Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search engine redirect


  • This topic is locked This topic is locked
34 replies to this topic

#1 smartflough

smartflough

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 13 July 2012 - 01:31 PM

Good afternoon cyber warriors!

I seem to be encountering a very similar enigma as "viral_1212" in the "rocketnews redirect virus".

With either of the browsers on my pc (IE & Mozilla) and regardless of which search engine I use (google, yahoo, or bing) I get redirected, but only after I've already selected one of the links, then went back to the search results to select another. The second link that I select is redirected EVERY time - it is 100% consistent.

I have taken the liberty of downloading all of the tools in viral_1212's thread, just waiting for the instructions.

Thank you in advance for your help ~ what ya'll are doing here is truly heroic!

~Smartflough

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 13 July 2012 - 11:48 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 smartflough

smartflough
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 16 July 2012 - 09:35 AM

Good Morning Gringo!

Results below:

Security Check:
Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
JavaFX 2.1.1
Java™ SE Development Kit 7 Update 1
Java version out of Date!
Adobe Flash Player 11.3.300.265
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````


AND NOW FROM DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by bcota at 10:25:43 on 2012-07-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.983 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\SetPoint\LBTWiz.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\bcota\My Documents\Downloads\Defogger.exe
C:\Documents and Settings\bcota\My Documents\Downloads\SecurityCheck.exe
C:\WINDOWS\system32\notepad.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.wunderground.com/cgi-bin/findweather/getForecast?query=05740
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [Logitech BT Wizard] LBTWiz.exe -silent
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\bcota\startm~1\programs\startup\zooskm~1.lnk - c:\documents and settings\bcota\my documents\miscellaneous\zooskmessenger\ZooskMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\multim~1.lnk - c:\program files\mmtaskbar\MultiMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218579619236
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.10
TCP: Interfaces\{1EBC23B8-6B3E-4179-90C6-6C0F0B3155FB} : DhcpNameServer = 192.168.1.10
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bcota\application data\mozilla\firefox\profiles\0tffkc1p.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 171064]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-27 136176]
S2 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-13 113120]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-27 136176]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-7-13 35144]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-11 14336]
S4 WinDefend;Windows Defender;c:\windows\system32\svchost.exe -k secsvcs [2004-8-11 14336]
.
=============== File Associations ===============
.
.scr=DWGTrueViewScriptFile
.
=============== Created Last 30 ================
.
2012-07-13 12:53:04 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-07-11 18:09:08 -------- d-----w- C:\ComboFix
2012-07-11 18:02:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-18 11:08:44 -------- d-----w- c:\program files\Oracle
2012-06-18 11:08:38 143872 ----a-w- c:\windows\system32javacpl.cpl
.
==================== Find3M ====================
.
2012-07-12 14:47:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 14:47:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 18:50:45 126976 --sha-r- c:\windows\system32\bthcrp3.dll
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 23:29:22 772504 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-04 23:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 10:26:24.56 ===============

&&&& THE SECOND FILE FROM DDS IS ATTACHED. Attached File  attach.zip   4.26KB   1 downloads

Both Programs ran successfully.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 16 July 2012 - 11:31 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 smartflough

smartflough
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 16 July 2012 - 02:50 PM

