Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My explorer and winlogon files are infected


  • This topic is locked This topic is locked
56 replies to this topic

#1 Beauty

Beauty

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:54 AM

Posted 29 August 2012 - 01:23 PM

I was working with a previous person in a topic and after days of reparing my laptop he said the files explore and winlogon were infected

BC AdBot (Login to Remove)

 


#2 Beauty

Beauty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:54 AM

Posted 29 August 2012 - 03:32 PM

Here is the dds log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by LaVi at 15:24:41 on 2012-08-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.168 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - Somoto Toolbar
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} -
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WinPatrol System Monitor] c:\program files\billp studios\winpatrol\WinPatrol.exe
uRun: [Google Update] "c:\documents and settings\lavi\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{18ADAD08-B8E0-44E7-A299-8CB2C329A4F1} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 FsFilter;FsFilter;c:\documents and settings\lavi\application data\adobe\rxsupply.sys [2012-8-13 21504]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-6-30 54760]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2012-6-2 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2012-6-2 185640]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-25 135664]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2012-8-3 352248]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-4 250056]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2009-7-24 112640]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-25 135664]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2009-7-24 100480]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-9-24 18432]
.
=============== Created Last 30 ================
.
2012-08-26 18:55:34 177496 ----a-w- c:\windows\system32\drivers\70228952.sys
2012-08-25 03:58:23 -------- d-----w- c:\program files\ESET
2012-08-25 01:13:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-11 21:40:52 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-08-11 21:40:52 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-10 20:43:04 -------- d-----w- c:\documents and settings\all users.windows\application data\PC Tools
2012-08-10 20:42:59 -------- d-----w- c:\documents and settings\lavi\application data\TestApp
2012-08-04 12:14:55 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-04 02:44:08 -------- d-----w- C:\ProgramData
2012-08-04 02:42:51 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2012-08-04 02:42:51 256 ----a-w- c:\windows\system32\MSIevent.bat
2012-08-04 02:38:46 -------- d-----w- c:\program files\Verizon
2012-08-04 01:18:29 -------- d-----w- c:\program files\VERIZONDM
.
==================== Find3M ====================
.
2012-08-29 17:07:02 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-08-29 02:16:45 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-08-28 17:01:51 17408 -c--a-w- c:\windows\system32\rpcnetp.dll
2012-08-25 01:15:21 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-08-24 15:09:26 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-08-16 01:54:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-04 17:42:57 49592 ----a-w- c:\windows\system32\pkgslv.exe
2012-06-04 17:42:56 46008 ----a-w- c:\windows\system32\pkgmgr.dll
.
============= FINISH: 15:32:22.12 ===============

#3 Beauty

Beauty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:54 AM

Posted 29 August 2012 - 04:39 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-29 17:38:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e Hitachi_HTS541680J9SA00 rev.SB2OC7KP
Running: gmer.exe; Driver: C:\DOCUME~1\LaVi\LOCALS~1\Temp\awkdrpob.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\Ntfs.sys The system cannot find the file specified.
? c:\documents and settings\lavi\application data\adobe\rxsupply.sys The system cannot find the file specified.
? C:\DOCUME~1\LaVi\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2628] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2628] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2628] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2628] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2628] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2628] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2628] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2628] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2628] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs rxsupply.sys
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat rxsupply.sys

---- EOF - GMER 1.0.15 ----

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 AM

Posted 30 August 2012 - 12:22 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Beauty

Beauty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:54 AM

Posted 30 August 2012 - 06:24 PM

Hello the computer is running normal no redirecting or pop ups so far. I have done the security cheack and an error message pop up stating that the framedyn.dll was not found but the check still ran i believe here is the log i have.

Results of screen317's Security Check version 0.99.49
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
SpywareBlaster 4.6
Malwarebytes Anti-Malware version 1.60.0.1800
Abexo Free Registry Cleaner
Java™ 6 Update 23
Java version out of Date!
Adobe Reader X 10.0.1 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
WinPatrol winpatrol.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

