Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected w/ Gen, Gen.2, Zeroaccess.B, Tracur, PUP.Blabbers, etc.


  • This topic is locked This topic is locked
14 replies to this topic

#1 thanksbleeping

thanksbleeping

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 21 July 2012 - 11:29 AM

Have had the "topic" Trojans with several quarantines by Malwarebytes Anti-Malware (26), Symantec Anti-Virus (5393), and Spybot-Search and Destroy.

Before I ran the following logs, no more were showing up as active. However, that has happened before (appearing fixed) during the past week, only to show up later after shutdown/restarting. When it initially appeared, there was a pop-up from Symantec warnig of the repid turnaround between detections and partials, or complete quarantines actions. After firstshutdown/restart, the pop-ups stopped.

@#*%@*%, while attempting to get a log for Spybot, I accidently activated the Immunize feature, after already having run the previous 8 steps instructed in your "Preparation Guide...." Do I need to rerun any of these?

I was unable to complete step 5 -- Enable a firewall -- got message: "Due to an unidentified problem, Windows cannot display Windows Firewall settings."
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by DALE at 7:35:16 on 2012-07-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.1863 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/search
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\dale\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\dale\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F8AED295-49B1-4513-A0FA-61CB87416362} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-7-14 21992]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-1 106656]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120720.002\naveng.sys [2012-7-20 87928]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120720.002\navex15.sys [2012-7-20 1589752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-27 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 257224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-27 136176]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-12-04 17:18:02 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-12-04 17:17:50 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-07-15 17:26:27 -------- d-----w- c:\documents and settings\dale\application data\DriverCure
2012-07-15 17:26:26 -------- d-----w- c:\documents and settings\dale\application data\SpeedMaxPc
2012-07-15 17:26:09 -------- d-----w- c:\program files\common files\SpeedMaxPc
2012-07-15 17:26:07 -------- d-----w- c:\program files\SpeedMaxPc
2012-07-15 17:26:07 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc
2012-07-15 17:23:49 5037888 ----a-w- c:\program files\SpeedMaxpc_installer.exe
2012-07-15 16:39:24 -------- d-----w- c:\windows\system32\NtmsData
2012-07-15 15:51:08 2841104 ----a-w- c:\program files\NPE.exe
2012-07-04 17:44:12 -------- d-----w- c:\documents and settings\dale\application data\Malwarebytes
2012-07-04 17:44:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-04 17:44:02 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-04 17:44:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-06-26 01:06:50 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-26 01:06:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 21:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 21:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 21:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 21:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 21:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2011-09-20 20:06:14 38958968 ----a-w- c:\program files\QuickTimeInstaller.exe
2011-09-04 19:31:44 16409960 ----a-w- c:\program files\spybotsd162.exe
2011-08-27 22:57:15 604488 ----a-w- c:\program files\GoogleEarthSetup.exe
.
============= FINISH: 7:35:40.51 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:13 AM

Posted 26 July 2012 - 10:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Rest the default Hosts file.

How do I reset the hosts file back to the default?
http://support.microsoft.com/kb/972034

Use the Fix it button on the page.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 thanksbleeping

thanksbleeping
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 26 July 2012 - 08:11 PM

Thanks for the help nasdaq:

18:17:23.0765 2412 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:17:24.0234 2412 ============================================================
18:17:24.0234 2412 Current date / time: 2012/07/26 18:17:24.0234
18:17:24.0234 2412 SystemInfo:
18:17:24.0234 2412
18:17:24.0234 2412 OS Version: 5.1.2600 ServicePack: 3.0
18:17:24.0234 2412 Product type: Workstation
18:17:24.0234 2412 ComputerName: MDD-38E2D4945C2
18:17:24.0234 2412 UserName: DALE
18:17:24.0234 2412 Windows directory: C:\WINDOWS
18:17:24.0234 2412 System windows directory: C:\WINDOWS
18:17:24.0234 2412 Processor architecture: Intel x86
18:17:24.0234 2412 Number of processors: 2
18:17:24.0234 2412 Page size: 0x1000
18:17:24.0234 2412 Boot type: Normal boot
18:17:24.0234 2412 ============================================================
18:17:24.0828 2412 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:17:24.0906 2412 ============================================================
18:17:24.0906 2412 \Device\Harddisk0\DR0:
18:17:24.0906 2412 MBR partitions:
18:17:24.0906 2412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A813A3
18:17:24.0937 2412 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x61A81421, BlocksNum 0x12C806DF
18:17:24.0937 2412 ============================================================
18:17:24.0968 2412 C: <-> \Device\Harddisk0\DR0\Partition0
18:17:25.0000 2412 D: <-> \Device\Harddisk0\DR0\Partition1
18:17:25.0000 2412 ============================================================
18:17:25.0000 2412 Initialize success
18:17:25.0000 2412 ============================================================
18:18:23.0656 2460 ============================================================
18:18:23.0656 2460 Scan started
18:18:23.0656 2460 Mode: Manual;
18:18:23.0656 2460 ============================================================
18:18:23.0734 2460 Abiosdsk - ok
18:18:23.0734 2460 abp480n5 - ok
18:18:23.0781 2460 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:18:23.0781 2460 ACPI - ok
18:18:23.0812 2460 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:18:23.0812 2460 ACPIEC - ok
18:18:23.0890 2460 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:18:23.0937 2460 AdobeFlashPlayerUpdateSvc - ok
18:18:23.0937 2460 adpu160m - ok
18:18:23.0984 2460 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:18:23.0984 2460 aec - ok
18:18:24.0015 2460 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
18:18:24.0015 2460 AFD - ok
18:18:24.0015 2460 Aha154x - ok
18:18:24.0015 2460 aic78u2 - ok
18:18:24.0015 2460 aic78xx - ok
18:18:24.0046 2460 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:18:24.0046 2460 Alerter - ok
18:18:24.0078 2460 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:18:24.0078 2460 ALG - ok
18:18:24.0078 2460 AliIde - ok
18:18:24.0093 2460 amsint - ok
18:18:24.0140 2460 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
18:18:24.0140 2460 AN983 - ok
18:18:24.0156 2460 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:18:24.0171 2460 AppMgmt - ok
18:18:24.0171 2460 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:18:24.0171 2460 Arp1394 - ok
18:18:24.0171 2460 asc - ok
18:18:24.0187 2460 asc3350p - ok
18:18:24.0187 2460 asc3550 - ok
18:18:24.0218 2460 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:18:24.0234 2460 AsyncMac - ok
18:18:24.0234 2460 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:18:24.0250 2460 atapi - ok
18:18:24.0250 2460 Atdisk - ok
18:18:24.0281 2460 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:18:24.0281 2460 Atmarpc - ok
18:18:24.0281 2460 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:18:24.0296 2460 AudioSrv - ok
18:18:24.0328 2460 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:18:24.0328 2460 audstub - ok
18:18:24.0390 2460 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:18:24.0390 2460 Beep - ok
18:18:24.0421 2460 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:18:24.0437 2460 BITS - ok
18:18:24.0453 2460 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:18:24.0453 2460 Browser - ok
18:18:24.0484 2460 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
18:18:24.0484 2460 BVRPMPR5 - ok
18:18:24.0500 2460 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:18:24.0515 2460 cbidf2k - ok
18:18:24.0531 2460 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:18:24.0531 2460 CCDECODE - ok
18:18:24.0609 2460 ccEvtMgr (73a35ad810cb750367cc01564a44b0e7) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
18:18:24.0609 2460 ccEvtMgr - ok
18:18:24.0625 2460 ccSetMgr (5e32d63b71495a8eda09f05bd153a537) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
18:18:24.0625 2460 ccSetMgr - ok
18:18:24.0625 2460 cd20xrnt - ok
18:18:24.0625 2460 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:18:24.0640 2460 Cdaudio - ok
18:18:24.0656 2460 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:18:24.0656 2460 Cdfs - ok
18:18:24.0703 2460 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:18:24.0703 2460 Cdrom - ok
18:18:24.0718 2460 Changer - ok
18:18:24.0718 2460 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:18:24.0718 2460 CiSvc - ok
18:18:24.0750 2460 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:18:24.0765 2460 ClipSrv - ok
18:18:24.0765 2460 CmdIde - ok
18:18:24.0765 2460 COMSysApp - ok
18:18:24.0781 2460 Cpqarray - ok
18:18:24.0796 2460 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
18:18:24.0796 2460 cpuz135 - ok
18:18:24.0812 2460 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:18:24.0828 2460 CryptSvc - ok
18:18:24.0828 2460 dac2w2k - ok
18:18:24.0828 2460 dac960nt - ok
18:18:24.0859 2460 DcomLaunch (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
18:18:24.0875 2460 DcomLaunch - ok
18:18:24.0906 2460 DefWatch (7f7efcc3ef73160147b27a8270b4cb9e) C:\Program Files\Symantec AntiVirus\DefWatch.exe
18:18:24.0906 2460 DefWatch - ok
18:18:24.0921 2460 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:18:24.0921 2460 Dhcp - ok
18:18:24.0921 2460 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:18:24.0937 2460 Disk - ok
18:18:24.0937 2460 dmadmin - ok
18:18:24.0968 2460 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:18:24.0984 2460 dmboot - ok
18:18:25.0000 2460 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:18:25.0000 2460 dmio - ok
18:18:25.0000 2460 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:18:25.0015 2460 dmload - ok
18:18:25.0015 2460 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:18:25.0031 2460 dmserver - ok
18:18:25.0062 2460 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:18:25.0062 2460 DMusic - ok
18:18:25.0093 2460 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
18:18:25.0093 2460 Dnscache - ok
18:18:25.0093 2460 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:18:25.0109 2460 Dot3svc - ok
18:18:25.0109 2460 dpti2o - ok
18:18:25.0140 2460 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:18:25.0140 2460 drmkaud - ok
18:18:25.0171 2460 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:18:25.0187 2460 EapHost - ok
18:18:25.0218 2460 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:18:25.0234 2460 eeCtrl - ok
18:18:25.0250 2460 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:18:25.0265 2460 EraserUtilRebootDrv - ok
18:18:25.0265 2460 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:18:25.0281 2460 ERSvc - ok
18:18:25.0343 2460 Eventlog (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
18:18:25.0343 2460 Eventlog - ok
18:18:25.0359 2460 EventSystem (19a799805b24990867b00c120d300c3a) C:\WINDOWS\system32\es.dll
18:18:25.0359 2460 EventSystem - ok
18:18:25.0375 2460 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:18:25.0375 2460 Fastfat - ok
18:18:25.0390 2460 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
18:18:25.0406 2460 FastUserSwitchingCompatibility - ok
18:18:25.0406 2460 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:18:25.0421 2460 Fdc - ok
18:18:25.0421 2460 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:18:25.0437 2460 Fips - ok
18:18:25.0437 2460 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:18:25.0453 2460 Flpydisk - ok
18:18:25.0531 2460 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:18:25.0546 2460 FltMgr - ok
18:18:25.0578 2460 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:18:25.0578 2460 Fs_Rec - ok
18:18:25.0593 2460 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:18:25.0593 2460 Ftdisk - ok
18:18:25.0609 2460 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:18:25.0609 2460 Gpc - ok
18:18:25.0671 2460 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:18:25.0687 2460 gupdate - ok
18:18:25.0687 2460 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:18:25.0687 2460 gupdatem - ok
18:18:25.0703 2460 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:18:25.0703 2460 HDAudBus - ok
18:18:25.0734 2460 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:18:25.0734 2460 helpsvc - ok
18:18:25.0750 2460 HidServ - ok
18:18:25.0765 2460 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:18:25.0765 2460 hidusb - ok
18:18:25.0781 2460 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:18:25.0796 2460 hkmsvc - ok
18:18:25.0796 2460 hpn - ok
18:18:25.0812 2460 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
18:18:25.0812 2460 HTTP - ok
18:18:25.0812 2460 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:18:25.0828 2460 HTTPFilter - ok
18:18:25.0828 2460 i2omgmt - ok
18:18:25.0828 2460 i2omp - ok
18:18:25.0921 2460 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:18:25.0937 2460 i8042prt - ok
18:18:25.0968 2460 ICAM3NT5 (7e9dce459be666ab54f67e77cb7d1297) C:\WINDOWS\system32\Drivers\Icam3.sys
18:18:25.0984 2460 ICAM3NT5 - ok
18:18:25.0984 2460 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:18:26.0000 2460 Imapi - ok
18:18:26.0031 2460 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:18:26.0046 2460 ImapiService - ok