ComboFix 12-07-11.03 - bcota 07/16/2012 15:31:14.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1073 [GMT -4:00]
Running from: c:\documents and settings\bcota\My Documents\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))
.
.
2012-07-13 12:53 . 2012-07-13 12:53 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-07-11 18:02 . 2012-07-11 18:02 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-18 11:08 . 2012-06-18 11:08 -------- d-----w- c:\program files\Oracle
2012-06-18 11:08 . 2012-06-18 11:08 143872 ----a-w- c:\windows\system32javacpl.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 14:47 . 2012-04-11 18:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 14:47 . 2011-06-08 15:26 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2010-07-03 12:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2004-08-11 21:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2007-05-15 19:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-11 21:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-11 21:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2007-07-30 23:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-07-30 23:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2004-08-11 21:12 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2004-08-11 21:12 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2004-08-11 21:12 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2007-07-30 23:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2007-07-30 23:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2004-08-11 21:12 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2004-08-11 21:12 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2004-08-11 21:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2007-07-30 23:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2004-08-11 21:12 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2004-08-11 21:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2008-08-13 16:09 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2008-08-13 16:09 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2007-07-30 23:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-11 21:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-11 21:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-08-11 21:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-11 21:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-11 21:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-08 16:40 . 2012-06-09 15:12 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05D74E46-590D-4A41-BFEE-84BDD3124FA9}\mpengine.dll
2012-05-08 16:40 . 2010-07-03 14:07 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-04 23:29 . 2012-02-20 12:18 772504 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-04 23:29 . 2010-05-19 14:31 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:16 . 2004-08-11 21:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 02:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-08-11 21:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 22:20 . 2012-07-13 12:29 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-06-12_12.15.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-21 12:24 . 2012-06-02 19:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
+ 2012-06-21 12:24 . 2012-06-02 19:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
+ 2004-08-11 21:00 . 2012-07-16 11:43 71022 c:\windows\system32\perfc009.dat
- 2004-08-11 21:00 . 2012-06-11 11:03 71022 c:\windows\system32\perfc009.dat
+ 2004-08-11 21:00 . 2012-05-11 14:42 67072 c:\windows\system32\mshtmled.dll
- 2007-08-13 22:54 . 2012-03-01 11:01 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 22:54 . 2012-05-11 14:42 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-11 21:00 . 2012-03-01 11:01 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-11 21:00 . 2012-05-11 14:42 25600 c:\windows\system32\jsproxy.dll
+ 2009-12-19 16:55 . 2012-05-11 14:42 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-12-19 16:55 . 2012-03-01 11:01 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-11 21:12 . 2012-06-02 19:19 35864 c:\windows\system32\dllcache\wups.dll
+ 2004-08-11 21:12 . 2012-06-02 19:19 53784 c:\windows\system32\dllcache\wuauclt.exe
+ 2007-08-13 22:54 . 2012-05-11 14:42 67072 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-08-13 11:04 . 2012-05-11 14:42 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-13 11:04 . 2012-03-01 11:01 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-13 22:44 . 2012-05-11 14:42 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2007-08-13 22:44 . 2012-03-01 11:01 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 22:54 . 2012-05-11 14:42 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2007-08-13 22:54 . 2012-03-01 11:01 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-11 21:00 . 2012-06-02 19:19 97304 c:\windows\system32\dllcache\cdm.dll
+ 2012-07-12 23:36 . 2012-07-12 23:36 22016 c:\windows\Installer\633bf47.msi
- 2008-08-12 22:08 . 2012-06-09 15:14 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-08-12 22:08 . 2012-07-13 19:40 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-08-12 22:08 . 2012-06-09 15:14 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-08-12 22:08 . 2012-07-13 19:40 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-08-12 22:08 . 2012-06-09 15:14 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-08-12 22:08 . 2012-07-13 19:40 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-08-12 22:08 . 2012-07-13 19:40 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-08-12 22:08 . 2012-06-09 15:14 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-08-12 22:08 . 2012-07-13 19:40 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-08-12 22:08 . 2012-06-09 15:14 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-08-12 22:08 . 2012-07-13 19:40 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-08-12 22:08 . 2012-06-09 15:14 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2012-07-13 19:41 . 2012-03-01 11:01 12800 c:\windows\ie8updates\KB2699988-IE8\xpshims.dll
+ 2012-07-13 19:41 . 2012-03-01 11:01 66560 c:\windows\ie8updates\KB2699988-IE8\mshtmled.dll
+ 2012-07-13 19:41 . 2012-03-01 11:01 55296 c:\windows\ie8updates\KB2699988-IE8\msfeedsbs.dll
+ 2012-07-13 19:41 . 2012-03-01 11:01 43520 c:\windows\ie8updates\KB2699988-IE8\licmgr10.dll
+ 2012-07-13 19:41 . 2012-03-01 11:01 25600 c:\windows\ie8updates\KB2699988-IE8\jsproxy.dll
+ 2012-07-16 11:41 . 2012-07-16 11:41 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_6c2b8cc2\System.Drawing.Design.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3b34fc2c8c94ffe21f75168980b69dfe\System.Web.DynamicData.Design.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ac960b9b0b72d676258cdfdc4ff24336\Microsoft.SqlServer.CustomControls.ni.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-06-09 15:16 . 2012-06-09 15:16 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-07-13 19:42 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2707511\update\spcustom.dll
+ 2012-06-12 22:00 . 2012-05-05 03:16 16896 c:\windows\$hf_mig$\KB2707511\update\mpsyschk.dll
+ 2012-07-13 19:42 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2707511\spmsg.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2008-08-12 22:08 . 2012-06-09 15:14 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-08-12 22:08 . 2012-07-13 19:40 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2012-06-09 15:17 . 2012-06-09 15:17 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-11 21:00 . 2012-03-01 11:01 105984 c:\windows\system32\url.dll
+ 2004-08-11 21:00 . 2012-05-11 14:42 105984 c:\windows\system32\url.dll
- 2004-08-11 21:00 . 2012-06-11 11:03 439888 c:\windows\system32\perfh009.dat
+ 2004-08-11 21:00 . 2012-07-16 11:43 439888 c:\windows\system32\perfh009.dat
+ 2004-08-11 21:00 . 2012-05-11 14:42 206848 c:\windows\system32\occache.dll
- 2004-08-11 21:00 . 2012-03-01 11:01 206848 c:\windows\system32\occache.dll
- 2004-08-11 21:00 . 2012-03-01 11:01 611840 c:\windows\system32\mstime.dll
+ 2004-08-11 21:00 . 2012-05-11 14:42 611840 c:\windows\system32\mstime.dll
+ 2007-08-13 22:54 . 2012-05-11 14:42 629760 c:\windows\system32\msfeeds.dll
+ 2012-07-12 14:47 . 2012-07-12 14:47 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe
+ 2012-07-12 13:47 . 2012-07-12 13:47 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
+ 2012-07-12 13:47 . 2012-07-12 13:47 465096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.dll
+ 2012-04-11 18:31 . 2012-07-12 14:47 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2004-08-11 21:00 . 2012-05-11 14:42 184320 c:\windows\system32\iepeers.dll
- 2004-08-11 21:00 . 2012-03-01 11:01 184320 c:\windows\system32\iepeers.dll
- 2004-08-11 21:00 . 2012-03-01 11:01 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-11 21:00 . 2012-05-11 14:42 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-11 21:00 . 2012-05-11 11:38 174080 c:\windows\system32\ie4uinit.exe
- 2004-08-11 21:00 . 2012-02-29 12:17 174080 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 21:06 . 2012-07-16 10:53 343424 c:\windows\system32\FNTCACHE.DAT
- 2004-08-11 21:06 . 2012-06-09 15:21 343424 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-11 21:12 . 2012-06-02 19:19 210968 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-11 21:12 . 2012-06-02 19:19 329240 c:\windows\system32\dllcache\wucltui.dll
+ 2004-08-11 21:12 . 2012-06-02 19:19 577048 c:\windows\system32\dllcache\wuapi.dll
+ 2007-08-13 22:54 . 2012-05-16 15:08 916992 c:\windows\system32\dllcache\wininet.dll
- 2007-08-13 22:54 . 2012-03-01 11:01 916992 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-13 22:44 . 2012-05-11 14:42 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-13 22:44 . 2012-03-01 11:01 105984 c:\windows\system32\dllcache\url.dll
+ 2008-12-05 06:54 . 2012-06-04 04:32 152576 c:\windows\system32\dllcache\schannel.dll
+ 2011-08-10 01:48 . 2012-05-02 13:46 139656 c:\windows\system32\dllcache\rdpwd.sys
- 2007-08-13 22:44 . 2012-03-01 11:01 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 22:44 . 2012-05-11 14:42 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 22:54 . 2012-05-11 14:42 611840 c:\windows\system32\dllcache\mstime.dll
- 2007-08-13 22:54 . 2012-03-01 11:01 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-08-13 11:04 . 2012-05-11 14:42 629760 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-11-09 14:52 . 2012-05-28 18:16 536576 c:\windows\system32\dllcache\msado15.dll
- 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2012-06-12 22:00 . 2012-05-11 14:42 521728 c:\windows\system32\dllcache\jsdbgui.dll
- 2009-12-19 16:55 . 2012-03-01 11:01 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-12-19 16:55 . 2012-05-11 14:42 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2007-08-13 22:54 . 2012-03-01 11:01 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 22:54 . 2012-05-11 14:42 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-10 22:51 . 2012-03-01 11:01 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-10 22:51 . 2012-05-11 14:42 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2007-08-13 22:39 . 2012-05-11 14:42 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-13 22:39 . 2012-03-01 11:01 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-13 22:39 . 2012-02-29 12:17 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-13 22:39 . 2012-05-11 11:38 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2012-01-31 07:38 . 2012-01-31 07:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-04-21 11:15 . 2012-04-21 11:15 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2012-01-27 21:35 . 2012-01-27 21:35 471040 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2012-04-25 21:45 . 2012-04-25 21:45 471040 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2012-04-22 01:55 . 2012-04-22 01:55 980480 c:\windows\Installer\28a5d8.msp
+ 2012-06-18 11:08 . 2012-06-18 11:08 457216 c:\windows\Installer\1ebf6110.msi
+ 2008-08-12 22:08 . 2012-07-13 19:40 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-08-12 22:08 . 2012-06-09 15:14 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-08-12 22:08 . 2012-07-13 19:40 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-08-12 22:08 . 2012-06-09 15:14 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-08-12 22:08 . 2012-06-09 15:14 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-08-12 22:08 . 2012-07-13 19:40 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-08-12 22:08 . 2012-06-09 15:14 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-08-12 22:08 . 2012-07-13 19:40 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-08-12 22:08 . 2012-06-09 15:14 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-08-12 22:08 . 2012-07-13 19:40 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-08-12 22:08 . 2012-07-13 19:40 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-08-12 22:08 . 2012-06-09 15:14 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2012-07-13 19:41 . 2012-03-01 11:01 916992 c:\windows\ie8updates\KB2699988-IE8\wininet.dll
+ 2012-07-13 19:41 . 2012-03-01 11:01 105984 c:\windows\ie8updates\KB2699988-IE8\url.dll
+ 2012-07-13 19:41 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2699988-IE8\spuninst\updspapi.dll
+ 2012-07-13 19:41 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2699988-IE8\spuninst\spuninst.exe
+ 2012-07-13 19:41 . 2012-03-01 11:01 206848 c:\windows\ie8updates\KB2699988-IE8\occache.dll
+ 2012-07-13 19:41 . 2012-03-01 11:01 611840 c:\windows\ie8updates\KB2699988-IE8\mstime.dll
+ 2012-07-13 19:41 . 2012-03-01 11:01 602112 c:\windows\ie8updates\KB2699988-IE8\msfeeds.dll
+ 2012-07-13 19:41 . 2009-03-08 09:35 521216 c:\windows\ie8updates\KB2699988-IE8\jsdbgui.dll
+ 2012-07-13 19:41 . 2012-03-01 11:01 247808 c:\windows\ie8updates\KB2699988-IE8\ieproxy.dll
+ 2012-07-13 19:41 . 2012-03-01 11:01 184320 c:\windows\ie8updates\KB2699988-IE8\iepeers.dll
+ 2012-07-13 19:41 . 2012-03-01 11:01 743424 c:\windows\ie8updates\KB2699988-IE8\iedvtool.dll
+ 2012-07-13 19:41 . 2012-03-01 11:01 387584 c:\windows\ie8updates\KB2699988-IE8\iedkcs32.dll
+ 2012-07-13 19:41 . 2012-02-29 12:17 174080 c:\windows\ie8updates\KB2699988-IE8\ie4uinit.exe
+ 2012-07-16 11:41 . 2012-07-16 11:41 843776 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6ae1c902\System.Drawing.dll
+ 2012-07-16 11:41 . 2012-07-16 11:41 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_961d0400\System.Drawing.Design.dll
+ 2012-07-16 11:44 . 2012-07-16 11:44 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\86e11a59f02b2dda27ec2e7cba351744\WindowsFormsIntegration.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\698c2093d7ac57af935b399d1c0b1790\System.Web.Routing.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\75248baf640115daeb0e580f1c5ff98b\System.Web.Extensions.Design.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\40c3b61ac38613e2b4b0f196e86185eb\System.Web.Entity.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\39cc9a830f7f08fd9f397be452fd78b0\System.Web.Entity.Design.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\88b1fd4792e7b698b788594d8e5e3c09\System.Web.DynamicData.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6333d22a2ea347432d46c40d93194c68\System.Web.Abstractions.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