#6 Beauty

Beauty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:54 AM

Posted 30 August 2012 - 06:34 PM

Combofix Says My MSE is Running but when i go to it its says it off

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 AM

Posted 30 August 2012 - 07:25 PM

go ahead and run it anyway



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Beauty

Beauty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:54 AM

Posted 31 August 2012 - 11:28 AM

here is the comofix log. the computer is still working normal.
ComboFix 12-08-30.05 - LaVi 08/30/2012 21:43:06.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.595 [GMT -4:00]
Running from: c:\documents and settings\LaVi\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\desktop.ini
c:\documents and settings\All Users.WINDOWS\Application Data\3002.abs
c:\documents and settings\All Users.WINDOWS\Application Data\3002.xml
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\LaVi\My Documents\~WRL1699.tmp
c:\documents and settings\LaVi\My Documents\~WRL2854.tmp
c:\documents and settings\LaVi\My Documents\~WRL3042.tmp
c:\windows\EventSystem.log
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
C:\x
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETWORKLOG
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-31 )))))))))))))))))))))))))))))))
.
.
2012-08-26 18:55 . 2012-08-26 18:55 177496 ----a-w- c:\windows\system32\drivers\70228952.sys
2012-08-25 03:58 . 2012-08-25 03:58 -------- d-----w- c:\program files\ESET
2012-08-25 01:13 . 2012-08-26 18:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-11 21:40 . 2012-08-11 21:40 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-10 20:43 . 2012-08-10 20:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2012-08-10 20:42 . 2012-08-10 20:42 -------- d-----w- c:\documents and settings\LaVi\Application Data\TestApp
2012-08-10 12:55 . 2012-08-10 12:55 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.002\IECompatCache
2012-08-04 12:14 . 2012-08-16 01:54 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-04 02:44 . 2012-08-04 02:44 -------- d-----w- C:\ProgramData
2012-08-04 02:42 . 2012-08-04 02:42 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2012-08-04 02:42 . 2012-08-04 02:42 256 ----a-w- c:\windows\system32\MSIevent.bat
2012-08-04 02:38 . 2012-08-04 02:42 -------- d-----w- c:\program files\Verizon
2012-08-04 01:18 . 2012-08-04 01:18 -------- d-----w- c:\program files\VERIZONDM
2012-08-04 01:18 . 2012-08-04 01:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SupportSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 03:33 . 2008-04-29 09:15 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-08-31 03:33 . 2008-04-29 18:17 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-08-28 17:01 . 2008-04-29 19:44 17408 -c--a-w- c:\windows\system32\rpcnetp.dll
2012-08-25 01:15 . 2004-08-04 10:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-08-16 01:54 . 2011-06-07 03:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-04 17:42 . 2011-10-17 17:43 49592 ----a-w- c:\windows\system32\pkgslv.exe
2012-06-04 17:42 . 2011-10-17 17:43 46008 ----a-w- c:\windows\system32\pkgmgr.dll
2012-06-02 19:19 . 2007-07-31 02:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2008-04-29 19:31 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2008-04-29 19:31 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2008-04-29 19:31 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2007-07-31 02:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2008-04-29 19:31 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2008-04-29 19:31 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2007-07-31 02:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2007-07-31 02:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2004-08-04 10:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2007-07-31 02:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2008-04-29 19:31 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2008-04-29 19:31 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2008-05-01 23:31 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2008-05-01 23:31 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2008-05-01 23:31 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-13 19:15 . !HASH: COULD NOT OPEN FILE !!!!! . 574976 . . [------] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 456E0F5B9BEB184521B0EE8FA7CC92C7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
.
[-] 2011-01-21 . 3F061815A6754C0A1C9BF3D78A14BB54 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2011-01-21 . 3F061815A6754C0A1C9BF3D78A14BB54 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2011-01-21 . EAF851A4387DA45E9AC48C89FAE16A6C . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
[-] 2011-01-21 . EAF851A4387DA45E9AC48C89FAE16A6C . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol System Monitor"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2011-02-13 325000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-14 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-10-29 2498560]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2012-06-02 206120]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-28 50688]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\c:\0autocheck autochk /p \??\c:\0autocheck autochk /p \??\c:\0autocheck autochk /p \??\c:\0autocheck autochk /r \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Ares\\chatServer.exe"=
"c:\\Documents and Settings\\LaVi\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R1 FsFilter;FsFilter;c:\documents and settings\LaVi\Application Data\Adobe\rxsupply.sys [8/13/2012 8:31 PM 21504]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [8/3/2012 4:22 PM 352248]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [6/2/2012 6:34 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [6/2/2012 6:35 AM 185640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/25/2011 4:51 PM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/4/2012 8:15 AM 250056]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [7/24/2009 4:06 PM 112640]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/25/2011 4:51 PM 135664]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [7/24/2009 4:06 PM 100480]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [9/24/2011 4:45 PM 18432]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ZSMC211
nmservice
MXOPSWD
cmuda3
tbhsd
Uim_IM
s7oppitx
akshhl
whoisd32
vmnetuserif
JGOGO
slimsvc
cdmservice
CSDriver
symantecantibotwatcher
pshost
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 01:54]
.
2012-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-25 20:51]
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-25 20:51]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-602609370-1417001333-1003Core.job
- c:\documents and settings\LaVi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-09 16:42]
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-602609370-1417001333-1003UA.job
- c:\documents and settings\LaVi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-09 16:42]
.
2012-08-31 c:\windows\Tasks\User_Feed_Synchronization-{E5DE94E7-9A75-4BF0-9936-3EEE8C9D2555}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{007811BF-E310-4285-BFC6-55DB29B3EDDE} - c:\docume~1\ALLUSE~1.WIN\APPLIC~1\INSTAL~1\{00781~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-31 00:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\07\01\0b\0e4\05y"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3912)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\rpcnet.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\SigmaTel\C-Major Audio\WDM\StacSV.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
.
**************************************************************************
.
Completion time: 2012-08-31 00:39:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-31 04:39
ComboFix2.txt 2011-01-30 04:40
.
Pre-Run: 24,139,653,120 bytes free
Post-Run: 28,508,733,440 bytes free
.
- - End Of File - - B88DC14745DA5F7A2CE7B00E1AB31EE7

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 AM

Posted 31 August 2012 - 12:07 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 AM

Posted 02 September 2012 - 11:31 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Beauty

Beauty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:54 AM

Posted 03 September 2012 - 05:47 PM

Sorry i have not responded from you but the power haqs been out in my area. I am writing u from my phone.The power is suppose to be back on by tomorrow and i will have the logs posted