18:18:26.0046 2460 ini910u - ok
18:18:26.0156 2460 IntcAzAudAddService (41ef008d7b089ce6f5f2e4a61d5638e6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:18:26.0203 2460 IntcAzAudAddService - ok
18:18:26.0250 2460 IntelIde - ok
18:18:26.0265 2460 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:18:26.0265 2460 intelppm - ok
18:18:26.0265 2460 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:18:26.0281 2460 Ip6Fw - ok
18:18:26.0328 2460 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:18:26.0328 2460 IpFilterDriver - ok
18:18:26.0343 2460 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:18:26.0343 2460 IpInIp - ok
18:18:26.0359 2460 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:18:26.0375 2460 IpNat - ok
18:18:26.0390 2460 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:18:26.0406 2460 IPSec - ok
18:18:26.0406 2460 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:18:26.0406 2460 IRENUM - ok
18:18:26.0421 2460 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:18:26.0421 2460 isapnp - ok
18:18:26.0484 2460 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
18:18:26.0484 2460 JavaQuickStarterService - ok
18:18:26.0500 2460 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:18:26.0515 2460 Kbdclass - ok
18:18:26.0531 2460 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:18:26.0531 2460 kmixer - ok
18:18:26.0546 2460 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
18:18:26.0546 2460 KSecDD - ok
18:18:26.0578 2460 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
18:18:26.0578 2460 LanmanServer - ok
18:18:26.0609 2460 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll
18:18:26.0609 2460 lanmanworkstation - ok
18:18:26.0609 2460 lbrtfdc - ok
18:18:26.0718 2460 LiveUpdate (7c63055bfb959199eeef366bbbe56456) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
18:18:26.0781 2460 LiveUpdate - ok
18:18:26.0796 2460 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:18:26.0812 2460 LmHosts - ok
18:18:26.0843 2460 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:18:26.0843 2460 Messenger - ok
18:18:26.0875 2460 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:18:26.0875 2460 mnmdd - ok
18:18:26.0921 2460 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:18:26.0937 2460 mnmsrvc - ok
18:18:26.0937 2460 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:18:26.0953 2460 Modem - ok
18:18:26.0968 2460 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:18:26.0968 2460 Mouclass - ok
18:18:26.0968 2460 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:18:26.0984 2460 mouhid - ok
18:18:26.0984 2460 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:18:26.0984 2460 MountMgr - ok
18:18:27.0000 2460 mraid35x - ok
18:18:27.0000 2460 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:18:27.0015 2460 MRxDAV - ok
18:18:27.0015 2460 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:18:27.0031 2460 MRxSmb - ok
18:18:27.0062 2460 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:18:27.0078 2460 MSDTC - ok
18:18:27.0078 2460 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:18:27.0093 2460 Msfs - ok
18:18:27.0093 2460 MSIServer - ok
18:18:27.0109 2460 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:18:27.0109 2460 MSKSSRV - ok
18:18:27.0140 2460 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:18:27.0140 2460 MSPCLOCK - ok
18:18:27.0140 2460 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:18:27.0156 2460 MSPQM - ok
18:18:27.0156 2460 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:18:27.0156 2460 mssmbios - ok
18:18:27.0187 2460 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:18:27.0187 2460 MSTEE - ok
18:18:27.0203 2460 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
18:18:27.0203 2460 Mup - ok
18:18:27.0218 2460 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:18:27.0234 2460 NABTSFEC - ok
18:18:27.0234 2460 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:18:27.0296 2460 napagent - ok
18:18:27.0375 2460 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120720.002\naveng.sys
18:18:27.0375 2460 NAVENG - ok
18:18:27.0406 2460 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120720.002\navex15.sys
18:18:27.0421 2460 NAVEX15 - ok
18:18:27.0531 2460 NBService (8baa0e43bc0267a462068fb3b3388da0) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
18:18:27.0562 2460 NBService - ok
18:18:27.0609 2460 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:18:27.0625 2460 NDIS - ok
18:18:27.0640 2460 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:18:27.0640 2460 NdisIP - ok
18:18:27.0656 2460 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:18:27.0656 2460 NdisTapi - ok
18:18:27.0671 2460 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:18:27.0671 2460 Ndisuio - ok
18:18:27.0687 2460 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:18:27.0687 2460 NdisWan - ok
18:18:27.0703 2460 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
18:18:27.0703 2460 NDProxy - ok
18:18:27.0703 2460 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:18:27.0703 2460 NetBIOS - ok
18:18:27.0734 2460 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:18:27.0750 2460 NetBT - ok
18:18:27.0781 2460 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:18:27.0796 2460 NetDDE - ok
18:18:27.0796 2460 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:18:27.0796 2460 NetDDEdsdm - ok
18:18:27.0828 2460 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:18:27.0828 2460 Netlogon - ok
18:18:27.0828 2460 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:18:27.0843 2460 Netman - ok
18:18:27.0843 2460 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:18:27.0843 2460 NIC1394 - ok
18:18:27.0859 2460 Nla (b4138e99236f0f57d4cf49bae98a0746) C:\WINDOWS\System32\mswsock.dll
18:18:27.0875 2460 Nla - ok
18:18:27.0906 2460 NMIndexingService (a9b3b624d39ce440ba71cad88fa35f4c) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
18:18:27.0906 2460 NMIndexingService - ok
18:18:27.0921 2460 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:18:27.0921 2460 Npfs - ok
18:18:27.0937 2460 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:18:27.0953 2460 Ntfs - ok
18:18:27.0968 2460 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:18:27.0968 2460 NtLmSsp - ok
18:18:27.0984 2460 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:18:28.0000 2460 NtmsSvc - ok
18:18:28.0015 2460 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:18:28.0015 2460 Null - ok
18:18:28.0156 2460 nv (83780f3a86d2804912f22f6e37cd2254) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:18:28.0250 2460 nv - ok
18:18:28.0281 2460 nvata (ef9941593b2e9b436f64a87ddb570d1a) C:\WINDOWS\system32\DRIVERS\nvata.sys
18:18:28.0296 2460 nvata - ok
18:18:28.0296 2460 NVENETFD (c61927d27b75ed56723f2508f1a6b1be) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
18:18:28.0296 2460 NVENETFD - ok
18:18:28.0343 2460 nvgts (52dce3b30c9d61c8e20fe3c6da4bdfb7) C:\WINDOWS\system32\DRIVERS\nvgts.sys
18:18:28.0359 2460 nvgts - ok
18:18:28.0359 2460 nvnetbus (fa6149b9d5a1b58ed3eaa9e85e5a284d) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
18:18:28.0359 2460 nvnetbus - ok
18:18:28.0390 2460 NVSvc (42321ac5448078131903b272e6c49024) C:\WINDOWS\system32\nvsvc32.exe
18:18:28.0390 2460 NVSvc - ok
18:18:28.0437 2460 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:18:28.0437 2460 NwlnkFlt - ok
18:18:28.0453 2460 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:18:28.0453 2460 NwlnkFwd - ok
18:18:28.0515 2460 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:18:28.0531 2460 odserv - ok
18:18:28.0546 2460 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:18:28.0546 2460 ohci1394 - ok
18:18:28.0562 2460 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:18:28.0609 2460 ose - ok
18:18:28.0640 2460 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:18:28.0640 2460 Parport - ok
18:18:28.0656 2460 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:18:28.0656 2460 PartMgr - ok
18:18:28.0656 2460 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:18:28.0671 2460 ParVdm - ok
18:18:28.0671 2460 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:18:28.0687 2460 PCI - ok
18:18:28.0687 2460 PCIDump - ok
18:18:28.0687 2460 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:18:28.0703 2460 PCIIde - ok
18:18:28.0703 2460 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:18:28.0718 2460 Pcmcia - ok
18:18:28.0718 2460 PDCOMP - ok
18:18:28.0734 2460 PDFRAME - ok
18:18:28.0734 2460 PDRELI - ok
18:18:28.0734 2460 PDRFRAME - ok
18:18:28.0734 2460 perc2 - ok
18:18:28.0750 2460 perc2hib - ok
18:18:28.0781 2460 PlugPlay (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
18:18:28.0781 2460 PlugPlay - ok
18:18:28.0781 2460 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:18:28.0796 2460 PolicyAgent - ok
18:18:28.0796 2460 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:18:28.0812 2460 PptpMiniport - ok
18:18:28.0812 2460 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:18:28.0812 2460 ProtectedStorage - ok
18:18:28.0812 2460 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:18:28.0828 2460 PSched - ok
18:18:28.0843 2460 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:18:28.0843 2460 Ptilink - ok
18:18:28.0859 2460 ql1080 - ok
18:18:28.0859 2460 Ql10wnt - ok
18:18:28.0859 2460 ql12160 - ok
18:18:28.0859 2460 ql1240 - ok
18:18:28.0875 2460 ql1280 - ok
18:18:28.0890 2460 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:18:28.0890 2460 RasAcd - ok
18:18:28.0906 2460 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:18:28.0906 2460 RasAuto - ok
18:18:28.0921 2460 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:18:28.0921 2460 Rasl2tp - ok
18:18:28.0953 2460 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:18:28.0968 2460 RasMan - ok