+ 2012-07-16 11:44 . 2012-07-16 11:44 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\96a3fc1f74a00b618b70bd1701600408\System.Drawing.Design.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 989184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\df415932683bc237111c532a145ff35f\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 530432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\23287587d9916d8e85bdc15edf72ee89\Microsoft.SqlServer.GridControl.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\141368f762300cbffccc699b9d891e88\Microsoft.SqlServer.Setup.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 231936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\d8a31146343ef7af1f972a4bba088b55\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2012-07-16 11:49 . 2012-07-16 11:49 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c0045c1c7c29c7e7cc7bd60001b729a7\AspNetMMCExt.ni.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-07-16 11:43 . 2012-07-16 11:43 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-07-16 11:43 . 2012-07-16 11:43 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-07-16 11:43 . 2012-07-16 11:43 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-07-16 11:43 . 2012-07-16 11:43 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-07-16 11:43 . 2012-07-16 11:43 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-06-09 15:16 . 2012-06-09 15:16 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2012-06-09 15:16 . 2012-06-09 15:16 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2012-04-11 16:31 . 2012-04-11 16:31 471040 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-07-16 11:41 . 2012-07-16 11:41 471040 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-07-13 19:42 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2707511\update\updspapi.dll
+ 2012-07-13 19:42 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2707511\update\update.exe
+ 2012-07-13 19:42 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2707511\spuninst.exe
- 2004-08-11 21:00 . 2012-03-01 11:01 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-11 21:00 . 2012-05-11 14:42 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-11 21:00 . 2012-06-08 14:26 8462848 c:\windows\system32\shell32.dll
+ 2004-08-11 21:00 . 2012-05-11 14:42 6007808 c:\windows\system32\mshtml.dll
+ 2012-07-12 14:47 . 2012-07-12 14:47 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
+ 2007-08-13 22:34 . 2012-05-11 14:42 2000384 c:\windows\system32\iertutil.dll
- 2007-08-13 22:34 . 2012-03-01 11:01 2000384 c:\windows\system32\iertutil.dll
+ 2004-08-11 21:12 . 2012-06-02 19:19 1933848 c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 16:04 . 2012-06-13 13:19 1866112 c:\windows\system32\dllcache\win32k.sys
+ 2007-08-13 22:54 . 2012-05-11 14:42 1212416 c:\windows\system32\dllcache\urlmon.dll
- 2007-08-13 22:54 . 2012-03-01 11:01 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2012-06-08 14:26 8462848 c:\windows\system32\dllcache\shell32.dll
- 2008-10-16 16:04 . 2012-04-11 13:10 2192640 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 16:04 . 2012-05-04 13:12 2192640 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 16:04 . 2012-05-04 12:32 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-16 16:04 . 2012-04-11 12:35 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 16:04 . 2012-05-04 12:32 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-16 16:04 . 2012-04-11 12:35 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-16 16:04 . 2012-04-11 13:14 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-16 16:04 . 2012-05-04 13:16 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-12 23:18 . 2012-06-05 15:50 1372672 c:\windows\system32\dllcache\msxml6.dll
- 2008-08-12 23:18 . 2009-07-31 15:05 1372672 c:\windows\system32\dllcache\msxml6.dll
- 2008-11-12 12:20 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2008-11-12 12:20 . 2012-06-05 15:50 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2007-08-13 22:54 . 2012-05-11 14:42 6007808 c:\windows\system32\dllcache\mshtml.dll
- 2008-08-13 11:04 . 2012-03-01 11:01 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2008-08-13 11:04 . 2012-05-11 14:42 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2012-03-20 09:23 . 2012-03-20 09:23 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2011-12-25 07:50 . 2011-12-25 07:50 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-03-20 09:23 . 2012-03-20 09:23 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2008-07-25 15:17 . 2008-07-25 15:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2012-04-26 06:32 . 2012-04-26 06:32 6385664 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656370\M2656370Uninstall.msp
- 2012-01-31 08:46 . 2012-01-31 08:46 6385664 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656370\M2656370Uninstall.msp
+ 2012-06-29 18:33 . 2012-06-29 18:33 6063616 c:\windows\Installer\a8247be.msp
+ 2012-04-25 23:32 . 2012-04-25 23:32 7069184 c:\windows\Installer\28a5d2.msp
+ 2012-03-21 03:57 . 2012-03-21 03:57 6188544 c:\windows\Installer\28a5c9.msp
+ 2012-07-13 19:41 . 2012-03-01 11:01 1212416 c:\windows\ie8updates\KB2699988-IE8\urlmon.dll
+ 2012-07-13 19:41 . 2012-03-01 11:01 5978624 c:\windows\ie8updates\KB2699988-IE8\mshtml.dll
+ 2012-07-13 19:41 . 2012-03-01 11:01 2000384 c:\windows\ie8updates\KB2699988-IE8\iertutil.dll
- 2008-10-16 16:04 . 2012-04-11 13:10 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 16:04 . 2012-05-04 13:12 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 16:04 . 2012-05-04 12:32 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-16 16:04 . 2012-04-11 12:35 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-16 16:04 . 2012-04-11 12:35 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 16:04 . 2012-05-04 12:32 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-16 16:04 . 2012-04-11 13:14 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-16 16:04 . 2012-05-04 13:16 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-07-16 11:41 . 2012-07-16 11:41 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_32b4f20e\System.Windows.Forms.dll
+ 2012-07-16 11:41 . 2012-07-16 11:41 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_00063d59\System.Windows.Forms.dll
+ 2012-07-16 11:41 . 2012-07-16 11:41 2252800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_281174b0\System.Drawing.dll
+ 2012-07-16 11:41 . 2012-07-16 11:41 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_e56e3782\System.Design.dll
+ 2012-07-16 11:41 . 2012-07-16 11:41 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_433f5771\System.Design.dll
+ 2012-07-16 11:52 . 2012-07-16 11:52 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bd5bd406670d483b82bd51249eee59e3\System.WorkflowServices.ni.dll
+ 2012-07-16 11:52 . 2012-07-16 11:52 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\77361ebe9ad8ff77cc9a8d7f8363eb05\System.Workflow.Runtime.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1c12dfa7826b331b243b7b45daf9904d\System.Workflow.ComponentModel.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\514bf0e69e2c9fc8509cd23236057356\System.Workflow.Activities.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\77f8cde07b131839f1841be702837e8e\System.Web.Mobile.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\242b168aaca18197eca371ec269e23ac\System.Web.Extensions.ni.dll
+ 2012-07-16 11:44 . 2012-07-16 11:44 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d380f1813e27c2a086e62f0218669d67\System.Printing.ni.dll
+ 2012-07-16 11:44 . 2012-07-16 11:44 1592320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7a53d68ad544f8e9edfdbd5a90a48fd3\System.Deployment.ni.dll
+ 2012-07-16 11:44 . 2012-07-16 11:44 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\443dd7f0b84c3de54b1a72be655e307c\ReachFramework.ni.dll
+ 2012-07-16 11:44 . 2012-07-16 11:44 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\48ddcafff1a5603fb3289e90330275c0\PresentationUI.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\eb57103bf3052262e8dcf89eab06a8ce\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\645d80ee6adf50bbe3211cc2cf76a125\Microsoft.PowerShell.Editor.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4677e37953399f6fafe8557beebae274\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-07-16 11:50 . 2012-07-16 11:50 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\4e463dcf2a03c71913a61b44c32e2389\Microsoft.Build.Tasks.ni.dll
+ 2012-07-16 11:50 . 2012-07-16 11:50 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\395b4a85c7941ac4dd9d1c6f5eb444c7\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-07-16 11:50 . 2012-07-16 11:50 4387328 c:\windows\assembly\NativeImages_v2.0.50727_32\AdWindows\9fad9023c1ca14a38ce4a1fc19c9d9ce\AdWindows.ni.dll
+ 2012-07-16 11:50 . 2012-07-16 11:50 2205696 c:\windows\assembly\NativeImages_v2.0.50727_32\AcWindows\f798d78deb72c00b7ad42f17cb2942db\AcWindows.ni.dll
+ 2012-07-16 11:50 . 2012-07-16 11:50 5229056 c:\windows\assembly\NativeImages_v2.0.50727_32\acmgd\0d462fb441d4a8b27853508ddba6fbd0\acmgd.ni.dll
+ 2012-07-16 11:50 . 2012-07-16 11:50 1468928 c:\windows\assembly\NativeImages_v2.0.50727_32\AcLayer\80f5b11b039676d700dcea7cf0042ba1\AcLayer.ni.dll
+ 2012-07-16 11:50 . 2012-07-16 11:50 1598464 c:\windows\assembly\NativeImages_v2.0.50727_32\AcCui\10a445938d66712615e3790bce881007\AcCui.ni.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-07-16 11:43 . 2012-07-16 11:43 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-06-09 15:16 . 2012-06-09 15:16 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-06-09 15:16 . 2012-06-09 15:16 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-07-16 11:43 . 2012-07-16 11:43 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-07-16 11:42 . 2012-07-16 11:42 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-06-09 15:17 . 2012-06-09 15:17 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-05-04 13:20 . 2012-05-04 13:20 2192640 c:\windows\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe
+ 2012-05-04 12:41 . 2012-05-04 12:41 2026496 c:\windows\$hf_mig$\KB2707511\SP3QFE\ntkrpamp.exe
+ 2012-05-04 12:41 . 2012-05-04 12:41 2069120 c:\windows\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe
+ 2012-05-04 13:24 . 2012-05-04 13:24 2148352 c:\windows\$hf_mig$\KB2707511\SP3QFE\ntkrnlmp.exe
+ 2008-08-13 11:01 . 2012-07-03 07:13 57442464 c:\windows\system32\MRT.exe
+ 2007-08-13 22:54 . 2012-05-12 00:12 11111424 c:\windows\system32\ieframe.dll
+ 2008-08-13 11:04 . 2012-05-12 00:12 11111424 c:\windows\system32\dllcache\ieframe.dll
+ 2012-07-13 19:41 . 2012-03-02 10:01 11082752 c:\windows\ie8updates\KB2699988-IE8\ieframe.dll
+ 2012-07-16 11:44 . 2012-07-16 11:44 12433920 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
+ 2012-07-16 11:51 . 2012-07-16 11:51 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
+ 2012-07-16 11:44 . 2012-07-16 11:44 10682368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f73a8455f384e90f6925309336fece24\System.Design.ni.dll
+ 2012-07-16 11:44 . 2012-07-16 11:44 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
+ 2012-07-16 11:43 . 2012-07-16 11:43 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
+ 2012-07-16 11:50 . 2012-07-16 11:50 10113024 c:\windows\assembly\NativeImages_v2.0.50727_32\acdbmgd\98b608ae3866052275d9fd5d7fcc9394\acdbmgd.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech BT Wizard"="LBTWiz.exe -silent" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 137752]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-10-09 100888]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-24 1036288]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-10-09 100888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\documents and settings\bcota\Start Menu\Programs\Startup\
ZooskMessenger.lnk - c:\documents and settings\bcota\My Documents\miscellaneous\ZooskMessenger\ZooskMessenger.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213]
MultiMon Taskbar.lnk - c:\program files\MMTaskbar\MultiMon.exe [2010-12-2 294912]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2008-8-7 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\documents and settings\bcota\My Documents\miscellaneous\cam test\New Folder\1205000958.jpg
FriendlyName=
.
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= c:\documents and settings\bcota\My Documents\My Pictures\faifax\IMG_3194.JPG
FriendlyName=
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-12-03 14:24 65536 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1677:UDP"= 1677:UDP:Windows Media Format SDK (iexplore.exe)
"1680:UDP"= 1680:UDP:Windows Media Format SDK (iexplore.exe)
"1681:UDP"= 1681:UDP:Windows Media Format SDK (iexplore.exe)
.
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 2:30 PM 79168]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/27/2011 1:01 PM 136176]
S2 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/13/2012 8:29 AM 113120]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/11/2012 2:31 PM 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/27/2011 1:01 PM 136176]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [7/13/2012 8:53 AM 35144]
S4 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [8/11/2004 5:00 PM 14336]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 14:47]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-27 17:01]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-27 17:01]
.
2012-07-16 c:\windows\Tasks\rxfmakuqi.job
- c:\windows\system32\bthcrp3.dll [2012-06-08 18:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wunderground.com/cgi-bin/findweather/getForecast?query=05740
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.10
FF - ProfilePath - c:\documents and settings\bcota\Application Data\Mozilla\Firefox\Profiles\0tffkc1p.default\
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-16 15:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(500)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(3664)
c:\windows\system32\WININET.dll
c:\program files\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\AcSignIcon.dll
c:\windows\system32\btmmhook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msi.dll
c:\windows\system32\mslbui.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-07-16 15:40:23
ComboFix-quarantined-files.txt 2012-07-16 19:40
ComboFix2.txt 2012-07-11 18:16
ComboFix3.txt 2012-07-11 17:20
ComboFix4.txt 2012-07-11 16:16
ComboFix5.txt 2012-07-16 19:30
.
Pre-Run: 107,168,575,488 bytes free
Post-Run: 107,246,989,312 bytes free
.
- - End Of File - - D55226239333EE8E4374C792C0E5CD94