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 AM

Posted 03 September 2012 - 06:20 PM

no problem and thanks for letting me know



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Beauty

Beauty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:54 AM

Posted 05 September 2012 - 05:21 PM

I have the logs here for you. While i was running aswMBR a small blue error screen popped upand i had to restart and run the scan again. My searches are redirect again.
23:34:08.0588 0784 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
23:34:10.0588 0784 ============================================================
23:34:10.0588 0784 Current date / time: 2012/09/04 23:34:10.0588
23:34:10.0588 0784 SystemInfo:
23:34:10.0588 0784
23:34:10.0588 0784 OS Version: 5.1.2600 ServicePack: 3.0
23:34:10.0588 0784 Product type: Workstation
23:34:10.0588 0784 ComputerName: HOME-A7DC498E6C
23:34:10.0588 0784 UserName: LaVi
23:34:10.0588 0784 Windows directory: C:\WINDOWS
23:34:10.0588 0784 System windows directory: C:\WINDOWS
23:34:10.0588 0784 Processor architecture: Intel x86
23:34:10.0588 0784 Number of processors: 2
23:34:10.0588 0784 Page size: 0x1000
23:34:10.0588 0784 Boot type: Normal boot
23:34:10.0588 0784 ============================================================
23:34:15.0745 0784 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:34:15.0760 0784 ============================================================
23:34:15.0760 0784 \Device\Harddisk0\DR0:
23:34:15.0791 0784 MBR partitions:
23:34:15.0791 0784 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
23:34:15.0791 0784 ============================================================
23:34:15.0854 0784 C: <-> \Device\Harddisk0\DR0\Partition1
23:34:15.0854 0784 ============================================================
23:34:15.0854 0784 Initialize success
23:34:15.0854 0784 ============================================================
23:34:30.0307 2572 ============================================================
23:34:30.0307 2572 Scan started
23:34:30.0307 2572 Mode: Manual;
23:34:30.0307 2572 ============================================================
23:34:32.0042 2572 ================ Scan system memory ========================
23:34:32.0057 2572 System memory - ok
23:34:32.0057 2572 ================ Scan services =============================
23:34:32.0885 2572 Abiosdsk - ok
23:34:32.0901 2572 abp480n5 - ok
23:34:33.0088 2572 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:34:33.0213 2572 ACPI - ok
23:34:33.0260 2572 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:34:33.0276 2572 ACPIEC - ok
23:34:33.0620 2572 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:34:33.0807 2572 AdobeFlashPlayerUpdateSvc - ok
23:34:33.0823 2572 adpu160m - ok
23:34:33.0995 2572 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:34:34.0120 2572 aec - ok
23:34:34.0292 2572 [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:34:34.0417 2572 AFD - ok
23:34:34.0432 2572 Aha154x - ok
23:34:34.0432 2572 aic78u2 - ok
23:34:34.0448 2572 aic78xx - ok
23:34:34.0526 2572 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:34:34.0557 2572 Alerter - ok
23:34:34.0620 2572 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:34:34.0651 2572 ALG - ok
23:34:34.0651 2572 AliIde - ok
23:34:34.0667 2572 amsint - ok
23:34:34.0838 2572 [ B8D65DA679A4A8D048783EDE2691B5D4 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
23:34:34.0963 2572 ApfiltrService - ok
23:34:35.0026 2572 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
23:34:35.0042 2572 APPDRV - ok
23:34:35.0354 2572 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:34:35.0385 2572 Apple Mobile Device - ok
23:34:35.0510 2572 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:34:35.0682 2572 AppMgmt - ok
23:34:35.0776 2572 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:34:35.0823 2572 Arp1394 - ok
23:34:35.0838 2572 asc - ok
23:34:35.0854 2572 asc3350p - ok
23:34:35.0870 2572 asc3550 - ok
23:34:36.0010 2572 [ 7591238EBF7DD1FD13B353C382227DC3 ] ASFIPmon C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
23:34:36.0073 2572 ASFIPmon - ok
23:34:36.0323 2572 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:34:36.0401 2572 aspnet_state - ok
23:34:36.0448 2572 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:34:36.0463 2572 AsyncMac - ok
23:34:36.0573 2572 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:34:36.0588 2572 atapi - ok
23:34:36.0588 2572 Atdisk - ok
23:34:36.0698 2572 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:34:36.0745 2572 Atmarpc - ok
23:34:36.0838 2572 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:34:36.0963 2572 AudioSrv - ok
23:34:37.0026 2572 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:34:37.0026 2572 audstub - ok
23:34:37.0229 2572 [ F96038AA1EC4013A93D2420FC689D1E9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
23:34:37.0370 2572 b57w2k - ok
23:34:37.0385 2572 [ 5C68AC6F3E5B3E6D6A78E97D05E42C3A ] BASFND C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
23:34:37.0401 2572 BASFND - ok
23:34:39.0698 2572 [ 345D38F298368DD6B0DF5C4F37457A22 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
23:34:41.0901 2572 BCM43XX - ok
23:34:41.0979 2572 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:34:41.0979 2572 Beep - ok
23:34:42.0276 2572 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
23:34:42.0823 2572 BITS - ok
23:34:43.0214 2572 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:34:43.0526 2572 Bonjour Service - ok
23:34:43.0651 2572 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
23:34:43.0745 2572 Browser - ok
23:34:43.0745 2572 catchme - ok
23:34:43.0792 2572 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:34:43.0807 2572 cbidf2k - ok
23:34:43.0870 2572 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:34:43.0885 2572 CCDECODE - ok
23:34:43.0885 2572 cd20xrnt - ok
23:34:43.0948 2572 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:34:43.0964 2572 Cdaudio - ok
23:34:44.0057 2572 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:34:44.0104 2572 Cdfs - ok
23:34:44.0214 2572 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:34:44.0276 2572 Cdrom - ok
23:34:44.0354 2572 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
23:34:44.0385 2572 cercsr6 - ok
23:34:44.0401 2572 Changer - ok
23:34:44.0448 2572 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:34:44.0448 2572 CiSvc - ok
23:34:44.0479 2572 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:34:44.0526 2572 ClipSrv - ok
23:34:44.0604 2572 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:34:44.0760 2572 clr_optimization_v2.0.50727_32 - ok
23:34:44.0760 2572 CLTNetCnService - ok
23:34:44.0807 2572 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:34:44.0823 2572 CmBatt - ok
23:34:44.0839 2572 CmdIde - ok
23:34:44.0854 2572 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:34:44.0870 2572 Compbatt - ok
23:34:44.0870 2572 COMSysApp - ok
23:34:44.0901 2572 Cpqarray - ok
23:34:45.0026 2572 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:34:45.0073 2572 CryptSvc - ok
23:34:45.0073 2572 dac2w2k - ok
23:34:45.0089 2572 dac960nt - ok
23:34:45.0464 2572 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:34:45.0807 2572 DcomLaunch - ok
23:34:45.0964 2572 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:34:46.0073 2572 Dhcp - ok
23:34:46.0151 2572 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:34:46.0182 2572 Disk - ok
23:34:46.0198 2572 dmadmin - ok
23:34:46.0401 2572 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:34:46.0589 2572 dmboot - ok
