dec649cf290a9e90\System.Management.Instrumentation.ni.dll
+ 2012-07-18 17:00 . 2012-07-18 17:00 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\8991f21d4b3676bf6f779110db8d4ac9\System.IO.Log.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cd9c60a35d4958e94d2e3dd2f778e2e9\System.IdentityModel.Selectors.ni.dll
+ 2012-07-18 17:02 . 2012-07-18 17:02 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.Wrapper.dll
+ 2012-07-18 17:02 . 2012-07-18 17:02 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
+ 2012-07-18 16:55 . 2012-07-18 16:55 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\96a3fc1f74a00b618b70bd1701600408\System.Drawing.Design.ni.dll
+ 2012-07-18 17:02 . 2012-07-18 17:02 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ca484772955bc4db03b5dcb611c09423\System.DirectoryServices.Protocols.ni.dll
+ 2012-07-18 17:02 . 2012-07-18 17:02 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ba5e68dddfd3279a8469d39eded48f3\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-07-18 17:02 . 2012-07-18 17:02 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a0109fce606a3110a5e7f9a4773f517e\System.Data.Services.Design.ni.dll
+ 2012-07-18 17:02 . 2012-07-18 17:02 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3a68d0441f509ffa6f8f0fb9cfcc5780\System.Data.Services.Client.ni.dll
+ 2012-07-18 17:02 . 2012-07-18 17:02 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04440b3dd5d822da4973a525ee04b05d\System.Data.Entity.Design.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\7bbb5d9e3b161b4d4b968e590442d3ae\System.Data.DataSetExtensions.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
+ 2012-07-18 17:02 . 2012-07-18 17:02 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\931a2bece4668863db4f852401c828cf\System.AddIn.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6762f1ee780fa9c0b4ef66b285c64844\SMSvcHost.ni.exe
+ 2012-07-18 17:01 . 2012-07-18 17:01 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\47ed5bc9f42ea0054ce9acfde5e640b8\ServiceModelReg.ni.exe
+ 2012-07-18 16:54 . 2012-07-18 16:54 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a4706b850df9a3483f2fc439b6abe616\PresentationFramework.Royale.ni.dll
+ 2012-07-18 16:54 . 2012-07-18 16:54 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
+ 2012-07-18 16:54 . 2012-07-18 16:54 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll
+ 2012-07-18 16:54 . 2012-07-18 16:54 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\186c27fbd7b38b5551889274f6fa2ccd\PresentationFramework.Aero.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5a121969a115d11b6256eb960c145686\MSBuild.ni.exe
+ 2012-07-18 17:01 . 2012-07-18 17:01 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\97c613d3899b320a6765793bdf490272\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\dec22fb7d6b8929a41380e5359741a07\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1009b31c86a1b798fffa9e0127cec29c\Microsoft.Build.Utilities.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\21d88631ef629715d3eecdd08e62e0b8\Microsoft.Build.Engine.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a0f38c6478cca8297fb160291346c1c9\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bb26dd100d656605c576881a1a823667\CustomMarshalers.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\9869c02d18825fdd32e64135a3e7246b\ComSvcConfig.ni.exe
+ 2012-07-18 17:01 . 2012-07-18 17:01 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c0045c1c7c29c7e7cc7bd60001b729a7\AspNetMMCExt.ni.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2008-10-21 01:58 . 2008-10-21 01:58 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-07-18 16:52 . 2012-07-18 16:52 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-07-18 16:32 . 2012-07-18 16:32 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-07-18 16:32 . 2012-07-18 16:32 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2008-10-21 01:56 . 2008-10-21 01:56 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-07-18 16:25 . 2012-07-18 16:25 471040 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-03-20 09:23 . 2012-03-20 09:23 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2011-03-25 10:15 . 2011-03-25 10:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-03-20 09:23 . 2012-03-20 09:23 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2008-07-25 15:17 . 2008-07-25 15:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 5913360 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-03-25 10:15 . 2011-03-25 10:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-04-26 06:32 . 2012-04-26 06:32 6385664 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656370\M2656370Uninstall.msp
+ 2011-11-01 17:34 . 2011-11-01 17:34 1552384 c:\windows\Installer\46be9.msp
+ 2012-04-05 02:38 . 2012-04-05 02:38 2831360 c:\windows\Installer\46be1.msp
+ 2011-07-21 16:34 . 2011-07-21 16:34 3456000 c:\windows\Installer\46bb9.msp
+ 2011-12-26 13:59 . 2011-12-26 13:59 4368896 c:\windows\Installer\46ba7.msp
+ 2012-04-05 02:38 . 2012-04-05 02:38 3620864 c:\windows\Installer\46b9d.msp
+ 2012-04-09 20:50 . 2012-04-09 20:50 6829568 c:\windows\Installer\46b65.msp
+ 2012-03-20 02:02 . 2012-03-20 02:02 6695936 c:\windows\Installer\46b52.msp
+ 2011-11-01 17:34 . 2011-11-01 17:34 2531840 c:\windows\Installer\46b3f.msp
+ 2012-04-27 19:09 . 2012-04-27 19:09 5521408 c:\windows\Installer\46b37.msp
+ 2012-04-29 01:43 . 2012-04-29 01:43 8459264 c:\windows\Installer\46b11.msp
+ 2012-04-17 16:11 . 2012-04-17 16:11 7681024 c:\windows\Installer\46b09.msp
+ 2012-06-29 18:33 . 2012-06-29 18:33 6063616 c:\windows\Installer\46af6.msp
+ 2012-04-25 23:32 . 2012-04-25 23:32 7069184 c:\windows\Installer\46ae4.msp
+ 2012-03-21 03:57 . 2012-03-21 03:57 6188544 c:\windows\Installer\46ad2.msp