During the early stages of combofix I received an error message from pev.3XE - screen shot is attached.Attached File  error msg.JPG   104.03KB   2 downloads

Currently no redirecting from either browser or any of the search engines.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 17 July 2012 - 12:12 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 smartflough

smartflough
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 17 July 2012 - 11:20 AM

11:52:57.0814 2492 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
11:52:58.0080 2492 ============================================================
11:52:58.0080 2492 Current date / time: 2012/07/17 11:52:58.0080
11:52:58.0080 2492 SystemInfo:
11:52:58.0080 2492
11:52:58.0080 2492 OS Version: 5.1.2600 ServicePack: 3.0
11:52:58.0080 2492 Product type: Workstation
11:52:58.0080 2492 ComputerName: D3YXJ3H1
11:52:58.0080 2492 UserName: bcota
11:52:58.0080 2492 Windows directory: C:\WINDOWS
11:52:58.0080 2492 System windows directory: C:\WINDOWS
11:52:58.0080 2492 Processor architecture: Intel x86
11:52:58.0080 2492 Number of processors: 2
11:52:58.0080 2492 Page size: 0x1000
11:52:58.0080 2492 Boot type: Normal boot
11:52:58.0080 2492 ============================================================
11:52:58.0346 2492 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:52:58.0346 2492 ============================================================
11:52:58.0346 2492 \Device\Harddisk0\DR0:
11:52:58.0346 2492 MBR partitions:
11:52:58.0346 2492 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x129ED876
11:52:58.0346 2492 ============================================================
11:52:58.0377 2492 C: <-> \Device\Harddisk0\DR0\Partition0
11:52:58.0377 2492 ============================================================
11:52:58.0377 2492 Initialize success
11:52:58.0377 2492 ============================================================
11:53:00.0658 2376 ============================================================
11:53:00.0658 2376 Scan started
11:53:00.0658 2376 Mode: Manual;
11:53:00.0658 2376 ============================================================
11:53:01.0143 2376 Abiosdsk - ok
11:53:01.0174 2376 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:53:01.0174 2376 abp480n5 - ok
11:53:01.0205 2376 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:53:01.0221 2376 ACPI - ok
11:53:01.0221 2376 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:53:01.0221 2376 ACPIEC - ok
11:53:01.0268 2376 ADIHdAudAddService (0f0a69496989912351284bb1baa2ce57) C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:53:01.0283 2376 ADIHdAudAddService - ok
11:53:01.0408 2376 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:53:01.0408 2376 AdobeFlashPlayerUpdateSvc - ok
11:53:01.0455 2376 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:53:01.0455 2376 adpu160m - ok
11:53:01.0486 2376 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:53:01.0502 2376 aec - ok
11:53:01.0549 2376 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:53:01.0564 2376 AFD - ok
11:53:01.0596 2376 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:53:01.0596 2376 agp440 - ok
11:53:01.0596 2376 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:53:01.0596 2376 agpCPQ - ok
11:53:01.0611 2376 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:53:01.0611 2376 Aha154x - ok
11:53:01.0627 2376 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:53:01.0627 2376 aic78u2 - ok
11:53:01.0658 2376 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:53:01.0658 2376 aic78xx - ok
11:53:01.0705 2376 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:53:01.0721 2376 Alerter - ok
11:53:01.0736 2376 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:53:01.0736 2376 ALG - ok
11:53:01.0752 2376 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:53:01.0752 2376 AliIde - ok
11:53:01.0768 2376 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:53:01.0783 2376 alim1541 - ok
11:53:01.0799 2376 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:53:01.0799 2376 amdagp - ok
11:53:01.0799 2376 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:53:01.0799 2376 amsint - ok
11:53:01.0846 2376 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
11:53:01.0861 2376 AppMgmt - ok
11:53:01.0877 2376 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:53:01.0893 2376 asc - ok
11:53:01.0893 2376 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:53:01.0893 2376 asc3350p - ok
11:53:01.0908 2376 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:53:01.0908 2376 asc3550 - ok
11:53:01.0955 2376 ASFIPmon (6295dd28d0ecbc4e6e450c279fef5ed9) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
11:53:01.0955 2376 ASFIPmon - ok
11:53:02.0049 2376 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:53:02.0049 2376 aspnet_state - ok
11:53:02.0096 2376 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:53:02.0111 2376 AsyncMac - ok
11:53:02.0143 2376 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:53:02.0158 2376 atapi - ok
11:53:02.0158 2376 Atdisk - ok
11:53:02.0189 2376 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:53:02.0189 2376 Atmarpc - ok
11:53:02.0221 2376 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:53:02.0221 2376 AudioSrv - ok
11:53:02.0283 2376 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:53:02.0283 2376 audstub - ok
11:53:02.0299 2376 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:53:02.0299 2376 b57w2k - ok
11:53:02.0346 2376 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\WMI\BASFND.sys
11:53:02.0346 2376 BASFND - ok
11:53:02.0361 2376 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:53:02.0361 2376 Beep - ok
11:53:02.0424 2376 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:53:02.0439 2376 BITS - ok
11:53:02.0471 2376 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:53:02.0471 2376 Browser - ok
11:53:02.0518 2376 btaudio (0f249be872f618aaba8d641e81aa3d21) C:\WINDOWS\system32\drivers\btaudio.sys
11:53:02.0533 2376 btaudio - ok
11:53:02.0564 2376 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys
11:53:02.0564 2376 BTDriver - ok
11:53:02.0627 2376 BTKRNL (ade37ab15c958f5db2f85431cca8763a) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
11:53:02.0643 2376 BTKRNL - ok
11:53:02.0689 2376 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
11:53:02.0689 2376 BTWDNDIS - ok
11:53:02.0705 2376 btwhid (6beb0adaa3d2b80e6515eec5d03b7540) C:\WINDOWS\system32\DRIVERS\btwhid.sys
11:53:02.0721 2376 btwhid - ok
11:53:02.0721 2376 BTWUSB (a01fd9851406de0870c23759e2f7b6ea) C:\WINDOWS\system32\Drivers\btwusb.sys
11:53:02.0721 2376 BTWUSB - ok
11:53:02.0814 2376 catchme - ok
11:53:02.0846 2376 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:53:02.0846 2376 cbidf - ok
11:53:02.0846 2376 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:53:02.0846 2376 cbidf2k - ok
11:53:02.0877 2376 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:53:02.0893 2376 cd20xrnt - ok
11:53:02.0908 2376 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:53:02.0908 2376 Cdaudio - ok
11:53:02.0939 2376 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:53:02.0939 2376 Cdfs - ok
11:53:02.0955 2376 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:53:02.0955 2376 Cdrom - ok
11:53:02.0955 2376 Changer - ok
11:53:03.0002 2376 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:53:03.0002 2376 CiSvc - ok
11:53:03.0033 2376 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:53:03.0033 2376 ClipSrv - ok
11:53:03.0111 2376 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:53:03.0127 2376 clr_optimization_v2.0.50727_32 - ok
11:53:03.0158 2376 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:53:03.0158 2376 CmdIde - ok
11:53:03.0158 2376 COMSysApp - ok
11:53:03.0174 2376 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:53:03.0174 2376 Cpqarray - ok
11:53:03.0189 2376 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:53:03.0205 2376 CryptSvc - ok
11:53:03.0221 2376 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:53:03.0236 2376 dac2w2k - ok
11:53:03.0252 2376 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:53:03.0252 2376 dac960nt - ok
11:53:03.0299 2376 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:53:03.0314 2376 DcomLaunch - ok
11:53:03.0361 2376 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:53:03.0361 2376 Dhcp - ok
11:53:03.0393 2376 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:53:03.0393 2376 Disk - ok
11:53:03.0408 2376 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
11:53:03.0408 2376 DLABMFSM - ok
11:53:03.0424 2376 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
11:53:03.0424 2376 DLABOIOM - ok
11:53:03.0424 2376 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
11:53:03.0424 2376 DLACDBHM - ok
11:53:03.0439 2376 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
11:53:03.0439 2376 DLADResM - ok
11:53:03.0439 2376 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
11:53:03.0455 2376 DLAIFS_M - ok
11:53:03.0471 2376 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
11:53:03.0471 2376 DLAOPIOM - ok
11:53:03.0471 2376 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
11:53:03.0486 2376 DLAPoolM - ok
11:53:03.0486 2376 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
11:53:03.0486 2376 DLARTL_M - ok
11:53:03.0502 2376 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
11:53:03.0502 2376 DLAUDFAM - ok
11:53:03.0502 2376 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
11:53:03.0518 2376 DLAUDF_M - ok
11:53:03.0518 2376 dmadmin - ok
11:53:03.0611 2376 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:53:03.0627 2376 dmboot - ok
11:53:03.0643 2376 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:53:03.0658 2376 dmio - ok
11:53:03.0674 2376 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:53:03.0674 2376 dmload - ok
11:53:03.0689 2376 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:53:03.0689 2376 dmserver - ok
11:53:03.0721 2376 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:53:03.0721 2376 DMusic - ok
11:53:03.0752 2376 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:53:03.0752 2376 Dnscache - ok
11:53:03.0814 2376 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:53:03.0814 2376 Dot3svc - ok
11:53:03.0830 2376 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:53:03.0830 2376 dpti2o - ok
11:53:03.0846 2376 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:53:03.0861 2376 drmkaud - ok
11:53:03.0877 2376 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
11:53:03.0893 2376 DRVMCDB - ok
11:53:03.0893 2376 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
11:53:03.0893 2376 DRVNDDM - ok
11:53:03.0924 2376 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:53:03.0924 2376 E100B - ok
11:53:03.0939 2376 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:53:03.0939 2376 EapHost - ok
11:53:03.0955 2376 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:53:03.0955 2376 ERSvc - ok
11:53:04.0002 2376 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:53:04.0018 2376 Eventlog - ok