23:34:46.0714 2572 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:34:46.0823 2572 dmio - ok
23:34:46.0870 2572 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:34:46.0870 2572 dmload - ok
23:34:46.0917 2572 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:34:46.0948 2572 dmserver - ok
23:34:47.0026 2572 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:34:47.0073 2572 DMusic - ok
23:34:47.0135 2572 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:34:47.0167 2572 Dnscache - ok
23:34:47.0292 2572 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:34:47.0464 2572 Dot3svc - ok
23:34:47.0464 2572 dpti2o - ok
23:34:47.0526 2572 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:34:47.0542 2572 drmkaud - ok
23:34:47.0589 2572 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:34:47.0635 2572 EapHost - ok
23:34:47.0714 2572 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:34:47.0729 2572 ERSvc - ok
23:34:47.0885 2572 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:34:47.0979 2572 Eventlog - ok
23:34:48.0245 2572 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
23:34:48.0448 2572 EventSystem - ok
23:34:48.0557 2572 [ 9032405F762F1AFA92DFEF99CB078306 ] ewusbnet C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
23:34:48.0635 2572 ewusbnet - ok
23:34:48.0854 2572 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:34:48.0979 2572 Fastfat - ok
23:34:49.0135 2572 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:34:49.0245 2572 FastUserSwitchingCompatibility - ok
23:34:49.0292 2572 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
23:34:49.0323 2572 Fdc - ok
23:34:49.0370 2572 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:34:49.0417 2572 Fips - ok
23:34:49.0464 2572 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:34:49.0479 2572 Flpydisk - ok
23:34:49.0589 2572 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:34:49.0667 2572 FltMgr - ok
23:34:49.0776 2572 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:34:49.0807 2572 FontCache3.0.0.0 - ok
23:34:49.0995 2572 [ 86908D0C072CE28A7650B78BAB5A06E5 ] FsFilter c:\documents and settings\lavi\application data\adobe\rxsupply.sys
23:34:50.0010 2572 Suspicious file (NoAccess): c:\documents and settings\lavi\application data\adobe\rxsupply.sys. md5: 86908D0C072CE28A7650B78BAB5A06E5
23:34:50.0010 2572 FsFilter ( LockedFile.Multi.Generic ) - warning
23:34:50.0010 2572 FsFilter - detected LockedFile.Multi.Generic (1)
23:34:50.0120 2572 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
23:34:50.0167 2572 fssfltr - ok
23:34:50.0854 2572 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
23:34:51.0526 2572 fsssvc - ok
23:34:51.0573 2572 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:34:51.0589 2572 Fs_Rec - ok
23:34:51.0698 2572 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:34:51.0792 2572 Ftdisk - ok
23:34:51.0854 2572 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:34:51.0885 2572 Gpc - ok
23:34:52.0010 2572 [ C0BDAB85F3E8B2138C513255E2BCC4D8 ] guardian2 C:\WINDOWS\system32\Drivers\oz776.sys
23:34:52.0073 2572 guardian2 - ok
23:34:52.0323 2572 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:34:52.0432 2572 gupdate - ok
23:34:52.0542 2572 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:34:52.0557 2572 gupdatem - ok
23:34:52.0760 2572 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:34:52.0917 2572 gusvc - ok
23:34:53.0104 2572 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:34:53.0245 2572 HDAudBus - ok
23:34:53.0417 2572 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:34:53.0432 2572 helpsvc - ok
23:34:53.0526 2572 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
23:34:53.0542 2572 HidServ - ok
23:34:53.0604 2572 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:34:53.0620 2572 HidUsb - ok
23:34:53.0682 2572 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:34:53.0760 2572 hkmsvc - ok
23:34:53.0776 2572 hpn - ok
23:34:53.0839 2572 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:34:53.0885 2572 HPZid412 - ok
23:34:53.0995 2572 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:34:54.0010 2572 HPZipr12 - ok
23:34:54.0057 2572 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:34:54.0073 2572 HPZius12 - ok
23:34:54.0307 2572 [ 290CDBB05903742EA06B7203C5A662F5 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
23:34:54.0479 2572 HSFHWAZL - ok
23:34:55.0339 2572 [ 7AB812355F98858B9ECDD46E6FCC221F ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23:34:56.0167 2572 HSF_DPV - ok
23:34:56.0417 2572 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:34:56.0635 2572 HTTP - ok
23:34:56.0682 2572 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:34:56.0698 2572 HTTPFilter - ok
23:34:56.0807 2572 [ 60AEC3F4EC355D9F46D545A0FA08CE87 ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
23:34:56.0870 2572 hwdatacard - ok
23:34:56.0948 2572 [ B93D3C81EF1D372DC5BD5E6275362E1A ] hwusbdev C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
23:34:57.0026 2572 hwusbdev - ok
23:34:57.0042 2572 i2omgmt - ok
23:34:57.0042 2572 i2omp - ok
23:34:57.0120 2572 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:34:57.0167 2572 i8042prt - ok
23:35:02.0526 2572 [ 200CCA76CD0E0F7EEC78FA56C29B4D67 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
23:35:07.0542 2572 ialm - ok
23:35:08.0057 2572 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:35:08.0698 2572 idsvc - ok
23:35:09.0104 2572 [ 23E1BCADABE423C35C19BBDFF10CCE6D ] IHA_MessageCenter C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
23:35:09.0432 2572 IHA_MessageCenter - ok
23:35:09.0526 2572 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:35:09.0573 2572 Imapi - ok
23:35:09.0745 2572 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:35:09.0870 2572 ImapiService - ok
23:35:09.0886 2572 ini910u - ok
23:35:09.0901 2572 IntelIde - ok
23:35:09.0995 2572 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:35:10.0026 2572 intelppm - ok
23:35:10.0120 2572 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:35:10.0151 2572 Ip6Fw - ok
23:35:10.0229 2572 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:35:10.0261 2572 IpFilterDriver - ok
23:35:10.0307 2572 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:35:10.0323 2572 IpInIp - ok
23:35:10.0479 2572 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:35:10.0620 2572 IpNat - ok
23:35:10.0729 2572 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:35:10.0792 2572 IPSec - ok
23:35:10.0839 2572 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:35:10.0854 2572 IRENUM - ok
23:35:10.0917 2572 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:35:10.0932 2572 isapnp - ok
23:35:11.0245 2572 [ E731921DB2E17DCD3DB472FAD5549C57 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
23:35:11.0370 2572 JavaQuickStarterService - ok
23:35:11.0417 2572 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:35:11.0432 2572 Kbdclass - ok
23:35:11.0620 2572 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:35:11.0761 2572 kmixer - ok
23:35:11.0886 2572 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:35:11.0948 2572 KSecDD - ok
23:35:12.0073 2572 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:35:12.0167 2572 lanmanserver - ok
23:35:12.0323 2572 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:35:12.0432 2572 lanmanworkstation - ok
23:35:12.0432 2572 lbrtfdc - ok
23:35:12.0526 2572 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:35:12.0526 2572 LmHosts - ok
23:35:12.0542 2572 LVUSBSta - ok
23:35:12.0901 2572 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:35:13.0198 2572 MDM - ok