18:18:28.0968 2460 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:18:28.0984 2460 RasPppoe - ok
18:18:28.0984 2460 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:18:28.0984 2460 Raspti - ok
18:18:29.0031 2460 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:18:29.0031 2460 Rdbss - ok
18:18:29.0046 2460 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:18:29.0046 2460 RDPCDD - ok
18:18:29.0062 2460 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:18:29.0062 2460 rdpdr - ok
18:18:29.0093 2460 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
18:18:29.0093 2460 RDPWD - ok
18:18:29.0093 2460 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:18:29.0109 2460 RDSessMgr - ok
18:18:29.0140 2460 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:18:29.0140 2460 redbook - ok
18:18:29.0171 2460 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:18:29.0171 2460 RemoteAccess - ok
18:18:29.0187 2460 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:18:29.0203 2460 RemoteRegistry - ok
18:18:29.0218 2460 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:18:29.0234 2460 RpcLocator - ok
18:18:29.0250 2460 RpcSs (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
18:18:29.0250 2460 RpcSs - ok
18:18:29.0265 2460 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:18:29.0281 2460 RSVP - ok
18:18:29.0328 2460 RTSTOR (e32f998e1543314f90d9bda2dbbb0ab1) C:\WINDOWS\system32\drivers\RTSTOR.SYS
18:18:29.0328 2460 RTSTOR - ok
18:18:29.0343 2460 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:18:29.0343 2460 SamSs - ok
18:18:29.0406 2460 SavRoam (92554f1d5037033146501f72c74b4d9f) C:\Program Files\Symantec AntiVirus\SavRoam.exe
18:18:29.0421 2460 SavRoam - ok
18:18:29.0468 2460 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
18:18:29.0468 2460 SAVRT - ok
18:18:29.0484 2460 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
18:18:29.0484 2460 SAVRTPEL - ok
18:18:29.0484 2460 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:18:29.0500 2460 SCardSvr - ok
18:18:29.0546 2460 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:18:29.0546 2460 Schedule - ok
18:18:29.0546 2460 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:18:29.0562 2460 Secdrv - ok
18:18:29.0562 2460 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:18:29.0578 2460 seclogon - ok
18:18:29.0593 2460 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:18:29.0609 2460 SENS - ok
18:18:29.0625 2460 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:18:29.0625 2460 serenum - ok
18:18:29.0640 2460 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:18:29.0640 2460 Serial - ok
18:18:29.0640 2460 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:18:29.0656 2460 Sfloppy - ok
18:18:29.0671 2460 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
18:18:29.0671 2460 ShellHWDetection - ok
18:18:29.0671 2460 Simbad - ok
18:18:29.0687 2460 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:18:29.0703 2460 SLIP - ok
18:18:29.0703 2460 SNDSrvc (213c7eb70a762afdbb095e3535e8545c) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
18:18:29.0750 2460 SNDSrvc - ok
18:18:29.0750 2460 Sparrow - ok
18:18:29.0781 2460 SPBBCDrv (60053e9c1fc4f6887c296c19cb825244) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
18:18:29.0781 2460 SPBBCDrv - ok
18:18:29.0812 2460 SPBBCSvc (8a09ab7a1fd856acc469bd0cd4e98351) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
18:18:29.0812 2460 SPBBCSvc - ok
18:18:29.0859 2460 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:18:29.0859 2460 splitter - ok
18:18:29.0859 2460 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
18:18:29.0859 2460 Spooler - ok
18:18:29.0890 2460 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:18:29.0890 2460 sr - ok
18:18:29.0921 2460 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:18:29.0937 2460 srservice - ok
18:18:29.0937 2460 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
18:18:29.0937 2460 Srv - ok
18:18:29.0953 2460 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:18:29.0968 2460 SSDPSRV - ok
18:18:30.0000 2460 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:18:30.0015 2460 stisvc - ok
18:18:30.0031 2460 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:18:30.0031 2460 streamip - ok
18:18:30.0046 2460 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:18:30.0046 2460 swenum - ok
18:18:30.0078 2460 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:18:30.0078 2460 swmidi - ok
18:18:30.0078 2460 SwPrv - ok
18:18:30.0156 2460 Symantec AntiVirus (7ac1fccc7976857aac3906d45a81d77b) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
18:18:30.0156 2460 Symantec AntiVirus - ok
18:18:30.0218 2460 symc810 - ok
18:18:30.0218 2460 symc8xx - ok
18:18:30.0265 2460 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:18:30.0265 2460 SymEvent - ok
18:18:30.0265 2460 SYMREDRV (e919f0922248a826964428f479a3dc24) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
18:18:30.0281 2460 SYMREDRV - ok
18:18:30.0281 2460 SYMTDI (c177d5a655af572c456ec977582b9bc0) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
18:18:30.0296 2460 SYMTDI - ok
18:18:30.0296 2460 sym_hi - ok
18:18:30.0312 2460 sym_u3 - ok
18:18:30.0343 2460 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:18:30.0359 2460 sysaudio - ok
18:18:30.0375 2460 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:18:30.0390 2460 SysmonLog - ok
18:18:30.0421 2460 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:18:30.0421 2460 TapiSrv - ok
18:18:30.0453 2460 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:18:30.0468 2460 Tcpip - ok
18:18:30.0484 2460 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:18:30.0500 2460 TDPIPE - ok
18:18:30.0531 2460 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:18:30.0531 2460 TDTCP - ok
18:18:30.0546 2460 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:18:30.0546 2460 TermDD - ok
18:18:30.0593 2460 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:18:30.0609 2460 TermService - ok
18:18:30.0625 2460 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
18:18:30.0625 2460 Themes - ok
18:18:30.0656 2460 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:18:30.0671 2460 TlntSvr - ok
18:18:30.0671 2460 TosIde - ok
18:18:30.0687 2460 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:18:30.0703 2460 TrkWks - ok
18:18:30.0718 2460 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:18:30.0718 2460 Udfs - ok
18:18:30.0718 2460 ultra - ok
18:18:30.0750 2460 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
18:18:30.0765 2460 UMWdf - ok
18:18:30.0781 2460 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:18:30.0781 2460 Update - ok
18:18:30.0812 2460 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:18:30.0828 2460 upnphost - ok
18:18:30.0828 2460 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:18:30.0828 2460 UPS - ok
18:18:30.0890 2460 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:18:30.0906 2460 usbaudio - ok
18:18:30.0937 2460 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:18:30.0937 2460 usbccgp - ok
18:18:30.0953 2460 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:18:30.0968 2460 usbehci - ok
18:18:30.0968 2460 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:18:30.0984 2460 usbhub - ok
18:18:31.0000 2460 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:18:31.0000 2460 usbohci - ok
18:18:31.0000 2460 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:18:31.0015 2460 usbstor - ok
18:18:31.0031 2460 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:18:31.0046 2460 VgaSave - ok
18:18:31.0046 2460 ViaIde - ok
18:18:31.0078 2460 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:18:31.0093 2460 VolSnap - ok
18:18:31.0109 2460 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:18:31.0125 2460 VSS - ok
18:18:31.0140 2460 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:18:31.0156 2460 W32Time - ok
18:18:31.0156 2460 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:18:31.0171 2460 Wanarp - ok
18:18:31.0187 2460 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
18:18:31.0187 2460 WDC_SAM - ok
18:18:31.0203 2460 WDICA - ok
18:18:31.0218 2460 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:18:31.0218 2460 wdmaud - ok
18:18:31.0234 2460 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:18:31.0250 2460 WebClient - ok
18:18:31.0296 2460 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:18:31.0312 2460 winmgmt - ok
18:18:31.0343 2460 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
18:18:31.0343 2460 WmdmPmSN - ok
18:18:31.0359 2460 Wmi (bab489a5fe26f2d0c910cf7af7e4cf92) C:\WINDOWS\System32\advapi32.dll
18:18:31.0375 2460 Wmi - ok
18:18:31.0375 2460 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:18:31.0390 2460 WmiApSrv - ok
18:18:31.0437 2460 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:18:31.0453 2460 WSTCODEC - ok
18:18:31.0468 2460 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:18:31.0468 2460 wuauserv - ok
18:18:31.0500 2460 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:18:31.0515 2460 WZCSVC - ok
18:18:31.0515 2460 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:18:31.0531 2460 xmlprov - ok
18:18:31.0562 2460 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:18:31.0796 2460 \Device\Harddisk0\DR0 - ok
18:18:31.0796 2460 Boot (0x1200) (ba725bbfc031613492dfe1a4da635783) \Device\Harddisk0\DR0\Partition0
18:18:31.0796 2460 \Device\Harddisk0\DR0\Partition0 - ok
18:18:31.0828 2460 Boot (0x1200) (8b467394da3d42e754f6fd153c5018c8) \Device\Harddisk0\DR0\Partition1
18:18:31.0828 2460 \Device\Harddisk0\DR0\Partition1 - ok
18:18:31.0828 2460 ============================================================
18:18:31.0828 2460 Scan finished
18:18:31.0828 2460 ============================================================
18:18:31.0828 2468 Detected object count: 0
18:18:31.0828 2468 Actual detected object count: 0