11:53:04.0064 2376 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:53:04.0064 2376 EventSystem - ok
11:53:04.0111 2376 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:53:04.0111 2376 Fastfat - ok
11:53:04.0143 2376 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:53:04.0158 2376 FastUserSwitchingCompatibility - ok
11:53:04.0205 2376 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
11:53:04.0221 2376 Fax - ok
11:53:04.0236 2376 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:53:04.0236 2376 Fdc - ok
11:53:04.0299 2376 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:53:04.0299 2376 Fips - ok
11:53:04.0314 2376 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:53:04.0314 2376 Flpydisk - ok
11:53:04.0346 2376 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:53:04.0346 2376 FltMgr - ok
11:53:04.0424 2376 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:53:04.0424 2376 FontCache3.0.0.0 - ok
11:53:04.0455 2376 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:53:04.0455 2376 Fs_Rec - ok
11:53:04.0471 2376 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:53:04.0471 2376 Ftdisk - ok
11:53:04.0486 2376 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:53:04.0486 2376 Gpc - ok
11:53:04.0611 2376 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:53:04.0611 2376 gupdate - ok
11:53:04.0611 2376 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:53:04.0611 2376 gupdatem - ok
11:53:04.0643 2376 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:53:04.0658 2376 HDAudBus - ok
11:53:04.0721 2376 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:53:04.0721 2376 helpsvc - ok
11:53:04.0736 2376 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
11:53:04.0736 2376 HidServ - ok
11:53:04.0752 2376 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:53:04.0752 2376 HidUsb - ok
11:53:04.0783 2376 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:53:04.0783 2376 hkmsvc - ok
11:53:04.0814 2376 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:53:04.0814 2376 hpn - ok
11:53:04.0846 2376 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:53:04.0861 2376 HTTP - ok
11:53:04.0877 2376 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:53:04.0877 2376 HTTPFilter - ok
11:53:04.0908 2376 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:53:04.0908 2376 i2omgmt - ok
11:53:04.0924 2376 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:53:04.0939 2376 i2omp - ok
11:53:04.0939 2376 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:53:04.0939 2376 i8042prt - ok
11:53:04.0986 2376 IAANTMON (72b53e9c8924949dec8f3799bcba2251) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
11:53:05.0002 2376 IAANTMON - ok
11:53:05.0393 2376 ialm (12c7f8d581c4a9f126f5f8f5683a1c29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:53:05.0549 2376 ialm - ok
11:53:05.0627 2376 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iaStor.sys
11:53:05.0627 2376 iaStor - ok
11:53:05.0752 2376 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:53:05.0768 2376 idsvc - ok
11:53:05.0830 2376 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:53:05.0830 2376 Imapi - ok
11:53:05.0861 2376 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:53:05.0877 2376 ImapiService - ok
11:53:05.0908 2376 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:53:05.0908 2376 ini910u - ok
11:53:05.0939 2376 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:53:05.0939 2376 IntelIde - ok
11:53:05.0971 2376 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:53:05.0971 2376 intelppm - ok
11:53:05.0971 2376 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:53:05.0971 2376 Ip6Fw - ok
11:53:06.0018 2376 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:53:06.0018 2376 IpFilterDriver - ok
11:53:06.0018 2376 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:53:06.0033 2376 IpInIp - ok
11:53:06.0064 2376 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:53:06.0080 2376 IpNat - ok
11:53:06.0096 2376 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:53:06.0096 2376 IPSec - ok
11:53:06.0096 2376 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:53:06.0111 2376 IRENUM - ok
11:53:06.0127 2376 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:53:06.0127 2376 isapnp - ok
11:53:06.0143 2376 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:53:06.0143 2376 Kbdclass - ok
11:53:06.0143 2376 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:53:06.0143 2376 kbdhid - ok
11:53:06.0174 2376 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:53:06.0174 2376 kmixer - ok
11:53:06.0205 2376 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:53:06.0205 2376 KSecDD - ok
11:53:06.0221 2376 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:53:06.0236 2376 lanmanserver - ok
11:53:06.0268 2376 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:53:06.0283 2376 lanmanworkstation - ok
11:53:06.0283 2376 lbrtfdc - ok
11:53:06.0330 2376 LHidFilt (ea57f9a93042d53256db4e2222b93b37) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
11:53:06.0330 2376 LHidFilt - ok
11:53:06.0361 2376 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:53:06.0361 2376 LmHosts - ok
11:53:06.0361 2376 LMouFilt (8bd61e1f686d352b318b025524542128) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
11:53:06.0361 2376 LMouFilt - ok
11:53:06.0455 2376 mbamchameleon (6c1b3c47915a8bf6bd752c9d476b1ca5) C:\WINDOWS\system32\drivers\mbamchameleon.sys
11:53:06.0455 2376 mbamchameleon - ok
11:53:06.0549 2376 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:53:06.0564 2376 MDM - ok
11:53:06.0611 2376 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:53:06.0611 2376 Messenger - ok
11:53:06.0627 2376 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:53:06.0643 2376 mnmdd - ok
11:53:06.0658 2376 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:53:06.0674 2376 mnmsrvc - ok
11:53:06.0689 2376 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:53:06.0689 2376 Modem - ok
11:53:06.0705 2376 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:53:06.0705 2376 Mouclass - ok
11:53:06.0721 2376 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:53:06.0721 2376 mouhid - ok
11:53:06.0736 2376 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:53:06.0736 2376 MountMgr - ok
11:53:06.0783 2376 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:53:06.0783 2376 MozillaMaintenance - ok
11:53:06.0814 2376 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:53:06.0814 2376 MpFilter - ok
11:53:06.0830 2376 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:53:06.0830 2376 mraid35x - ok
11:53:06.0861 2376 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:53:06.0877 2376 MRxDAV - ok
11:53:06.0955 2376 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:53:06.0971 2376 MRxSmb - ok
11:53:07.0002 2376 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:53:07.0002 2376 MSDTC - ok
11:53:07.0033 2376 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:53:07.0033 2376 Msfs - ok
11:53:07.0033 2376 MSIServer - ok
11:53:07.0049 2376 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:53:07.0049 2376 MSKSSRV - ok
11:53:07.0080 2376 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:53:07.0080 2376 MsMpSvc - ok
11:53:07.0096 2376 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:53:07.0096 2376 MSPCLOCK - ok
11:53:07.0096 2376 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:53:07.0096 2376 MSPQM - ok
11:53:07.0127 2376 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:53:07.0127 2376 mssmbios - ok
11:53:07.0158 2376 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:53:07.0158 2376 Mup - ok
11:53:07.0189 2376 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:53:07.0205 2376 napagent - ok
11:53:07.0252 2376 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:53:07.0268 2376 NDIS - ok
11:53:07.0314 2376 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:53:07.0314 2376 NdisTapi - ok
11:53:07.0330 2376 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:53:07.0330 2376 Ndisuio - ok
11:53:07.0346 2376 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:53:07.0346 2376 NdisWan - ok
11:53:07.0377 2376 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:53:07.0377 2376 NDProxy - ok
11:53:07.0393 2376 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:53:07.0393 2376 NetBIOS - ok
11:53:07.0408 2376 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:53:07.0424 2376 NetBT - ok
11:53:07.0471 2376 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:53:07.0471 2376 NetDDE - ok
11:53:07.0486 2376 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:53:07.0486 2376 NetDDEdsdm - ok
11:53:07.0518 2376 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:53:07.0518 2376 Netlogon - ok
11:53:07.0533 2376 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:53:07.0549 2376 Netman - ok
11:53:07.0627 2376 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:53:07.0627 2376 NetTcpPortSharing - ok
11:53:07.0674 2376 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:53:07.0674 2376 Nla - ok
11:53:07.0705 2376 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:53:07.0705 2376 Npfs - ok
11:53:07.0783 2376 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:53:07.0814 2376 Ntfs - ok
11:53:07.0814 2376 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:53:07.0814 2376 NtLmSsp - ok
11:53:07.0877 2376 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:53:07.0893 2376 NtmsSvc - ok
11:53:07.0939 2376 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:53:07.0955 2376 Null - ok
11:53:08.0533 2376 nv (cb0ce8de9f66a297cd86eb98921b8e58) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:53:08.0768 2376 nv - ok
11:53:08.0846 2376 nvsvc (1f31a588cc83a7b76715f9549515c161) C:\WINDOWS\system32\nvsvc32.exe
11:53:08.0846 2376 nvsvc - ok
11:53:08.0893 2376 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:53:08.0893 2376 NwlnkFlt - ok
11:53:08.0893 2376 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:53:08.0908 2376 NwlnkFwd - ok
11:53:08.0971 2376 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:53:08.0971 2376 ose - ok
11:53:09.0002 2376 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:53:09.0002 2376 Parport - ok
11:53:09.0018 2376 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:53:09.0018 2376 PartMgr - ok
11:53:09.0018 2376 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:53:09.0018 2376 ParVdm - ok
11:53:09.0033 2376 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:53:09.0033 2376 PCI - ok
11:53:09.0033 2376 PCIDump - ok
11:53:09.0064 2376 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:53:09.0064 2376 PCIIde - ok
11:53:09.0064 2376 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:53:09.0064 2376 Pcmcia - ok
11:53:09.0080 2376 PDCOMP - ok
11:53:09.0080 2376 PDFRAME - ok
11:53:09.0080 2376 PDRELI - ok
11:53:09.0096 2376 PDRFRAME - ok
11:53:09.0096 2376 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:53:09.0096 2376 perc2 - ok
11:53:09.0111 2376 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:53:09.0111 2376 perc2hib - ok