23:35:13.0261 2572 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:35:13.0276 2572 mdmxsdk - ok
23:35:13.0339 2572 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:35:13.0386 2572 Messenger - ok
23:35:13.0448 2572 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:35:13.0448 2572 mnmdd - ok
23:35:13.0511 2572 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:35:13.0542 2572 mnmsrvc - ok
23:35:13.0636 2572 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:35:13.0667 2572 Modem - ok
23:35:13.0698 2572 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:35:13.0714 2572 Mouclass - ok
23:35:13.0776 2572 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:35:13.0792 2572 mouhid - ok
23:35:13.0823 2572 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:35:13.0854 2572 MountMgr - ok
23:35:14.0057 2572 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
23:35:14.0198 2572 MpFilter - ok
23:35:14.0557 2572 [ A69630D039C38018689190234F866D77 ] MpKsl80942173 c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DFB8036E-2B86-4921-B9CF-174BDDACB600}\MpKsl80942173.sys
23:35:14.0620 2572 MpKsl80942173 - ok
23:35:14.0729 2572 [ 70C14F5CCA5CF73F8A645C73A01D8726 ] MQAC C:\WINDOWS\system32\drivers\mqac.sys
23:35:14.0807 2572 MQAC - ok
23:35:14.0823 2572 mraid35x - ok
23:35:14.0995 2572 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:35:15.0151 2572 MRxDAV - ok
23:35:15.0557 2572 [ F3AEFB11ABC521122B67095044169E98 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:35:15.0948 2572 MRxSmb - ok
23:35:16.0011 2572 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:35:16.0011 2572 MSDTC - ok
23:35:16.0073 2572 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:35:16.0089 2572 Msfs - ok
23:35:16.0089 2572 MSIServer - ok
23:35:16.0120 2572 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:35:16.0136 2572 MSKSSRV - ok
23:35:16.0198 2572 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:35:16.0214 2572 MsMpSvc - ok
23:35:16.0261 2572 [ AFB909B537AAE1BEAE7BBDB6A36D40B0 ] MSMQ C:\WINDOWS\system32\mqsvc.exe
23:35:16.0276 2572 MSMQ - ok
23:35:16.0386 2572 [ 7F955FF3B1BB93376EBE75D5ACCDC6DB ] MSMQTriggers C:\WINDOWS\system32\mqtgsvc.exe
23:35:16.0479 2572 MSMQTriggers - ok
23:35:16.0495 2572 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:35:16.0511 2572 MSPCLOCK - ok
23:35:16.0542 2572 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:35:16.0557 2572 MSPQM - ok
23:35:16.0620 2572 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:35:16.0636 2572 mssmbios - ok
23:35:16.0682 2572 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
23:35:16.0682 2572 MSTEE - ok
23:35:16.0792 2572 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:35:16.0870 2572 Mup - ok
23:35:16.0948 2572 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:35:16.0979 2572 NABTSFEC - ok
23:35:17.0229 2572 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:35:17.0542 2572 napagent - ok
23:35:17.0714 2572 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:35:17.0839 2572 NDIS - ok
23:35:17.0886 2572 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:35:17.0886 2572 NdisIP - ok
23:35:17.0933 2572 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:35:17.0933 2572 NdisTapi - ok
23:35:17.0979 2572 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:35:17.0979 2572 Ndisuio - ok
23:35:18.0089 2572 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:35:18.0183 2572 NdisWan - ok
23:35:18.0245 2572 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:35:18.0276 2572 NDProxy - ok
23:35:18.0354 2572 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
23:35:18.0401 2572 Net Driver HPZ12 - ok
23:35:18.0448 2572 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\WINDOWS\system32\DRIVERS\netaapl.sys
23:35:18.0479 2572 Netaapl - ok
23:35:18.0542 2572 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:35:18.0573 2572 NetBIOS - ok
23:35:18.0714 2572 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:35:18.0854 2572 NetBT - ok
23:35:18.0979 2572 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:35:19.0136 2572 NetDDE - ok
23:35:19.0214 2572 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:35:19.0214 2572 NetDDEdsdm - ok
23:35:19.0261 2572 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:35:19.0276 2572 Netlogon - ok
23:35:19.0464 2572 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:35:19.0667 2572 Netman - ok
23:35:19.0776 2572 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:35:19.0917 2572 NetTcpPortSharing - ok
23:35:20.0026 2572 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:35:20.0089 2572 NIC1394 - ok
23:35:20.0636 2572 [ 27D38B7D646283D98D65E3435B1E6197 ] NICCONFIGSVC C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
23:35:21.0011 2572 NICCONFIGSVC - ok
23:35:21.0276 2572 [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla C:\WINDOWS\System32\mswsock.dll
23:35:21.0448 2572 Nla - ok
23:35:21.0464 2572 nmservice - ok
23:35:21.0526 2572 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:35:21.0558 2572 Npfs - ok
23:35:21.0995 2572 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:35:21.0995 2572 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\Ntfs.sys. md5: 78A08DD6A8D65E697C18E1DB01C5CDCA
23:35:21.0995 2572 Ntfs ( LockedFile.Multi.Generic ) - warning
23:35:21.0995 2572 Ntfs - detected LockedFile.Multi.Generic (1)
23:35:22.0026 2572 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:35:22.0042 2572 NtLmSsp - ok
23:35:22.0339 2572 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:35:22.0714 2572 NtmsSvc - ok
23:35:22.0745 2572 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:35:22.0745 2572 Null - ok
23:35:22.0948 2572 [ 2D7E00B3899AFFFB800361D89A0C7660 ] NWADI C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
23:35:23.0104 2572 NWADI - ok
23:35:23.0151 2572 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:35:23.0167 2572 NwlnkFlt - ok
23:35:23.0214 2572 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:35:23.0229 2572 NwlnkFwd - ok
23:35:23.0339 2572 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:35:23.0386 2572 ohci1394 - ok
23:35:23.0511 2572 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:35:23.0573 2572 ose - ok
23:35:23.0683 2572 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
23:35:23.0745 2572 Parport - ok
23:35:23.0808 2572 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:35:23.0823 2572 PartMgr - ok
23:35:23.0870 2572 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:35:23.0901 2572 ParVdm - ok
23:35:23.0964 2572 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] PCASp50 C:\WINDOWS\system32\Drivers\PCASp50.sys
23:35:23.0979 2572 PCASp50 - ok
23:35:24.0042 2572 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:35:24.0104 2572 PCI - ok
23:35:24.0104 2572 PCIDump - ok
23:35:24.0136 2572 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:35:24.0151 2572 PCIIde - ok
23:35:24.0276 2572 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:35:24.0370 2572 Pcmcia - ok
23:35:24.0386 2572 PCTINDIS5 - ok
23:35:24.0401 2572 PDCOMP - ok
23:35:24.0401 2572 PDFRAME - ok
23:35:24.0417 2572 PDRELI - ok
23:35:24.0433 2572 PDRFRAME - ok
23:35:24.0448 2572 perc2 - ok
23:35:24.0448 2572 perc2hib - ok
23:35:24.0479 2572 PID_PEPI - ok
23:35:24.0604 2572 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:35:24.0620 2572 PlugPlay - ok
23:35:24.0745 2572 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
23:35:24.0808 2572 Pml Driver HPZ12 - ok
23:35:24.0886 2572 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:35:24.0886 2572 PolicyAgent - ok