_________________________________________________________________________________________________________________________



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-26 18:35:30
-----------------------------
18:35:30.515 OS Version: Windows 5.1.2600 Service Pack 3
18:35:30.515 Number of processors: 2 586 0xF0D
18:35:30.515 ComputerName: MDD-38E2D4945C2 UserName: DALE
18:35:31.125 Initialize success
18:37:50.890 AVAST engine defs: 12072602
18:38:52.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006c
18:38:52.281 Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
18:38:52.296 Disk 0 MBR read successfully
18:38:52.296 Disk 0 MBR scan
18:38:52.296 Disk 0 Windows XP default MBR code
18:38:52.312 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 800002 MB offset 63
18:38:52.312 Disk 0 Partition - 00 0F Extended LBA 153856 MB offset 1638405090
18:38:52.328 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 153856 MB offset 1638405153
18:38:52.328 Disk 0 scanning sectors +1953504000
18:38:52.406 Disk 0 scanning C:\WINDOWS\system32\drivers
18:38:59.765 Service scanning
18:39:11.921 Modules scanning
18:39:14.953 Disk 0 trace - called modules:
18:39:14.968 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
18:39:14.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa22ab8]
18:39:14.968 3 CLASSPNP.SYS[ba908fd7] -> nt!IofCallDriver -> \Device\0000006d[0x8aa61e90]
18:39:14.968 5 ACPI.sys[ba77f620] -> nt!IofCallDriver -> \Device\0000006c[0x8aa60030]
18:39:15.640 AVAST engine scan C:\WINDOWS
18:39:22.281 AVAST engine scan C:\WINDOWS\system32
18:41:20.531 AVAST engine scan C:\WINDOWS\system32\drivers
18:41:46.671 AVAST engine scan C:\Documents and Settings\DALE
18:45:06.046 AVAST engine scan C:\Documents and Settings\All Users
18:52:33.046 Scan finished successfully
18:53:49.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\DALE\Desktop\MBR.dat"
18:53:49.937 The log file has been saved successfully to "C:\Documents and Settings\DALE\Desktop\aswMBR.txt"

______________________________________________________________________________________________________________________________


Thanks for the easy to follow instructions, nasdaq.

However, I'm trying to find a way to attach the zipped MBR.dat and can't find a way to attach it (no "ATTACH" button), so I'll select "Post" and see if it becomes available. If it doesn't I'll try to forward by some other method if it's available. Please advise if I can't get it to you.

#4 thanksbleeping

thanksbleeping
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 26 July 2012 - 08:18 PM

Attached File  MBR.zip   510bytes   0 downloadsOk, got it attached!

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:13 AM

Posted 27 July 2012 - 10:11 AM

You are now cleared to run these tools.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs and let me know if the problem persists.

#6 thanksbleeping

thanksbleeping
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 27 July 2012 - 03:10 PM

Hello, nasdaq,

Started the above process following the directions to turn-off all antivirus first; accomplished this for all antivirus programs I could locate.

Started ComboFix, now it's telling me it's found AVG Antivirus Free Edition 2012 and to disable it before I continue by pushing "OK."

So, now I'm on another computer sending you this message while my infected computer is on hold waiting for me to disable AVG, then press "OK."

AVG was installed yesterday as part of the scan being conducted by (could have been TDSSKiller, but I 'm pretty sure it was this):

"Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

•Click the "Scan" button to start scan." -- in the middle of this scan, aswMBR had me agree to push a button to install AVG Antivirus Free Edition 2012. In doing this, aswMBR's process did NOT install an icon for AVG which I could now select to turn it off ("Catch 22, huh?).

I have found that aswMBR installed AVG in my C:\\Documents & Settings\All Users\(Application Data\MFAData\SelfUpd file) -- I added the parentheses to show what directories and files were hidden.

In the SelfUpd file I have found:

avgmfapx.exe and avgrunasm.exe -- haven't selected either for fear they will scan automatically without first stopping at a menu screen where I could disable AVG.

In C:\\Documents & Settings\All Users\(Application Data\MFAData\logs there's a text file which has configuration setting. in this file it states that "...AVGx86.msi is permitted to run at the 'unrestricted' authorization level. I've zipped and attached this text file.


I also talked with an AVG rep:

He say's AVG is not installed if it's not listed in "Start, Programs" -- it is not listed.

He thinks it is a virus itself claiming to be AVG and causing COMboFix to give me the message it's AVG.

What should I do?

I think I will install the same AVG Antivirus Free Edition 2012 on the good computer I'm now using and see what selecting avgmfapx.exe and avgrunasm.exe will do -- see if it will stop at a menu screen where I could disable it or if it will actomatically go into a scan. What do you think?

Thanks again for the help.

#7 thanksbleeping

thanksbleeping
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 27 July 2012 - 03:12 PM

Her's the file

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:13 AM

Posted 28 July 2012 - 07:04 AM

Use this tool to remove AVG.

Please download the AVG Remover and Save it to your Desktop.
  • Close all programs and double-click avgremover.exe then click Run
  • In Vista/Win7, right-click and choose 'Run as administrator'.
  • Follow the on-screen instructions.
  • Restart your computer if asked.
  • Then delete avgremover.exe from your desktop.

Run ComboFix and post the log.

#9 thanksbleeping

thanksbleeping
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 28 July 2012 - 12:14 PM

OK, thanks.
1. Shut down computer to exit the ComboFix popup saying to turn-off AVG.
2. Ran AVG Remover -- log is attached.
3. Ran search for AVG; those installation files are still there -- word file attached (sorry, couldn't paste "print screen" in notebook file.
4. Deleted AVG Remover.
5. Ran ComboFix -- again it said AVG was running. According to AVG Remover log it wasn't, so I pressed ahead (OK). Warned me again I was doing so at my risk -- again, pressed ahead (OK). ComboFix had me install Microsoft Windows Recovery Console. ComboFix completed successfully! -- computer never restarted during process -- log attached
6. Manually shutdown/restarted; continued by running Security Check, with these results:

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
AVG Anti-Virus Free Edition 2012
Symantec AntiVirus Corporate Edition
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
Symantec AntiVirus DefWatch.exe
Symantec AntiVirus Rtvscan.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````
-------------------------------------------------------------------------------------
7. Manually shutdown/restarted; checked to see if Windows firewall would turn-on and it had already turned itself on!
8. Thought XP was no longer supported by Microsoft, so have been ignoring the shield update notices. Went ahead and clicked on shield and downloaded 117 updates.
9. Computer is now loging onto internet in 1/2 to 1/4 the time it previously took!
10. Thanks for the help -- from previous fixes posted on Bleeping, I realize I may not be finished, so will wait for your further instructions.
11. Should I just delete all the AVG files shown in the attached Word doc? I think when you have me finished with the cleaning, I would like to correctly downlod AVG and use it.