+ 2011-01-14 11:10 . 2011-01-14 11:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 11:10 . 2011-01-14 11:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 11:10 . 2011-01-14 11:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
+ 2011-08-17 13:49 . 2011-08-17 13:49 4683624 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12CNV.DLL
+ 2011-07-27 08:44 . 2011-07-27 08:44 1791824 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PPCNV.DLL
+ 2011-07-07 06:58 . 2011-07-07 06:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OGL.DLL
+ 2012-07-18 16:26 . 2012-07-18 16:26 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_7bc90072\System.Windows.Forms.dll
+ 2012-07-18 16:26 . 2012-07-18 16:26 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_70cde74b\System.Windows.Forms.dll
+ 2012-07-18 16:26 . 2012-07-18 16:26 2252800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6dad2821\System.Drawing.dll
+ 2012-07-18 16:26 . 2012-07-18 16:26 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_b0a8f9f8\System.Design.dll
+ 2012-07-18 16:26 . 2012-07-18 16:26 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_27f87a51\System.Design.dll
+ 2012-07-18 16:49 . 2012-07-18 16:49 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
+ 2012-07-18 16:56 . 2012-07-18 16:56 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\41a81b97625c113b591ed082c95276e2\UIAutomationClientsideProviders.ni.dll
+ 2012-07-18 16:49 . 2012-07-18 16:49 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
+ 2012-07-18 16:56 . 2012-07-18 16:56 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
+ 2012-07-18 17:03 . 2012-07-18 17:03 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bd5bd406670d483b82bd51249eee59e3\System.WorkflowServices.ni.dll
+ 2012-07-18 17:03 . 2012-07-18 17:03 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\77361ebe9ad8ff77cc9a8d7f8363eb05\System.Workflow.Runtime.ni.dll
+ 2012-07-18 17:03 . 2012-07-18 17:03 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1c12dfa7826b331b243b7b45daf9904d\System.Workflow.ComponentModel.ni.dll
+ 2012-07-18 17:03 . 2012-07-18 17:03 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\514bf0e69e2c9fc8509cd23236057356\System.Workflow.Activities.ni.dll
+ 2012-07-18 17:03 . 2012-07-18 17:03 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll
+ 2012-07-18 17:03 . 2012-07-18 17:03 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\77f8cde07b131839f1841be702837e8e\System.Web.Mobile.ni.dll
+ 2012-07-18 17:03 . 2012-07-18 17:03 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\242b168aaca18197eca371ec269e23ac\System.Web.Extensions.ni.dll
+ 2012-07-18 16:55 . 2012-07-18 16:55 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5efb50c91f3c5e49be2079f625d933b7\System.Speech.ni.dll
+ 2012-07-18 17:02 . 2012-07-18 17:02 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\97d635f5c656ae43d94b55e67fc4ab50\System.ServiceModel.Web.ni.dll
+ 2012-07-18 17:00 . 2012-07-18 17:00 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
+ 2012-07-18 16:55 . 2012-07-18 16:55 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d380f1813e27c2a086e62f0218669d67\System.Printing.ni.dll
+ 2012-07-18 17:00 . 2012-07-18 17:00 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll
+ 2012-07-18 16:55 . 2012-07-18 16:55 1592320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
+ 2012-07-18 17:02 . 2012-07-18 17:02 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b55887436d2cfbe1fb32dd18d554185b\System.DirectoryServices.ni.dll
+ 2012-07-18 17:02 . 2012-07-18 17:02 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7a53d68ad544f8e9edfdbd5a90a48fd3\System.Deployment.ni.dll
+ 2012-07-18 16:54 . 2012-07-18 16:54 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\982b508698278c6ffb3d143bbe1e8bb8\System.Data.SqlXml.ni.dll
+ 2012-07-18 17:02 . 2012-07-18 17:02 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de7666b1cd0a1bc363726c9553dc39c\System.Data.Services.ni.dll
+ 2012-07-18 16:55 . 2012-07-18 16:55 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\44a5fc9e7c71b1fe1e2c79b03ecc3bc7\System.Data.Linq.ni.dll
+ 2012-07-18 17:02 . 2012-07-18 17:02 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\772c94f595cd87b7fa187d592ef46fcf\System.Data.Entity.ni.dll
+ 2012-07-18 16:54 . 2012-07-18 16:54 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
+ 2012-07-18 16:54 . 2012-07-18 16:54 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\443dd7f0b84c3de54b1a72be655e307c\ReachFramework.ni.dll
+ 2012-07-18 16:54 . 2012-07-18 16:54 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\48ddcafff1a5603fb3289e90330275c0\PresentationUI.ni.dll
+ 2012-07-18 16:49 . 2012-07-18 16:49 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\8c509044eea2ab22689ea43926b30108\PresentationBuildTasks.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\42145ebf75f77cabad442f0801a81c64\Microsoft.Transactions.Bridge.ni.dll
+ 2012-07-18 17:02 . 2012-07-18 17:02 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\cfe15312373b4668398404b5822bab7d\Microsoft.JScript.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\4e463dcf2a03c71913a61b44c32e2389\Microsoft.Build.Tasks.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\395b4a85c7941ac4dd9d1c6f5eb444c7\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5aa63a1cb41e3a5e1e8ed17072e60ec3\Microsoft.Build.Engine.ni.dll