23:35:25.0011 2572 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:35:25.0042 2572 PptpMiniport - ok
23:35:25.0073 2572 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:35:25.0073 2572 ProtectedStorage - ok
23:35:25.0167 2572 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:35:25.0229 2572 PSched - ok
23:35:25.0245 2572 pshost - ok
23:35:25.0292 2572 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:35:25.0308 2572 Ptilink - ok
23:35:25.0401 2572 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:35:25.0433 2572 PxHelp20 - ok
23:35:25.0448 2572 ql1080 - ok
23:35:25.0464 2572 Ql10wnt - ok
23:35:25.0464 2572 ql12160 - ok
23:35:25.0479 2572 ql1240 - ok
23:35:25.0495 2572 ql1280 - ok
23:35:25.0542 2572 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:35:25.0542 2572 RasAcd - ok
23:35:25.0620 2572 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:35:25.0714 2572 RasAuto - ok
23:35:25.0792 2572 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:35:25.0839 2572 Rasl2tp - ok
23:35:26.0058 2572 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:35:26.0214 2572 RasMan - ok
23:35:26.0261 2572 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:35:26.0292 2572 RasPppoe - ok
23:35:26.0339 2572 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:35:26.0354 2572 Raspti - ok
23:35:26.0511 2572 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:35:26.0651 2572 Rdbss - ok
23:35:26.0667 2572 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:35:26.0683 2572 RDPCDD - ok
23:35:26.0917 2572 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:35:27.0089 2572 rdpdr - ok
23:35:27.0276 2572 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:35:27.0386 2572 RDPWD - ok
23:35:27.0526 2572 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:35:27.0683 2572 RDSessMgr - ok
23:35:27.0776 2572 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:35:27.0839 2572 redbook - ok
23:35:27.0917 2572 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:35:27.0948 2572 RemoteAccess - ok
23:35:28.0026 2572 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:35:28.0120 2572 RemoteRegistry - ok
23:35:28.0136 2572 RimUsb - ok
23:35:28.0214 2572 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
23:35:28.0245 2572 RimVSerPort - ok
23:35:28.0464 2572 [ 96F7A9A7BF0C9C0440A967440065D33C ] RMCAST C:\WINDOWS\system32\drivers\RMCast.sys
23:35:28.0636 2572 RMCAST - ok
23:35:28.0667 2572 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
23:35:28.0683 2572 ROOTMODEM - ok
23:35:28.0761 2572 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
23:35:28.0823 2572 RpcLocator - ok
23:35:28.0917 2572 [ 3297445BB9FD3E8363E7559010ED2AE7 ] rpcnet C:\WINDOWS\system32\rpcnet.exe
23:35:28.0964 2572 rpcnet - ok
23:35:29.0308 2572 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
23:35:29.0323 2572 RpcSs - ok
23:35:29.0448 2572 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:35:29.0558 2572 RSVP - ok
23:35:29.0604 2572 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:35:29.0620 2572 SamSs - ok
23:35:29.0745 2572 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:35:29.0839 2572 SCardSvr - ok
23:35:30.0058 2572 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:35:30.0214 2572 Schedule - ok
23:35:30.0526 2572 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:35:30.0698 2572 SeaPort - ok
23:35:30.0761 2572 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:35:30.0776 2572 Secdrv - ok
23:35:30.0839 2572 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:35:30.0854 2572 seclogon - ok
23:35:30.0901 2572 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:35:30.0933 2572 SENS - ok
23:35:31.0011 2572 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:35:31.0026 2572 serenum - ok
23:35:31.0104 2572 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:35:31.0167 2572 Serial - ok
23:35:31.0229 2572 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:35:31.0245 2572 Sfloppy - ok
23:35:31.0573 2572 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:35:31.0854 2572 SharedAccess - ok
23:35:31.0979 2572 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:35:31.0995 2572 ShellHWDetection - ok
23:35:32.0011 2572 Simbad - ok
23:35:32.0058 2572 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:35:32.0073 2572 SLIP - ok
23:35:32.0089 2572 Sparrow - ok
23:35:32.0104 2572 SPBBCDrv - ok
23:35:32.0151 2572 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:35:32.0167 2572 splitter - ok
23:35:32.0276 2572 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:35:32.0323 2572 Spooler - ok
23:35:32.0386 2572 sprtsvc_verizondm - ok
23:35:32.0479 2572 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:35:32.0526 2572 sr - ok
23:35:32.0714 2572 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:35:32.0854 2572 srservice - ok
23:35:33.0198 2572 [ 0F6AEFAD3641A657E18081F52D0C15AF ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:35:33.0495 2572 Srv - ok
23:35:33.0589 2572 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:35:33.0651 2572 SSDPSRV - ok
23:35:33.0823 2572 [ 686FA4ACFDCB4E16B7F0230B88F6D17E ] STacSV C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
23:35:33.0901 2572 STacSV - ok
23:35:35.0011 2572 [ 31BA85E1CFF39A57F702A2A0877BB8E1 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
23:35:36.0058 2572 STHDA - ok
23:35:36.0401 2572 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:35:36.0667 2572 stisvc - ok
23:35:36.0729 2572 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:35:36.0745 2572 streamip - ok
23:35:36.0792 2572 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:35:36.0808 2572 swenum - ok
23:35:36.0917 2572 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:35:36.0964 2572 swmidi - ok
23:35:36.0979 2572 SwPrv - ok
23:35:36.0995 2572 symc810 - ok
23:35:37.0011 2572 symc8xx - ok
23:35:37.0026 2572 sym_hi - ok
23:35:37.0042 2572 sym_u3 - ok
23:35:37.0120 2572 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:35:37.0183 2572 sysaudio - ok
23:35:37.0276 2572 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:35:37.0339 2572 SysmonLog - ok
23:35:37.0589 2572 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:35:37.0792 2572 TapiSrv - ok
23:35:38.0136 2572 [ 456E0F5B9BEB184521B0EE8FA7CC92C7 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:35:38.0433 2572 Tcpip - ok
23:35:38.0480 2572 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:35:38.0495 2572 TDPIPE - ok
23:35:38.0526 2572 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:35:38.0542 2572 TDTCP - ok
23:35:38.0620 2572 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:35:38.0651 2572 TermDD - ok
23:35:38.0933 2572 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:35:39.0183 2572 TermService - ok
23:35:39.0183 2572 tgsrvc_verizondm - ok
23:35:39.0339 2572 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
23:35:39.0355 2572 Themes - ok
23:35:39.0448 2572 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
23:35:39.0526 2572 TlntSvr - ok
23:35:39.0542 2572 TosIde - ok
23:35:39.0667 2572 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:35:39.0730 2572 TrkWks - ok
23:35:39.0823 2572 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:35:39.0870 2572 Udfs - ok
23:35:39.0886 2572 UIUSys - ok
23:35:39.0886 2572 ultra - ok
23:35:40.0323 2572 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:35:40.0636 2572 Update - ok
23:35:40.0839 2572 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:35:40.0995 2572 upnphost - ok
23:35:41.0042 2572 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:35:41.0058 2572 UPS - ok
23:35:41.0151 2572 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