11:53:09.0158 2376 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:53:09.0158 2376 PlugPlay - ok
11:53:09.0174 2376 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:53:09.0174 2376 PolicyAgent - ok
11:53:09.0189 2376 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:53:09.0189 2376 PptpMiniport - ok
11:53:09.0205 2376 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:53:09.0205 2376 ProtectedStorage - ok
11:53:09.0205 2376 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:53:09.0205 2376 Ptilink - ok
11:53:09.0236 2376 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:53:09.0236 2376 PxHelp20 - ok
11:53:09.0252 2376 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:53:09.0252 2376 ql1080 - ok
11:53:09.0252 2376 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:53:09.0252 2376 Ql10wnt - ok
11:53:09.0268 2376 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:53:09.0268 2376 ql12160 - ok
11:53:09.0268 2376 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:53:09.0268 2376 ql1240 - ok
11:53:09.0283 2376 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:53:09.0283 2376 ql1280 - ok
11:53:09.0314 2376 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:53:09.0314 2376 RasAcd - ok
11:53:09.0346 2376 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:53:09.0377 2376 RasAuto - ok
11:53:09.0424 2376 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:53:09.0424 2376 Rasl2tp - ok
11:53:09.0455 2376 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:53:09.0471 2376 RasMan - ok
11:53:09.0486 2376 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:53:09.0486 2376 RasPppoe - ok
11:53:09.0502 2376 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:53:09.0502 2376 Raspti - ok
11:53:09.0518 2376 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:53:09.0533 2376 Rdbss - ok
11:53:09.0549 2376 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:53:09.0549 2376 RDPCDD - ok
11:53:09.0564 2376 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:53:09.0564 2376 rdpdr - ok
11:53:09.0611 2376 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
11:53:09.0627 2376 RDPWD - ok
11:53:09.0689 2376 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:53:09.0705 2376 RDSessMgr - ok
11:53:09.0721 2376 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:53:09.0736 2376 redbook - ok
11:53:09.0752 2376 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:53:09.0752 2376 RemoteAccess - ok
11:53:09.0768 2376 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
11:53:09.0783 2376 RemoteRegistry - ok
11:53:09.0783 2376 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:53:09.0799 2376 RpcLocator - ok
11:53:09.0846 2376 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
11:53:09.0846 2376 RpcSs - ok
11:53:09.0877 2376 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:53:09.0877 2376 RSVP - ok
11:53:09.0908 2376 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:53:09.0908 2376 SamSs - ok
11:53:09.0908 2376 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:53:09.0924 2376 SCardSvr - ok
11:53:09.0939 2376 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:53:09.0955 2376 Schedule - ok
11:53:10.0002 2376 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:53:10.0018 2376 Secdrv - ok
11:53:10.0033 2376 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:53:10.0033 2376 seclogon - ok
11:53:10.0080 2376 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
11:53:10.0096 2376 SenFiltService - ok
11:53:10.0111 2376 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:53:10.0111 2376 SENS - ok
11:53:10.0299 2376 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:53:10.0299 2376 serenum - ok
11:53:10.0314 2376 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:53:10.0314 2376 Serial - ok
11:53:10.0330 2376 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:53:10.0330 2376 Sfloppy - ok
11:53:10.0361 2376 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:53:10.0377 2376 SharedAccess - ok
11:53:10.0424 2376 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:53:10.0424 2376 ShellHWDetection - ok
11:53:10.0424 2376 Simbad - ok
11:53:10.0471 2376 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:53:10.0471 2376 sisagp - ok
11:53:10.0502 2376 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:53:10.0502 2376 Sparrow - ok
11:53:10.0518 2376 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:53:10.0518 2376 splitter - ok
11:53:10.0564 2376 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:53:10.0580 2376 Spooler - ok
11:53:10.0596 2376 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:53:10.0596 2376 sr - ok
11:53:10.0627 2376 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:53:10.0643 2376 srservice - ok
11:53:10.0689 2376 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:53:10.0689 2376 Srv - ok
11:53:10.0721 2376 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:53:10.0721 2376 SSDPSRV - ok
11:53:10.0752 2376 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:53:10.0768 2376 stisvc - ok
11:53:10.0783 2376 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:53:10.0783 2376 swenum - ok
11:53:10.0799 2376 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:53:10.0799 2376 swmidi - ok
11:53:10.0814 2376 SwPrv - ok
11:53:10.0846 2376 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:53:10.0846 2376 symc810 - ok
11:53:10.0846 2376 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:53:10.0846 2376 symc8xx - ok
11:53:10.0861 2376 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:53:10.0861 2376 sym_hi - ok
11:53:10.0861 2376 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:53:10.0861 2376 sym_u3 - ok
11:53:10.0893 2376 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:53:10.0893 2376 sysaudio - ok
11:53:10.0908 2376 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:53:10.0908 2376 SysmonLog - ok
11:53:10.0939 2376 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:53:10.0955 2376 TapiSrv - ok
11:53:11.0049 2376 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:53:11.0064 2376 Tcpip - ok
11:53:11.0096 2376 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:53:11.0096 2376 TDPIPE - ok
11:53:11.0096 2376 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:53:11.0096 2376 TDTCP - ok
11:53:11.0127 2376 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:53:11.0127 2376 TermDD - ok
11:53:11.0174 2376 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:53:11.0189 2376 TermService - ok
11:53:11.0236 2376 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:53:11.0252 2376 Themes - ok
11:53:11.0283 2376 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
11:53:11.0299 2376 TlntSvr - ok
11:53:11.0330 2376 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:53:11.0330 2376 TosIde - ok
11:53:11.0377 2376 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:53:11.0393 2376 TrkWks - ok
11:53:11.0408 2376 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:53:11.0424 2376 Udfs - ok
11:53:11.0424 2376 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:53:11.0424 2376 ultra - ok
11:53:11.0471 2376 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:53:11.0486 2376 Update - ok
11:53:11.0549 2376 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:53:11.0549 2376 upnphost - ok
11:53:11.0611 2376 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:53:11.0611 2376 UPS - ok
11:53:11.0643 2376 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:53:11.0643 2376 usbehci - ok
11:53:11.0658 2376 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:53:11.0658 2376 usbhub - ok
11:53:11.0674 2376 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:53:11.0674 2376 usbscan - ok
11:53:11.0736 2376 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:53:11.0736 2376 USBSTOR - ok
11:53:11.0768 2376 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:53:11.0768 2376 usbuhci - ok
11:53:11.0783 2376 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:53:11.0783 2376 VgaSave - ok
11:53:11.0799 2376 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:53:11.0799 2376 viaagp - ok
11:53:11.0830 2376 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:53:11.0830 2376 ViaIde - ok
11:53:11.0846 2376 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:53:11.0846 2376 VolSnap - ok
11:53:11.0908 2376 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:53:11.0939 2376 VSS - ok
11:53:11.0986 2376 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:53:12.0002 2376 w32time - ok
11:53:12.0033 2376 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:53:12.0033 2376 Wanarp - ok
11:53:12.0096 2376 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:53:12.0127 2376 Wdf01000 - ok
11:53:12.0127 2376 WDICA - ok
11:53:12.0174 2376 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:53:12.0174 2376 wdmaud - ok
11:53:12.0221 2376 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:53:12.0221 2376 WebClient - ok
11:53:12.0236 2376 WinDefend - ok
11:53:12.0393 2376 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:53:12.0408 2376 winmgmt - ok
11:53:12.0533 2376 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
11:53:12.0564 2376 WinRM - ok
11:53:12.0611 2376 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:53:12.0611 2376 WmdmPmSN - ok
11:53:12.0674 2376 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
11:53:12.0721 2376 Wmi - ok
11:53:12.0783 2376 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:53:12.0783 2376 WmiApSrv - ok
11:53:12.0908 2376 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
11:53:12.0939 2376 WMPNetworkSvc - ok
11:53:12.0971 2376 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:53:12.0971 2376 WpdUsb - ok
11:53:13.0002 2376 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:53:13.0002 2376 WS2IFSL - ok
11:53:13.0033 2376 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:53:13.0049 2376 wscsvc - ok
11:53:13.0080 2376 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:53:13.0080 2376 wuauserv - ok
11:53:13.0111 2376 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:53:13.0111 2376 WudfPf - ok
11:53:13.0158 2376 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:53:13.0189 2376 WudfRd - ok
11:53:13.0205 2376 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:53:13.0205 2376 WudfSvc - ok
11:53:13.0283 2376 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:53:13.0299 2376 WZCSVC - ok
11:53:13.0346 2376 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:53:13.0361 2376 xmlprov - ok
11:53:13.0377 2376 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:53:13.0799 2376 \Device\Harddisk0\DR0 - ok
11:53:13.0814 2376 Boot (0x1200) (4335c7735891d62eea1ec29c38af53f1) \Device\Harddisk0\DR0\Partition0
11:53:13.0814 2376 \Device\Harddisk0\DR0\Partition0 - ok
11:53:13.0814 2376 ============================================================
11:53:13.0814 2376 Scan finished
11:53:13.0814 2376 ============================================================
11:53:13.0830 2156 Detected object count: 0
11:53:13.0830 2156 Actual detected object count: 0