#10 thanksbleeping

thanksbleeping
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 28 July 2012 - 12:19 PM

System wouldn't let me attach Word file mentioned in #3. above

Attached Files



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:13 AM

Posted 29 July 2012 - 07:26 AM

For your information.

Windows XP SP3 and Office 2003
Support Ends April 8, 2014

http://www.microsoft.com/en-us/windows/endofsupport.aspx
<<<>>>

This will remove the registry item. You can delete all the files and folders left over by the AVG uninstall tool.

Open notepad and copy/paste the text in the quote box below into it:

SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}

ClearJavaCache::


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 31


===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

#12 thanksbleeping

thanksbleeping
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 29 July 2012 - 11:01 AM

Note: As ComboFix was preparing to run (all the green text at the beginning), I got a notice that it wanted to update, so I allowed an update.

ComboFix 12-07-29.02 - DALE 07/29/2012 9:36.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.1775 [GMT -6:00]
Running from: c:\documents and settings\DALE\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-12-04 17:18 . 2012-12-04 17:18 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-12-04 17:17 . 2012-07-27 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-07-28 16:06 . 2012-07-28 16:06 -------- d-----w- c:\program files\MSXML 4.0
2012-07-28 16:06 . 2012-07-28 16:06 -------- d-----w- c:\windows\ie8updates
2012-07-28 16:02 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-07-28 16:02 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2012-07-28 16:02 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-07-28 16:00 . 2012-05-11 14:42 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-07-28 16:00 . 2012-05-11 14:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-07-28 16:00 . 2012-05-11 14:42 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-07-28 16:00 . 2012-05-11 14:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-07-28 16:00 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-07-28 16:00 . 2012-05-11 14:42 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-07-28 16:00 . 2012-05-11 14:42 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-07-28 15:58 . 2012-05-04 13:16 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-07-28 15:58 . 2012-05-04 13:12 2192640 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-07-28 15:58 . 2012-05-04 12:32 2069120 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2012-07-28 15:58 . 2012-05-04 12:32 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-07-28 15:58 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-07-28 15:58 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-07-28 15:57 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-07-28 15:56 . 2012-07-28 16:18 -------- d--h--w- c:\windows\$hf_mig$
2012-07-28 15:23 . 2012-07-28 15:23 -------- d-----w- c:\windows\system32\LogFiles
2012-07-27 00:16 . 2012-07-27 00:16 -------- d-----w- c:\program files\TDSSKiller
2012-07-15 17:26 . 2012-07-15 17:26 -------- d-----w- c:\documents and settings\DALE\Application Data\DriverCure
2012-07-15 17:26 . 2012-07-15 17:26 -------- d-----w- c:\documents and settings\DALE\Application Data\SpeedMaxPc
2012-07-15 17:26 . 2012-07-15 17:26 -------- d-----w- c:\program files\Common Files\SpeedMaxPc
2012-07-15 17:26 . 2012-07-15 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-07-15 17:26 . 2012-07-15 17:26 -------- d-----w- c:\program files\SpeedMaxPc
2012-07-15 17:23 . 2012-07-15 17:23 5037888 ----a-w- c:\program files\SpeedMaxpc_installer.exe
2012-07-15 16:39 . 2012-07-21 05:06 -------- d-----w- c:\windows\system32\NtmsData
2012-07-15 15:51 . 2012-07-15 15:51 2841104 ----a-w- c:\program files\NPE.exe
2012-07-04 17:44 . 2012-07-04 17:44 -------- d-----w- c:\documents and settings\DALE\Application Data\Malwarebytes
2012-07-04 17:44 . 2012-07-04 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-04 17:44 . 2012-07-20 15:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-04 17:44 . 2012-07-03 19:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-01 21:20 . 2012-07-01 21:20 -------- d-----w- c:\documents and settings\BARB\Local Settings\Application Data\Identities
2012-06-30 14:07 . 2012-06-30 14:07 -------- d-----w- c:\documents and settings\BARB\Local Settings\Application Data\Temp
2012-06-30 14:07 . 2012-06-30 14:07 -------- d-----w- c:\documents and settings\BARB\Local Settings\Application Data\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-26 01:06 . 2012-04-11 23:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-26 01:06 . 2011-07-22 03:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2008-04-14 05:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 09:42 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-14 09:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 09:42 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 21:19 . 2009-08-06 23:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 21:19 . 2011-07-13 02:29 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 21:19 . 2011-07-13 02:29 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 21:19 . 2011-07-13 02:29 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 21:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 21:19 . 2011-07-13 02:29 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 21:19 . 2011-07-13 02:29 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 21:19 . 2009-08-06 23:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 21:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 21:19 . 2008-04-14 09:41 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 21:19 . 2009-08-06 23:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 21:19 . 2011-07-13 02:29 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 21:19 . 2011-07-13 02:29 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2008-04-14 09:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-14 09:42 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2008-04-14 09:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:42 . 2008-04-14 09:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2008-04-14 04:07 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2008-04-14 04:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2011-07-13 02:26 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-09-20 20:06 . 2011-09-20 20:06 38958968 ----a-w- c:\program files\QuickTimeInstaller.exe
2011-09-04 19:31 . 2011-09-04 19:31 16409960 ----a-w- c:\program files\spybotsd162.exe
2011-08-27 22:57 . 2011-08-27 22:57 604488 ----a-w- c:\program files\GoogleEarthSetup.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-28_15.32.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-29 05:42 . 2009-06-29 05:42 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2012-07-29 14:27 . 2012-07-29 14:27 16384 c:\windows\Temp\Perflib_Perfdata_230.dat
+ 2008-04-14 09:42 . 2008-05-09 10:53 90112 c:\windows\system32\wshext.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 90112 c:\windows\system32\wshext.dll
+ 2008-04-14 09:42 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
+ 2008-04-14 09:42 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 09:42 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe
+ 2008-04-14 09:42 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe
+ 2008-04-14 09:42 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe
+ 2008-04-14 09:42 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
+ 2001-08-23 16:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
+ 2008-04-14 09:42 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 79872 c:\windows\system32\raschap.dll
+ 2001-08-23 16:00 . 2012-07-28 16:24 40196 c:\windows\system32\perfc009.dat
- 2001-08-23 16:00 . 2012-07-04 17:09 40196 c:\windows\system32\perfc009.dat
+ 2008-04-14 09:42 . 2011-11-18 12:35 60416 c:\windows\system32\packager.exe
+ 2001-08-23 16:00 . 2011-09-26 17:41 20480 c:\windows\system32\oleaccrc.dll
+ 2011-07-13 02:26 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2011-07-13 02:26 . 2008-04-14 09:42 91648 c:\windows\system32\mtxoci.dll
+ 2008-04-14 09:42 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 66560 c:\windows\system32\mtxclu.dll
+ 2008-04-14 05:42 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll
+ 2001-08-23 16:00 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll
+ 2008-04-14 09:42 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 11264 c:\windows\system32\msrle32.dll
+ 2008-04-14 09:42 . 2012-05-11 14:42 67072 c:\windows\system32\mshtmled.dll
- 2009-03-08 08:31 . 2009-03-08 08:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 08:31 . 2012-05-11 14:42 55296 c:\windows\system32\msfeedsbs.dll
+ 2011-07-13 02:26 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
- 2011-07-13 02:26 . 2008-04-14 09:42 58880 c:\windows\system32\msdtclog.dll
+ 2008-04-14 09:42 . 2008-06-24 16:43 74240 c:\windows\system32\mscms.dll
+ 2008-04-14 09:42 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
+ 2008-04-14 09:41 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 23040 c:\windows\system32\mciseq.dll
- 2008-04-14 09:42 . 2004-08-11 05:45 96768 c:\windows\system32\logagent.exe
+ 2008-04-14 09:42 . 2008-06-10 15:17 96768 c:\windows\system32\logagent.exe
+ 2008-04-14 09:41 . 2012-05-11 14:42 25600 c:\windows\system32\jsproxy.dll
- 2008-04-14 09:41 . 2009-03-08 08:33 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 05:41 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll
+ 2011-07-13 02:28 . 2010-11-18 18:12 81920 c:\windows\system32\isign32.dll
- 2011-07-13 02:28 . 2008-04-14 09:41 81920 c:\windows\system32\isign32.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 80384 c:\windows\system32\iccvid.dll
+ 2008-04-14 09:41 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
+ 2008-04-14 09:41 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
+ 2008-04-14 04:27 . 2010-11-02 15:17 40960 c:\windows\system32\drivers\ndproxy.sys
+ 2008-04-14 04:27 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
+ 2008-04-14 04:01 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
- 2008-04-14 09:41 . 2008-04-14 09:41 45568 c:\windows\system32\dnsrslvr.dll
+ 2008-04-14 09:41 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
+ 2008-04-14 09:42 . 2008-05-09 10:53 90112 c:\windows\system32\dllcache\wshext.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 90112 c:\windows\system32\dllcache\wshext.dll
+ 2008-04-14 09:42 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2011-07-13 02:28 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe
+ 2008-04-14 09:42 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2008-04-14 09:42 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2008-04-14 09:42 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2008-04-14 09:42 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
+ 2001-08-23 16:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2008-04-14 09:42 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 79872 c:\windows\system32\dllcache\raschap.dll
+ 2008-04-14 09:42 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2001-08-23 16:00 . 2011-09-26 17:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2008-04-14 04:27 . 2010-11-02 15:17 40960 c:\windows\system32\dllcache\ndproxy.sys
+ 2008-04-14 04:27 . 2011-07-08 14:02 10496 c:\windows\system32\dllcache\ndistapi.sys
- 2011-07-13 02:26 . 2008-04-14 09:42 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2011-07-13 02:26 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2008-04-14 09:42 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2001-08-23 16:00 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2008-04-14 09:42 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2008-04-14 09:42 . 2012-05-11 14:42 67072 c:\windows\system32\dllcache\mshtmled.dll
+ 2011-07-13 02:26 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2011-07-13 02:26 . 2008-04-14 09:42 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2008-04-14 09:42 . 2008-06-24 16:43 74240 c:\windows\system32\dllcache\mscms.dll
+ 2008-04-14 09:42 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2008-04-14 09:41 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2008-04-14 09:42 . 2008-06-10 15:17 96768 c:\windows\system32\dllcache\logagent.exe
- 2008-04-14 09:42 . 2004-08-11 05:45 96768 c:\windows\system32\dllcache\logagent.exe
+ 2008-04-14 09:41 . 2012-05-11 14:42 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-04-14 04:01 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2008-04-14 09:41 . 2012-05-11 14:42 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2008-04-14 09:41 . 2009-03-08 08:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2011-07-13 02:28 . 2010-11-18 18:12 81920 c:\windows\system32\dllcache\isign32.dll
- 2011-07-13 02:28 . 2008-04-14 09:41 81920 c:\windows\system32\dllcache\isign32.dll
+ 2008-04-14 09:41 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 45568 c:\windows\system32\dllcache\dnsrslvr.dll
+ 2008-04-14 09:41 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
+ 2008-04-14 09:41 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2008-04-14 09:41 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2008-04-14 09:41 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 58880 c:\windows\system32\dllcache\atl.dll
+ 2008-04-14 09:41 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2008-04-14 09:41 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2008-04-14 09:41 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll
+ 2008-04-14 09:41 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
+ 2008-04-14 09:41 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 84992 c:\windows\system32\avifil32.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 58880 c:\windows\system32\atl.dll