23:35:41.0183 2572 USBAAPL - ok
23:35:41.0261 2572 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
23:35:41.0308 2572 usbaudio - ok
23:35:41.0386 2572 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:35:41.0401 2572 usbccgp - ok
23:35:41.0495 2572 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:35:41.0526 2572 usbehci - ok
23:35:41.0636 2572 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:35:41.0683 2572 usbhub - ok
23:35:41.0745 2572 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:35:41.0761 2572 usbprint - ok
23:35:41.0808 2572 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:35:41.0823 2572 usbscan - ok
23:35:41.0886 2572 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:35:41.0917 2572 USBSTOR - ok
23:35:41.0948 2572 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:35:41.0964 2572 usbuhci - ok
23:35:42.0011 2572 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:35:42.0026 2572 VgaSave - ok
23:35:42.0042 2572 ViaIde - ok
23:35:42.0089 2572 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:35:42.0136 2572 VolSnap - ok
23:35:42.0308 2572 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:35:42.0589 2572 VSS - ok
23:35:42.0776 2572 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
23:35:42.0917 2572 W32Time - ok
23:35:43.0011 2572 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:35:43.0042 2572 Wanarp - ok
23:35:43.0058 2572 wanatw - ok
23:35:43.0480 2572 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
23:35:43.0855 2572 Wdf01000 - ok
23:35:43.0870 2572 WDICA - ok
23:35:43.0964 2572 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:35:44.0042 2572 wdmaud - ok
23:35:44.0167 2572 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:35:44.0230 2572 WebClient - ok
23:35:44.0886 2572 [ A8596CF86D445269A42ECC08B7066A4C ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:35:45.0542 2572 winachsf - ok
23:35:45.0823 2572 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:35:45.0933 2572 winmgmt - ok
23:35:46.0183 2572 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
23:35:46.0480 2572 WLSetupSvc - ok
23:35:46.0495 2572 wltrysvc - ok
23:35:46.0558 2572 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:35:46.0589 2572 WmdmPmSN - ok
23:35:47.0167 2572 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:35:47.0683 2572 Wmi - ok
23:35:47.0714 2572 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:35:47.0730 2572 WmiAcpi - ok
23:35:47.0839 2572 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:35:47.0933 2572 WmiApSrv - ok
23:35:48.0667 2572 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
23:35:49.0276 2572 WMPNetworkSvc - ok
23:35:49.0323 2572 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:35:49.0339 2572 WS2IFSL - ok
23:35:49.0464 2572 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:35:49.0526 2572 wscsvc - ok
23:35:49.0589 2572 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:35:49.0605 2572 WSTCODEC - ok
23:35:49.0636 2572 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:35:49.0651 2572 wuauserv - ok
23:35:49.0730 2572 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:35:49.0776 2572 WudfPf - ok
23:35:49.0855 2572 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:35:49.0901 2572 WudfRd - ok
23:35:49.0964 2572 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:35:50.0026 2572 WudfSvc - ok
23:35:50.0511 2572 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:35:50.0901 2572 WZCSVC - ok
23:35:51.0011 2572 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:35:51.0167 2572 xmlprov - ok
23:35:51.0183 2572 ZSMC211 - ok
23:35:51.0230 2572 ================ Scan global ===============================
23:35:51.0323 2572 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:35:51.0667 2572 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
23:35:52.0167 2572 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
23:35:52.0308 2572 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:35:52.0308 2572 [Global] - ok
23:35:52.0308 2572 ================ Scan MBR ==================================
23:35:52.0370 2572 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:35:52.0870 2572 \Device\Harddisk0\DR0 - ok
23:35:52.0870 2572 ================ Scan VBR ==================================
23:35:52.0886 2572 [ FDD718EB911A819E19A4D03A70DD6EF9 ] \Device\Harddisk0\DR0\Partition1
23:35:52.0886 2572 \Device\Harddisk0\DR0\Partition1 - ok
23:35:52.0886 2572 ============================================================
23:35:52.0886 2572 Scan finished
23:35:52.0901 2572 ============================================================
23:35:52.0948 0348 Detected object count: 2
23:35:52.0948 0348 Actual detected object count: 2
00:12:35.0853 0348 FsFilter ( LockedFile.Multi.Generic ) - skipped by user
00:12:35.0853 0348 FsFilter ( LockedFile.Multi.Generic ) - User select action: Skip
00:12:35.0853 0348 Ntfs ( LockedFile.Multi.Generic ) - skipped by user
00:12:35.0853 0348 Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-05 13:04:01
-----------------------------
13:04:01.618 OS Version: Windows 5.1.2600 Service Pack 3
13:04:01.618 Number of processors: 2 586 0xF0D
13:04:01.618 ComputerName: HOME-A7DC498E6C UserName: LaVi
13:04:05.727 Initialize success
13:05:55.352 AVAST engine defs: 12090401
13:23:12.571 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
13:23:12.571 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC7KP Size: 76319MB BusType: 3
13:23:12.602 Disk 0 MBR read successfully
13:23:12.602 Disk 0 MBR scan
13:23:12.774 Disk 0 Windows XP default MBR code
13:23:12.774 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
13:23:12.821 Disk 0 scanning sectors +156296385
13:23:13.040 Disk 0 scanning C:\WINDOWS\system32\drivers
13:24:06.602 Service scanning
13:24:36.868 Service FsFilter c:\documents and settings\lavi\application data\adobe\rxsupply.sys **INFECTED** Win32:Malware-gen
13:25:39.383 Modules scanning
13:26:14.196 Disk 0 trace - called modules:
13:26:14.227 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
13:26:14.227 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87530ab8]
13:26:14.243 3 CLASSPNP.SYS[f75defd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x87550030]
13:26:17.071 AVAST engine scan C:\WINDOWS
13:27:01.352 AVAST engine scan C:\WINDOWS\system32
13:45:33.571 AVAST engine scan C:\WINDOWS\system32\drivers
13:46:43.180 AVAST engine scan C:\Documents and Settings\LaVi
13:46:49.743 File: C:\Documents and Settings\LaVi\Application Data\Adobe\rxsupply.sys **INFECTED** Win32:Malware-gen
13:50:42.102 File: C:\Documents and Settings\LaVi\Local Settings\Application Data\ApplicationHistory\Adobe\xitdbv.dll **INFECTED** Win32:Trojan-gen
13:54:36.540 File: C:\Documents and Settings\LaVi\Local Settings\Application Data\{6b0df133-ebe9-8067-5063-524e7b859752}\U\00000001.@ **INFECTED** Win32:Malware-gen
13:54:36.649 File: C:\Documents and Settings\LaVi\Local Settings\Application Data\{6b0df133-ebe9-8067-5063-524e7b859752}\U\80000000.@ **INFECTED** Win64:Sirefef-A [Trj]
13:55:08.868 File: C:\Documents and Settings\LaVi\Local Settings\temp\2B.tmp **INFECTED** Win32:Winwebsec-AH [Trj]
13:55:09.165 File: C:\Documents and Settings\LaVi\Local Settings\temp\2C.tmp **INFECTED** Win32:ZAccess-IK [Trj]
14:21:30.446 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
14:28:44.243 Scan finished successfully
14:43:56.774 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\LaVi\Desktop\MBR.dat"
14:43:56.774 The log file has been saved successfully to "C:\Documents and Settings\LaVi\Desktop\aswMBR3.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 AM