& THE ASWMBR LOG:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-17 12:01:30
-----------------------------
12:01:30.139 OS Version: Windows 5.1.2600 Service Pack 3
12:01:30.139 Number of processors: 2 586 0xF0D
12:01:30.139 ComputerName: D3YXJ3H1 UserName: bcota
12:01:30.874 Initialize success
12:03:02.014 AVAST engine defs: 12071700
12:03:34.998 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:03:34.998 Disk 0 Vendor: ST316081 4.AD Size: 152587MB BusType: 3
12:03:35.014 Disk 0 MBR read successfully
12:03:35.014 Disk 0 MBR scan
12:03:35.045 Disk 0 Windows XP default MBR code
12:03:35.045 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
12:03:35.045 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152539 MB offset 96390
12:03:35.060 Disk 0 scanning sectors +312496380
12:03:35.123 Disk 0 scanning C:\WINDOWS\system32\drivers
12:03:42.888 Service scanning
12:03:55.170 Modules scanning
12:03:58.857 Disk 0 trace - called modules:
12:03:58.873 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:03:58.873 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a60f030]
12:03:58.873 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a690030]
12:03:59.482 AVAST engine scan C:\WINDOWS
12:04:07.013 AVAST engine scan C:\WINDOWS\system32
12:06:33.231 AVAST engine scan C:\WINDOWS\system32\drivers
12:06:49.434 AVAST engine scan C:\Documents and Settings\bcota
12:14:26.650 AVAST engine scan C:\Documents and Settings\All Users
12:15:17.884 Scan finished successfully
12:17:48.805 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\bcota\My Documents\Downloads\MBR.dat"
12:17:48.805 The log file has been saved successfully to "C:\Documents and Settings\bcota\My Documents\Downloads\aswMBR.txt"