+ 2012-07-18 16:32 . 2012-07-18 16:32 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2010-07-20 03:55 . 2010-07-20 03:55 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-07-18 16:51 . 2012-07-18 16:52 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-07-18 16:44 . 2012-07-18 16:44 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2010-10-09 02:25 . 2010-10-09 02:25 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-07-18 16:32 . 2012-07-18 16:32 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-07-18 16:32 . 2012-07-18 16:32 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-07-18 16:51 . 2012-07-18 16:51 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-06-21 22:03 . 2011-06-21 22:03 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2007-01-27 04:12 . 2012-07-03 07:13 57442464 c:\windows\system32\MRT.exe
+ 2012-04-06 06:12 . 2012-04-06 06:12 15709696 c:\windows\Installer\46bd9.msp
+ 2012-01-04 06:25 . 2012-01-04 06:25 17751552 c:\windows\Installer\46bc4.msp
+ 2012-04-06 07:13 . 2012-04-06 07:13 16527872 c:\windows\Installer\46b95.msp
+ 2011-09-15 22:37 . 2011-09-15 22:37 38176256 c:\windows\Installer\46b89.msp
+ 2012-03-28 22:10 . 2012-03-28 22:10 12098048 c:\windows\Installer\46b24.msp
+ 2012-07-18 16:21 . 2012-07-18 16:21 20343808 c:\windows\Installer\46add.msp
+ 2012-07-18 16:55 . 2012-07-18 16:55 12433920 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
+ 2012-07-18 17:03 . 2012-07-18 17:03 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
+ 2012-07-18 17:01 . 2012-07-18 17:01 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
+ 2012-07-18 16:55 . 2012-07-18 16:55 10682368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f73a8455f384e90f6925309336fece24\System.Design.ni.dll
+ 2012-07-18 16:54 . 2012-07-18 16:54 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
+ 2012-07-18 16:53 . 2012-07-18 16:53 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
+ 2012-07-18 16:49 . 2012-07-18 16:49 11492352 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-23 7692288]
"nwiz"="nwiz.exe" [2006-10-23 1622016]
"NVHotkey"="nvHotkey.dll" [2006-10-23 73728]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-09-08 1036288]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-09 761947]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"NvMediaCenter"="NvMCTray.dll" [2006-10-23 86016]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"WD Button Manager"="WDBtnMgr.exe" [2007-12-16 364544]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
.
c:\documents and settings\Deanna Johnson\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-3 24576]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-4 81920]
WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2007-3-17 98304]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-09-24 05:08 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};c:\program files\CyberLink\PowerDVD DX\000.fcl [7/11/2008 2:04 PM 41456]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [1/1/2010 5:36 PM 36624]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 12:28 PM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [1/1/2010 5:36 PM 339984]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [1/1/2010 6:29 PM 51792]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [1/1/2010 6:29 PM 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [1/1/2010 6:29 PM 689416]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/12/2012 11:28 AM 40776]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7/17/2012 11:10 AM 27064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [3/5/2010 10:50 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mpservice
zpaction
MKEMUSB
trlokom_rmhsvc
pdlnemsg
avidstartup
aksusb
psdistributionagent
mssql$sony_mediamgr
s117mdfl
bwcsrv
cavasm
L1e
CoolerXPDriver
MobilityService
z525mdm
aslm75
pktfilter
iirsp
AlKernel
ireike
M3AD
w810bus
kbfiltr
VMAUDIO
EL2000
ifxtcs
sfrem01
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netaddress.usa.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103
uInternet Settings,ProxyServer = ucs.bess.misd.net:8080
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-90740770.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-18 18:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aksusb]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AlKernel]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aslm75]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avidstartup]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bwcsrv]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cavasm]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EL2000]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ifxtcs]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iirsp]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ireike]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbfiltr]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\L1e]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M3AD]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MKEMUSB]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MobilityService]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mpservice]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssql$sony_mediamgr]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdlnemsg]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pktfilter]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\psdistributionagent]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s117mdfl]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfrem01]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\trlokom_rmhsvc]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VMAUDIO]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w810bus]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\z525mdm]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zpaction]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2012-07-18 18:03:36
ComboFix-quarantined-files.txt 2012-07-18 22:03
ComboFix2.txt 2012-07-17 14:16
.
Pre-Run: 9,991,581,696 bytes free
Post-Run: 11,997,863,936 bytes free
.
- - End Of File - - F3B50D0AC63353B255DA69FDD6052DF1