+ 2008-04-14 09:41 . 2009-07-17 19:01 58880 c:\windows\system32\atl.dll
+ 2008-04-14 09:41 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2012-07-28 16:06 . 2012-07-28 16:06 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2012-07-28 16:06 . 2012-07-28 16:06 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2012-07-28 16:08 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB2699988-IE8\xpshims.dll
+ 2012-07-28 16:08 . 2009-03-08 08:31 66560 c:\windows\ie8updates\KB2699988-IE8\mshtmled.dll
+ 2012-07-28 16:08 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB2699988-IE8\msfeedsbs.dll
+ 2012-07-28 16:08 . 2009-03-08 08:34 43008 c:\windows\ie8updates\KB2699988-IE8\licmgr10.dll
+ 2012-07-28 16:08 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB2699988-IE8\jsproxy.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2008-04-14 09:42 . 2008-05-08 11:24 155648 c:\windows\system32\wscript.exe
- 2008-04-14 09:42 . 2008-04-14 09:42 155648 c:\windows\system32\wscript.exe
+ 2008-04-14 09:42 . 2009-04-10 07:01 530280 c:\windows\system32\wmspdmod.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 233472 c:\windows\system32\wmpdxm.dll
+ 2008-04-14 09:42 . 2009-07-12 18:21 233472 c:\windows\system32\wmpdxm.dll
+ 2008-04-14 09:42 . 2007-10-27 23:40 227328 c:\windows\system32\wmasf.dll
+ 2008-04-14 09:42 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 132096 c:\windows\system32\wkssvc.dll
+ 2008-04-14 09:42 . 2012-02-29 14:10 177664 c:\windows\system32\wintrust.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 293376 c:\windows\system32\winsrv.dll
+ 2008-04-14 09:42 . 2011-11-25 21:57 293376 c:\windows\system32\winsrv.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 176128 c:\windows\system32\winmm.dll
+ 2008-04-14 09:42 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
+ 2008-04-14 09:42 . 2011-11-16 14:21 354816 c:\windows\system32\winhttp.dll
+ 2011-07-13 02:26 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2011-07-13 02:26 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2011-07-13 02:26 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
+ 2008-04-14 09:42 . 2011-03-04 06:37 420864 c:\windows\system32\vbscript.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 406016 c:\windows\system32\usp10.dll
+ 2008-04-14 09:42 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
- 2008-04-14 09:42 . 2009-03-08 08:34 105984 c:\windows\system32\url.dll
+ 2008-04-14 09:42 . 2012-05-11 14:42 105984 c:\windows\system32\url.dll
+ 2011-09-26 17:41 . 2011-09-26 17:41 611328 c:\windows\system32\uiautomationcore.dll
+ 2008-04-14 09:42 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
+ 2008-04-14 09:42 . 2009-08-26 08:00 247326 c:\windows\system32\strmdll.dll
+ 2008-04-14 09:42 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 135168 c:\windows\system32\shsvcs.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 474112 c:\windows\system32\shlwapi.dll
+ 2008-04-14 09:42 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
+ 2008-04-14 09:42 . 2011-01-21 14:44 439296 c:\windows\system32\shimgvw.dll
+ 2008-04-14 09:42 . 2009-02-06 11:11 110592 c:\windows\system32\services.exe
- 2008-04-14 09:42 . 2008-04-14 09:42 172032 c:\windows\system32\scrrun.dll
+ 2008-04-14 09:42 . 2008-05-09 10:53 172032 c:\windows\system32\scrrun.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 180224 c:\windows\system32\scrobj.dll
+ 2008-04-14 09:42 . 2008-05-09 10:53 180224 c:\windows\system32\scrobj.dll
+ 2008-04-14 09:42 . 2011-02-09 13:53 270848 c:\windows\system32\sbe.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 270848 c:\windows\system32\sbe.dll
+ 2008-04-14 09:42 . 2009-02-09 12:10 401408 c:\windows\system32\rpcss.dll
+ 2008-04-14 09:42 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll
+ 2008-04-14 09:42 . 2009-10-12 13:38 149504 c:\windows\system32\rastls.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 386048 c:\windows\system32\qdvd.dll
+ 2008-04-14 09:42 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
+ 2001-08-23 16:00 . 2012-07-28 16:24 311934 c:\windows\system32\perfh009.dat
- 2001-08-23 16:00 . 2012-07-04 17:09 311934 c:\windows\system32\perfh009.dat
- 2008-04-14 09:42 . 2008-04-14 09:42 284160 c:\windows\system32\pdh.dll
+ 2008-04-14 09:42 . 2009-03-06 14:22 284160 c:\windows\system32\pdh.dll
+ 2008-04-14 09:42 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 551936 c:\windows\system32\oleaut32.dll
+ 2001-08-23 16:00 . 2011-09-26 17:41 220160 c:\windows\system32\oleacc.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 249856 c:\windows\system32\odbc32.dll
+ 2008-04-14 09:42 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll
+ 2008-04-14 09:42 . 2012-05-11 14:42 206848 c:\windows\system32\occache.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 270336 c:\windows\system32\oakley.dll
+ 2008-04-14 09:42 . 2009-10-13 10:30 270336 c:\windows\system32\oakley.dll
+ 2008-04-14 09:41 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 337408 c:\windows\system32\netapi32.dll
+ 2008-04-14 09:42 . 2008-10-15 16:34 337408 c:\windows\system32\netapi32.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 245248 c:\windows\system32\mswsock.dll
+ 2008-04-14 09:42 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll
+ 2008-04-14 09:42 . 2009-08-05 09:01 204800 c:\windows\system32\mswebdvd.dll
+ 2008-04-14 09:42 . 2009-09-11 14:18 136192 c:\windows\system32\msv1_0.dll
- 2011-07-13 02:26 . 2008-04-14 09:42 677888 c:\windows\system32\mstsc.exe
+ 2011-07-13 02:26 . 2011-01-27 11:57 677888 c:\windows\system32\mstsc.exe
+ 2008-04-14 09:42 . 2012-05-11 14:42 611840 c:\windows\system32\mstime.dll
- 2008-04-14 09:42 . 2009-03-08 08:32 611840 c:\windows\system32\mstime.dll
+ 2011-07-13 02:26 . 2009-12-16 18:43 343040 c:\windows\system32\mspaint.exe
- 2011-07-13 02:26 . 2008-04-14 09:42 343040 c:\windows\system32\mspaint.exe
+ 2009-03-08 08:32 . 2012-05-11 14:42 629760 c:\windows\system32\msfeeds.dll
+ 2011-07-13 02:26 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2011-07-13 02:26 . 2008-04-14 09:42 161792 c:\windows\system32\msdtcuiu.dll
+ 2011-07-13 02:26 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
- 2011-07-13 02:26 . 2008-04-14 09:42 956928 c:\windows\system32\msdtctm.dll
+ 2011-07-13 02:26 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 384512 c:\windows\system32\mp4sdmod.dll
+ 2008-04-14 09:41 . 2010-04-05 17:54 384512 c:\windows\system32\mp4sdmod.dll
+ 2007-04-03 13:44 . 2011-02-08 13:33 974848 c:\windows\system32\mfc42u.dll
+ 2008-04-14 09:41 . 2011-02-08 13:33 978944 c:\windows\system32\mfc42.dll
+ 2008-04-14 09:41 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll
+ 2001-08-23 16:00 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll
+ 2008-04-14 09:41 . 2010-12-20 17:26 730112 c:\windows\system32\lsasrv.dll
+ 2008-04-14 09:41 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
+ 2008-04-14 09:41 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 989696 c:\windows\system32\kernel32.dll
+ 2008-04-14 09:41 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll
- 2008-04-14 09:41 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2008-04-14 09:41 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
+ 2011-07-13 02:28 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll
+ 2008-04-14 09:41 . 2012-02-29 14:10 148480 c:\windows\system32\imagehlp.dll
+ 2008-04-14 09:41 . 2012-05-11 14:42 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 09:41 . 2012-05-11 14:42 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-14 09:42 . 2012-05-11 11:38 174080 c:\windows\system32\ie4uinit.exe
+ 2008-04-14 09:41 . 2008-10-23 12:36 286720 c:\windows\system32\gdi32.dll
+ 2011-07-12 22:11 . 2012-07-28 16:20 126912 c:\windows\system32\FNTCACHE.DAT
- 2011-07-12 22:11 . 2011-07-22 03:41 126912 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-14 09:41 . 2008-07-07 20:26 253952 c:\windows\system32\es.dll
+ 2008-04-14 09:41 . 2011-10-18 11:13 186880 c:\windows\system32\encdec.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 186880 c:\windows\system32\encdec.dll
+ 2008-04-14 04:30 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2008-04-14 04:50 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
+ 2008-04-14 04:45 . 2011-02-17 13:18 357888 c:\windows\system32\drivers\srv.sys
+ 2008-04-14 04:25 . 2008-05-08 14:02 203136 c:\windows\system32\drivers\rmcast.sys
+ 2008-04-14 04:47 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys
+ 2008-04-14 04:47 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys
+ 2008-04-14 04:49 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys
+ 2008-04-14 09:41 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 155648 c:\windows\system32\dllcache\wscript.exe
+ 2008-04-14 09:42 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe
+ 2011-07-13 02:26 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
+ 2008-04-14 09:42 . 2009-04-10 07:01 530280 c:\windows\system32\dllcache\wmspdmod.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2008-04-14 09:42 . 2009-07-12 18:21 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2011-07-13 02:26 . 2009-02-06 10:10 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2011-07-13 02:26 . 2009-02-09 12:10 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2008-04-14 09:42 . 2007-10-27 23:40 227328 c:\windows\system32\dllcache\wmasf.dll
+ 2008-04-14 09:42 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2008-04-14 09:42 . 2012-02-29 14:10 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-04-14 09:42 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 293376 c:\windows\system32\dllcache\winsrv.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 176128 c:\windows\system32\dllcache\winmm.dll
+ 2008-04-14 09:42 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
+ 2008-04-14 09:42 . 2012-05-16 15:08 916992 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-14 09:42 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2011-07-13 02:29 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
+ 2008-04-14 09:42 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 406016 c:\windows\system32\dllcache\usp10.dll
+ 2008-04-14 09:42 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
- 2008-04-14 09:42 . 2009-03-08 08:34 105984 c:\windows\system32\dllcache\url.dll
+ 2008-04-14 09:42 . 2012-05-11 14:42 105984 c:\windows\system32\dllcache\url.dll
+ 2011-07-13 02:28 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll
- 2011-07-13 02:28 . 2008-04-14 09:42 153088 c:\windows\system32\dllcache\triedit.dll
+ 2008-04-14 04:30 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-04-14 04:50 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys
+ 2008-04-14 09:42 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-04-14 09:42 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2008-04-14 04:45 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys
- 2008-04-14 09:42 . 2008-04-14 09:42 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2008-04-14 09:42 . 2009-07-27 23:17 135168 c:\windows\system32\dllcache\shsvcs.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2008-04-14 09:42 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2008-04-14 09:42 . 2011-01-21 14:44 439296 c:\windows\system32\dllcache\shimgvw.dll
+ 2008-04-14 09:42 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\services.exe
+ 2008-04-14 09:42 . 2008-05-09 10:53 172032 c:\windows\system32\dllcache\scrrun.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 172032 c:\windows\system32\dllcache\scrrun.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 180224 c:\windows\system32\dllcache\scrobj.dll
+ 2008-04-14 09:42 . 2008-05-09 10:53 180224 c:\windows\system32\dllcache\scrobj.dll
+ 2008-04-14 09:42 . 2012-06-04 04:32 152576 c:\windows\system32\dllcache\schannel.dll
+ 2008-04-14 09:42 . 2011-02-09 13:53 270848 c:\windows\system32\dllcache\sbe.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 270848 c:\windows\system32\dllcache\sbe.dll
+ 2008-04-14 09:42 . 2009-02-09 12:10 401408 c:\windows\system32\dllcache\rpcss.dll
+ 2008-04-14 09:42 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2008-04-14 04:25 . 2008-05-08 14:02 203136 c:\windows\system32\dllcache\rmcast.sys
- 2011-07-13 02:26 . 2008-04-14 09:43 139656 c:\windows\system32\dllcache\rdpwd.sys
+ 2011-07-13 02:26 . 2012-05-02 13:46 139656 c:\windows\system32\dllcache\rdpwd.sys
+ 2008-04-14 09:42 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
+ 2008-04-14 09:42 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2008-04-14 09:42 . 2009-03-06 14:22 284160 c:\windows\system32\dllcache\pdh.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 284160 c:\windows\system32\dllcache\pdh.dll
+ 2008-04-14 09:42 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2001-08-23 16:00 . 2011-09-26 17:41 220160 c:\windows\system32\dllcache\oleacc.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2008-04-14 09:42 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2008-04-14 09:42 . 2012-05-11 14:42 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 09:42 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 270336 c:\windows\system32\dllcache\oakley.dll
+ 2008-04-14 09:41 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 337408 c:\windows\system32\dllcache\netapi32.dll
+ 2008-04-14 09:42 . 2008-10-15 16:34 337408 c:\windows\system32\dllcache\netapi32.dll
+ 2008-04-14 04:47 . 2011-04-21 13:37 105472 c:\windows\system32\dllcache\mup.sys
- 2008-04-14 09:42 . 2008-04-14 09:42 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2008-04-14 09:42 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2008-04-14 09:42 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2008-04-14 09:42 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2008-04-14 09:42 . 2009-03-08 08:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-04-14 09:42 . 2012-05-11 14:42 611840 c:\windows\system32\dllcache\mstime.dll