No problems running the software. Redirecting is happening again; only with Mozilla but for all 3 search engines. IE seems fine - no redirecting.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 17 July 2012 - 10:18 PM

greetings


lets uninstall firefox and if asked about user data or settings then lets remove that also


restart the computer and reinstall firefox - check things out now



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 smartflough

smartflough
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 18 July 2012 - 08:04 AM

That was a bit of a side step. Both browsers are back to where I started - redirecting in each search engine after the second link is selected.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 18 July 2012 - 01:40 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 smartflough

smartflough
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 18 July 2012 - 02:26 PM

OTL logfile created on: 7/18/2012 3:22:44 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\bcota\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 64.93% Memory free
3.85 Gb Paging File | 3.36 Gb Available in Paging File | 87.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 100.56 Gb Free Space | 67.50% Space Free | Partition Type: NTFS

Computer Name: D3YXJ3H1 | User Name: bcota | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\bcota\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\SetPoint\LBTWiz.exe (Logitech Inc.)
PRC - C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe (Logitech Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\MMTaskbar\MultiMon.exe ()


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll ()
MOD - C:\Program Files\MMTaskbar\MultiMon.exe ()
MOD - C:\Program Files\MMTaskbar\shellhook.dll ()


========== Win32 Services (SafeList) ==========

SRV - (WinDefend) -- %ProgramFiles%\Windows Defender\mpsvc.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\bcota\LOCALS~1\Temp\catchme.sys File not found
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys ()
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (BASFND) -- C:\Program Files\Broadcom\WMI\BASFND.sys (Broadcom Corporation)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080808
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080808
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080808
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080808
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577



IE - HKU\S-1-5-21-623912357-1384207050-1846952604-5188\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-623912357-1384207050-1846952604-5188\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-623912357-1384207050-1846952604-5188\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wunderground.com/cgi-bin/findweather/getForecast?query=05740
IE - HKU\S-1-5-21-623912357-1384207050-1846952604-5188\..\SearchScopes,DefaultScope = {D564E06E-5E99-4C9D-A663-90FC2056FB15}
IE - HKU\S-1-5-21-623912357-1384207050-1846952604-5188\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-623912357-1384207050-1846952604-5188\..\SearchScopes\{D564E06E-5E99-4C9D-A663-90FC2056FB15}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-623912357-1384207050-1846952604-5188\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 08:59:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/11 14:33:59 | 000,000,000 | ---D | M]

[2012/07/18 08:59:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bcota\Application Data\Mozilla\Extensions
[2012/07/18 08:59:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/14 18:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/11 12:11:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech BT Wizard] LBTWiz.exe -silent File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\bcota\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-623912357-1384207050-1846952604-5188\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-623912357-1384207050-1846952604-5188\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-623912357-1384207050-1846952604-5188\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-623912357-1384207050-1846952604-5188\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218579619236 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jpcarrara.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EBC23B8-6B3E-4179-90C6-6C0F0B3155FB}: DhcpNameServer = 192.168.1.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL (Logitech Inc.)
O24 - Desktop Components:0 () - C:\Documents and Settings\bcota\My Documents\miscellaneous\cam test\New Folder\1205000958.jpg
O24 - Desktop Components:1 () - C:\Documents and Settings\bcota\My Documents\My Pictures\faifax\IMG_3194.JPG
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\bcota\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\bcota\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/07 11:31:21 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/18 08:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bcota\Application Data\Mozilla
[2012/07/18 08:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/18 08:57:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/17 10:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bcota\Start Menu\Programs\Exetechs
[2012/07/16 15:40:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/07/16 15:30:18 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/11 14:02:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/18 14:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/18 14:36:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/18 10:12:50 | 000,000,441 | ---- | M] () -- C:\Documents and Settings\bcota\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to work on Primary Server (Yoda1).lnk
[2012/07/18 08:59:25 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\bcota\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/18 08:59:25 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/18 08:57:32 | 000,272,156 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/07/18 08:57:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/18 08:57:30 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/18 08:55:18 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\rxfmakuqi.job
[2012/07/18 08:55:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/18 08:55:11 | 2145,349,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/17 10:17:13 | 000,000,368 | ---- | M] () -- C:\Documents and Settings\bcota\Desktop\Carrara Data Manager.appref-ms
[2012/07/16 10:23:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\bcota\defogger_reenable
[2012/07/16 07:43:10 | 000,439,888 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/16 07:43:10 | 000,071,022 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/16 06:53:56 | 000,343,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/13 15:42:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/13 08:53:04 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/07/13 08:34:48 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 10:47:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/12 10:47:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/11 12:11:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/11 11:39:26 | 004,576,462 | R--- | M] (Swearware) -- C:\Documents and Settings\bcota\My Documents\ComboFix.exe
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/18 08:59:25 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\bcota\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/18 08:59:25 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/18 08:59:25 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/16 10:23:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\bcota\defogger_reenable
[2012/07/13 08:53:04 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/07/11 12:20:31 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\bcota\Desktop\Carrara Data Manager.appref-ms
[2012/06/11 11:59:10 | 000,198,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/06/08 14:50:45 | 000,126,976 | RHS- | C] () -- C:\WINDOWS\System32\bthcrp3.dll
[2012/02/16 03:29:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/09 18:14:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\bcota\cd
[2011/11/09 18:13:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\bcota\adb
[2011/06/01 18:33:11 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/01 18:33:11 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/01 18:33:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/01 18:33:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/01 18:33:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/11 14:32:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/04 11:39:08 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\bcota\.recently-used.xbel
[2010/03/29 16:51:06 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\bcota\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/12 18:00:27 | 000,009,342 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مايكروسوفت

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 18 July 2012 - 02:52 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
    O4 - HKLM..\Run: [Logitech BT Wizard] LBTWiz.exe -silent File not found
    O4 - Startup: C:\Documents and Settings\bcota\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    @Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:??????????  
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    [2012/07/18 08:55:18 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\rxfmakuqi.job
    [2012/06/08 14:50:45 | 000,126,976 | RHS- | C] () -- C:\WINDOWS\System32\bthcrp3.dll
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 smartflough

smartflough
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 18 July 2012 - 03:45 PM

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Logitech BT Wizard deleted successfully.
C:\Documents and Settings\bcota\Start Menu\Programs\Startup\ZooskMessenger.lnk moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Unable to delete ADS C:\Documents and Settings\All Users\DRM:?????????? .
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\WINDOWS\tasks\rxfmakuqi.job moved successfully.
C:\WINDOWS\system32\bthcrp3.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\bcota\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\bcota\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: administrator.MIDDLEBURY

User: All Users

User: bcota
->Java cache emptied: 0 bytes

User: csimpson

User: csimpson.MIDDLEBURY
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 456 bytes

User: administrator.MIDDLEBURY

User: All Users

User: bcota
->Flash cache emptied: 5207022 bytes

User: csimpson

User: csimpson.MIDDLEBURY
->Flash cache emptied: 1227 bytes

User: Default User
->Flash cache emptied: 56504 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 5.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07182012_164214




Both Browsers & all search engines are now redirecting on the first link selected.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 18 July 2012 - 04:49 PM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 smartflough

smartflough
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 19 July 2012 - 06:11 AM

Windows IP Configuration



Host Name . . . . . . . . . . . . : D3YXJ3H1

Primary Dns Suffix . . . . . . . : jpcarrara.com

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : jpcarrara.com

jpcarrara.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : jpcarrara.com

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-1E-C9-56-D6-4D

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.48

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.10

DNS Servers . . . . . . . . . . . : 192.168.1.10

Primary WINS Server . . . . . . . : 192.168.1.10

Lease Obtained. . . . . . . . . . : Wednesday, July 18, 2012 8:55:25 PM

Lease Expires . . . . . . . . . . : Thursday, July 19, 2012 8:55:25 PM

Server: yoda1.jpcarrara.com
Address: 192.168.1.10

Name: google.com
Addresses: 173.194.43.40, 173.194.43.32, 173.194.43.37, 173.194.43.36
173.194.43.33, 173.194.43.34, 173.194.43.39, 173.194.43.38, 173.194.43.41
173.194.43.35, 173.194.43.46

Server: yoda1.jpcarrara.com
Address: 192.168.1.10

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70



Pinging google.com [173.194.43.40] with 32 bytes of data:



Reply from 173.194.43.40: bytes=32 time=22ms TTL=56

Reply from 173.194.43.40: bytes=32 time=22ms TTL=56



Ping statistics for 173.194.43.40:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 22ms, Maximum = 22ms, Average = 22ms



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=113ms TTL=49

Reply from 72.30.38.140: bytes=32 time=175ms TTL=49



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 113ms, Maximum = 175ms, Average = 144ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 1e c9 56 d6 4d ...... Broadcom NetXtreme 57xx Gigabit Controller
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.48 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.48 192.168.1.48 10
192.168.1.48 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.1.255 255.255.255.255 192.168.1.48 192.168.1.48 10
192.168.2.0 255.255.255.0 192.168.1.100 192.168.1.48 1
224.0.0.0 240.0.0.0 192.168.1.48 192.168.1.48 10
255.255.255.255 255.255.255.255 192.168.1.48 192.168.1.48 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None


no change in redirecting.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users