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 AM

Posted 19 July 2012 - 07:40 AM

Looking good.

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Any remaining issues?

#12 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 19 July 2012 - 11:32 AM

Running much better. Windows was able to update and so was Java.

Still getting "problem applying profile" on my wireless connection. Tried to make a new one and got the same error.


Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Trend Micro Internet Security Pro
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 30
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Trend Micro Internet Security SfCtlCom.exe
Trend Micro Internet Security TmProxy.exe
Trend Micro TrendSecure TISProToolbar ProToolbarUpdate.exe
Trend Micro Internet Security TmPfw.exe
Trend Micro BM TMBMSRV.exe
Trend Micro Internet Security UfSeAgnt.exe
Trend Micro TrendSecure TISProToolbar PlatformDependent\ProToolbarComm.exe
Trend Micro TrendSecure TSCFPlatformCOMSvr.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 23% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 AM

Posted 20 July 2012 - 07:29 AM

Still getting "problem applying profile" on my wireless connection. Tried to make a new one and got the same error.


Could be a driver issue or some settings that needs to be changed.

Google this string "problem applying profile" on my wireless you will find a good number of suggestion.

If you cannot solve this I suggest you start a new topic in the Networking forum
http://www.bleepingcomputer.com/forums/forum21.html

An more experience helper in that field should be able to help you on this matter.
===


Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 30


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

====
http://securitygarden.blogspot.ca/2012/06/flash-player-update-causes-firefox.html
it appears that the Adobe Flash Player update including Flash Player Protected Mode for Firefox is causing Firefox to freeze or crash.
====

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Total Fragmentation on Drive C:: 23% Defragment your hard drive soon!

Take care of this as soon as you can. It may take some time so do it when you know you will not be needing the computer
===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#14 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 20 July 2012 - 09:01 AM

All set. Thank you SO much for your help!

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 AM

Posted 26 July 2012 - 09:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users