- 2011-07-13 02:26 . 2008-04-14 09:42 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2011-07-13 02:26 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2011-07-13 02:28 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
- 2011-07-13 02:28 . 2008-04-14 09:42 102400 c:\windows\system32\dllcache\msjro.dll
+ 2011-07-13 02:26 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
- 2011-07-13 02:26 . 2008-04-14 09:42 161792 c:\windows\system32\dllcache\msdtcuiu.dll
- 2011-07-13 02:26 . 2008-04-14 09:42 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2011-07-13 02:26 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2011-07-13 02:26 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2011-07-13 02:28 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
- 2011-07-13 02:28 . 2008-04-14 09:42 200704 c:\windows\system32\dllcache\msadox.dll
- 2011-07-13 02:28 . 2008-04-14 09:42 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2011-07-13 02:28 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
- 2011-07-13 02:28 . 2008-04-14 09:42 536576 c:\windows\system32\dllcache\msado15.dll
+ 2011-07-13 02:28 . 2012-05-28 18:16 536576 c:\windows\system32\dllcache\msado15.dll
+ 2011-07-13 02:28 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
- 2011-07-13 02:28 . 2008-04-14 09:42 143360 c:\windows\system32\dllcache\msadco.dll
- 2011-07-13 02:28 . 2008-04-14 09:42 331776 c:\windows\system32\dllcache\msadce.dll
+ 2011-07-13 02:28 . 2008-05-01 14:33 331776 c:\windows\system32\dllcache\msadce.dll
+ 2008-04-14 09:41 . 2010-04-05 17:54 384512 c:\windows\system32\dllcache\mp4sdmod.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 384512 c:\windows\system32\dllcache\mp4sdmod.dll
+ 2007-04-03 13:44 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2008-04-14 09:41 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
+ 2008-04-14 09:41 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
+ 2001-08-23 16:00 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
+ 2008-04-14 09:41 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2008-04-14 09:41 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
- 2011-07-13 02:26 . 2008-04-14 09:42 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2011-07-13 02:26 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2008-04-14 09:41 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2008-04-14 09:41 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2008-04-14 09:41 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-04-14 09:41 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2011-07-13 02:28 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2008-04-14 09:41 . 2012-02-29 14:10 148480 c:\windows\system32\dllcache\imagehlp.dll
+ 2008-04-14 09:41 . 2012-05-11 14:42 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-14 09:41 . 2012-05-11 14:42 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-14 09:42 . 2012-05-11 11:38 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-07-13 02:28 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe
- 2011-07-13 02:28 . 2008-04-14 09:42 744448 c:\windows\system32\dllcache\helpsvc.exe
+ 2008-04-14 09:41 . 2008-10-23 12:36 286720 c:\windows\system32\dllcache\gdi32.dll
+ 2011-07-13 02:26 . 2009-02-09 12:10 473600 c:\windows\system32\dllcache\fastprox.dll
+ 2008-04-14 09:41 . 2008-07-07 20:26 253952 c:\windows\system32\dllcache\es.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 186880 c:\windows\system32\dllcache\encdec.dll
+ 2008-04-14 09:41 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
+ 2008-04-14 09:41 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll
+ 2008-04-14 09:42 . 2008-05-07 09:07 135168 c:\windows\system32\dllcache\cscript.exe
+ 2008-04-14 09:41 . 2012-05-31 13:22 599040 c:\windows\system32\dllcache\crypt32.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2008-04-14 09:41 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2008-04-14 09:39 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
+ 2008-04-14 04:49 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
+ 2008-04-14 09:41 . 2009-02-09 12:10 617472 c:\windows\system32\dllcache\advapi32.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 617472 c:\windows\system32\dllcache\advapi32.dll
+ 2008-04-14 09:41 . 2009-11-21 15:51 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2008-04-14 09:41 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2008-04-14 09:42 . 2008-05-07 09:07 135168 c:\windows\system32\cscript.exe
+ 2008-04-14 09:41 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 617472 c:\windows\system32\comctl32.dll
+ 2008-04-14 09:39 . 2011-02-15 12:56 290432 c:\windows\system32\atmfd.dll
+ 2008-04-14 09:41 . 2009-02-09 12:10 617472 c:\windows\system32\advapi32.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 617472 c:\windows\system32\advapi32.dll
+ 2008-04-14 09:41 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
- 2011-07-13 02:28 . 2008-04-14 09:42 744448 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2011-07-13 02:28 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
+ 2012-07-28 16:06 . 2012-07-28 16:06 432640 c:\windows\Installer\fa6a5.msi
+ 2012-07-28 16:06 . 2012-07-28 16:06 429568 c:\windows\Installer\fa69d.msi
+ 2012-07-28 16:08 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB2699988-IE8\wininet.dll
+ 2012-07-28 16:08 . 2009-03-08 08:34 105984 c:\windows\ie8updates\KB2699988-IE8\url.dll
+ 2012-07-28 16:08 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2699988-IE8\spuninst\updspapi.dll
+ 2012-07-28 16:08 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2699988-IE8\spuninst\spuninst.exe
+ 2012-07-28 16:08 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB2699988-IE8\occache.dll
+ 2012-07-28 16:08 . 2009-03-08 08:32 611840 c:\windows\ie8updates\KB2699988-IE8\mstime.dll
+ 2012-07-28 16:08 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB2699988-IE8\msfeeds.dll
+ 2012-07-28 16:08 . 2009-03-08 08:35 521216 c:\windows\ie8updates\KB2699988-IE8\jsdbgui.dll
+ 2012-07-28 16:08 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB2699988-IE8\ieproxy.dll
+ 2012-07-28 16:08 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB2699988-IE8\iepeers.dll
+ 2012-07-28 16:08 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB2699988-IE8\iedvtool.dll
+ 2012-07-28 16:08 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB2699988-IE8\iedkcs32.dll
+ 2012-07-28 16:08 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB2699988-IE8\ie4uinit.exe
+ 2012-07-28 16:06 . 2009-03-08 08:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2012-07-28 16:06 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2012-07-28 16:06 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2012-07-28 16:06 . 2009-03-08 08:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2012-07-28 16:06 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2012-07-28 16:06 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2012-07-28 16:06 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2012-07-28 16:02 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2012-07-28 16:02 . 2008-06-13 11:05 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2008-04-14 09:41 . 2009-11-21 15:51 471552 c:\windows\AppPatch\aclayers.dll
+ 2012-07-28 16:02 . 2012-02-09 15:43 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
+ 2012-07-28 16:02 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2009-07-21 06:03 . 2009-07-21 06:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2008-09-30 22:42 . 2008-09-30 22:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-04-14 09:43 . 2010-04-03 09:33 2365288 c:\windows\system32\WMVCore.dll
+ 2008-04-14 09:42 . 2010-08-26 23:16 4886528 c:\windows\system32\wmp.dll
+ 2008-04-14 09:42 . 2008-06-10 17:37 1026048 c:\windows\system32\WMNetmgr.dll
+ 2008-04-14 09:42 . 2012-05-11 14:42 1212416 c:\windows\system32\urlmon.dll
+ 2008-04-14 09:42 . 2012-06-08 14:26 8462848 c:\windows\system32\shell32.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 1435648 c:\windows\system32\query.dll
+ 2008-04-14 09:42 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
+ 2008-04-14 09:42 . 2011-11-03 15:28 1292288 c:\windows\system32\quartz.dll
+ 2008-04-14 09:42 . 2011-11-01 16:07 1288704 c:\windows\system32\ole32.dll
+ 2009-07-21 06:05 . 2009-07-21 06:05 1348432 c:\windows\system32\msxml4.dll
+ 2011-07-13 02:26 . 2011-02-02 07:58 2067456 c:\windows\system32\mstscax.dll
+ 2008-04-14 09:42 . 2012-05-11 14:42 6007808 c:\windows\system32\mshtml.dll
+ 2009-03-08 08:32 . 2012-05-11 14:42 2000384 c:\windows\system32\iertutil.dll
+ 2008-04-14 09:43 . 2010-04-03 09:33 2365288 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-04-14 09:42 . 2010-08-26 23:16 4886528 c:\windows\system32\dllcache\wmp.dll
+ 2008-04-14 09:42 . 2008-06-10 17:37 1026048 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2008-04-14 05:00 . 2012-06-13 13:19 1866112 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-14 09:42 . 2012-05-11 14:42 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 09:42 . 2012-06-08 14:26 8462848 c:\windows\system32\dllcache\shell32.dll
+ 2008-04-14 09:42 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 1435648 c:\windows\system32\dllcache\query.dll
+ 2008-04-14 09:42 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2008-04-14 09:42 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
+ 2008-04-14 09:42 . 2012-06-05 15:50 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-04-14 09:42 . 2012-06-05 15:50 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-06-10 15:19 . 2009-06-10 15:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2011-07-13 02:28 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2008-04-14 09:42 . 2012-05-11 14:42 6007808 c:\windows\system32\dllcache\mshtml.dll
+ 2011-07-13 02:28 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
- 2011-07-13 02:28 . 2008-04-14 09:42 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2011-07-13 02:26 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2012-07-28 16:08 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB2699988-IE8\urlmon.dll
+ 2012-07-28 16:08 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB2699988-IE8\mshtml.dll
+ 2012-07-28 16:08 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB2699988-IE8\iertutil.dll
+ 2012-07-28 15:58 . 2012-05-04 13:12 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2012-07-28 15:58 . 2012-05-04 12:32 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2012-07-28 15:58 . 2012-05-04 12:32 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2012-07-28 15:58 . 2012-05-04 13:16 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-07-28 16:12 . 2012-07-03 09:13 57442464 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2012-05-12 02:12 11111424 c:\windows\system32\ieframe.dll
+ 2012-05-12 02:12 . 2012-05-12 02:12 11111424 c:\windows\system32\dllcache\ieframe.dll
+ 2012-07-28 16:08 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB2699988-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-21 148776]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-03-14 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-04 13574144]
"nwiz"="nwiz.exe" [2008-11-04 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-04 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-06-11 153136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-09-20 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\DALE\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [7/14/2011 7:39 PM 21992]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/1/2012 8:01 PM 106656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/27/2011 4:57 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/11/2012 5:09 PM 257224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/27/2011 4:57 PM 136176]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 6:48 PM 116664]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 01:06]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-27 22:57]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-27 22:57]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1960408961-842925246-1003Core.job
- c:\documents and settings\DALE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-03 16:07]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1960408961-842925246-1003UA.job
- c:\documents and settings\DALE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-03 16:07]
.
2012-07-29 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\program files\Common Files\SpeedMaxPc\UUS3\UUS3.dll [2012-06-26 21:32]
.
2012-07-23 c:\windows\Tasks\SpeedMaxPc Update3.job
- c:\program files\Common Files\SpeedMaxPc\UUS3\Update3.exe [2012-06-26 21:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-29 09:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3480)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-07-29 09:41:27
ComboFix-quarantined-files.txt 2012-07-29 15:41
ComboFix2.txt 2012-07-28 15:33
.
Pre-Run: 825,451,302,912 bytes free
Post-Run: 825,428,410,368 bytes free
.
- - End Of File - - 2545D171D87F049E3D6259F7C4650528
------------------------------------------------------------------------

Thanks for all your volunteer help, nasdaq.

#13 thanksbleeping

thanksbleeping
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 05 August 2012 - 07:31 AM

Am I all through cleaning?

Thanks for all the help.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:13 AM

Posted 05 August 2012 - 08:52 AM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#15 thanksbleeping

thanksbleeping
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 06 August 2012 - 07:14 PM

OK, all downloads and files generated have been removed.

Thanks again for all you've helped me with to get this cured.

I will assume all is complete unless you send some more instructions.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users