Posted 05 September 2012 - 05:28 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\Documents and Settings\LaVi\Local Settings\Application Data\{6b0df133-ebe9-8067-5063-524e7b859752}

File::
C:\Documents and Settings\LaVi\Application Data\Adobe\rxsupply.sys
C:\Documents and Settings\LaVi\Local Settings\temp\2B.tmp
C:\Documents and Settings\LaVi\Local Settings\temp\2C.tmp 
C:\Documents and Settings\LaVi\Local Settings\Application Data\ApplicationHistory\Adobe\xitdbv.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Beauty

Beauty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:54 AM

Posted 05 September 2012 - 10:58 PM

The computer is working normally.

ComboFix 12-09-05.02 - LaVi 09/05/2012 21:28:09.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.545 [GMT -4:00]
Running from: c:\documents and settings\LaVi\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\LaVi\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\LaVi\Application Data\Adobe\rxsupply.sys"
"c:\documents and settings\LaVi\Local Settings\Application Data\ApplicationHistory\Adobe\xitdbv.dll"
"c:\documents and settings\LaVi\Local Settings\temp\2B.tmp"
"c:\documents and settings\LaVi\Local Settings\temp\2C.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\3002.abs
c:\documents and settings\All Users.WINDOWS\Application Data\3002.xml
c:\documents and settings\LaVi\Application Data\Adobe\rxsupply.sys
c:\documents and settings\LaVi\Local Settings\Application Data\ApplicationHistory\Adobe\xitdbv.dll
c:\documents and settings\LaVi\Local Settings\temp\2B.tmp
c:\documents and settings\LaVi\Local Settings\temp\2C.tmp
c:\program files\Internet Explorer\SETE7.tmp
c:\program files\Internet Explorer\SETE9.tmp
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\SET12E.tmp
c:\windows\system32\SET12F.tmp
c:\windows\system32\SET130.tmp
c:\windows\system32\SET2A6.tmp
c:\windows\system32\SET2AD.tmp
c:\windows\system32\SET2D6.tmp
c:\windows\system32\SET354.tmp
c:\windows\system32\SET36C.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\SETD0.tmp
c:\windows\system32\SETD6.tmp
c:\windows\system32\SETD7.tmp
c:\windows\system32\SETD8.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\SETDD.tmp
c:\windows\system32\SETDE.tmp
c:\windows\system32\SETE2.tmp
c:\windows\system32\SETE3.tmp
c:\windows\system32\SETE4.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FsFilter
-------\Service_FsFilter
.
.
((((((((((((((((((((((((( Files Created from 2012-08-06 to 2012-09-06 )))))))))))))))))))))))))))))))
.
.
2012-09-05 20:16 . 2012-07-02 17:49 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-09-05 18:51 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-09-05 18:51 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-09-02 06:47 . 2012-09-02 06:47 56200 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DFB8036E-2B86-4921-B9CF-174BDDACB600}\offreg.dll
2012-09-02 06:47 . 2012-09-02 06:47 29904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DFB8036E-2B86-4921-B9CF-174BDDACB600}\MpKsla31eb478.sys
2012-09-02 06:31 . 2012-08-23 04:15 7022536 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DFB8036E-2B86-4921-B9CF-174BDDACB600}\mpengine.dll
2012-09-01 17:18 . 2012-08-23 04:15 7022536 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-31 16:40 . 2012-08-31 16:41 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-26 18:55 . 2012-08-26 18:55 177496 ----a-w- c:\windows\system32\drivers\70228952.sys
2012-08-25 03:58 . 2012-08-25 03:58 -------- d-----w- c:\program files\ESET
2012-08-25 01:13 . 2012-08-26 18:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-11 21:40 . 2012-08-11 21:40 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-10 20:43 . 2012-08-10 20:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2012-08-10 20:42 . 2012-08-10 20:42 -------- d-----w- c:\documents and settings\LaVi\Application Data\TestApp
2012-08-10 12:55 . 2012-08-10 12:55 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.002\IECompatCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-06 02:14 . 2008-04-29 09:15 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-09-06 02:14 . 2008-04-29 18:17 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-08-28 17:01 . 2008-04-29 19:44 17408 -c--a-w- c:\windows\system32\rpcnetp.dll
2012-08-25 01:15 . 2004-08-04 10:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-08-16 01:54 . 2012-08-04 12:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-16 01:54 . 2011-06-07 03:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-04 02:42 . 2012-08-04 02:42 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2012-08-04 02:42 . 2012-08-04 02:42 256 ----a-w- c:\windows\system32\MSIevent.bat
2012-07-04 14:05 . 2008-04-29 19:29 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-02 17:49 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-01-21 . 3F061815A6754C0A1C9BF3D78A14BB54 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2011-01-21 . 3F061815A6754C0A1C9BF3D78A14BB54 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2011-01-21 . EAF851A4387DA45E9AC48C89FAE16A6C . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
[-] 2011-01-21 . EAF851A4387DA45E9AC48C89FAE16A6C . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-08-31_04.26.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-14 00:17 . 2011-05-14 00:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 05:06 . 2011-05-14 05:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 05:23 . 2011-05-14 05:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 22:37 . 2011-05-13 22:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2012-09-06 02:14 . 2012-09-06 02:14 16384 c:\windows\Temp\Perflib_Perfdata_70.dat
- 2007-11-13 11:31 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2007-11-13 11:31 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
+ 2004-08-04 10:00 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
- 2004-08-04 10:00 . 2008-04-14 00:12 75776 c:\windows\system32\strmfilt.dll
+ 2004-08-04 10:00 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
+ 2004-08-04 10:00 . 2012-09-05 16:29 81198 c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2012-08-29 02:21 81198 c:\windows\system32\perfh009.dat
+ 2004-08-04 10:00 . 2012-09-05 16:29 76072 c:\windows\system32\perfc009.dat
- 2004-08-04 10:00 . 2012-08-29 02:21 76072 c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2011-11-18 12:35 60416 c:\windows\system32\packager.exe
+ 2006-03-04 03:33 . 2012-07-02 17:49 67072 c:\windows\system32\mshtmled.dll
+ 2004-08-04 10:00 . 2012-07-02 17:49 25600 c:\windows\system32\jsproxy.dll
- 2004-08-04 10:00 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 10:00 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
- 2004-08-04 10:00 . 2008-04-14 00:11 80384 c:\windows\system32\iccvid.dll
+ 2004-08-04 10:00 . 2009-10-21 05:38 25088 c:\windows\system32\httpapi.dll
+ 2004-08-04 10:00 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
- 2009-06-13 04:44 . 2010-11-06 00:26 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-13 04:44 . 2012-07-02 17:49 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-04 10:00 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
- 2004-08-04 10:00 . 2008-04-14 00:12 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2004-08-04 10:00 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2012-09-05 18:52 . 2011-07-08 14:02 10496 c:\windows\system32\dllcache\ndistapi.sys
+ 2006-03-04 03:33 . 2012-07-02 17:49 67072 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-04-29 23:25 . 2012-07-02 17:49 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-04-29 23:25 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-04 10:00 . 2012-07-02 17:49 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-04 10:00 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-04 10:00 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 10:00 . 2012-07-02 17:49 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 10:00 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2009-04-20 17:17 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
- 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
- 2004-08-04 10:00 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2004-08-04 10:00 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll
+ 2004-08-04 10:00 . 2009-07-17 19:01 58880 c:\windows\system32\atl.dll
- 2004-08-04 10:00 . 2008-04-14 00:11 58880 c:\windows\system32\atl.dll
- 2009-01-16 23:36 . 2010-12-25 19:58 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-01-16 23:36 . 2012-09-05 23:08 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2009-01-16 23:36 . 2010-12-25 19:58 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-01-16 23:36 . 2012-09-05 23:08 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2009-01-16 23:36 . 2010-12-25 19:58 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2009-01-16 23:36 . 2012-09-05 23:08 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2009-01-16 23:36 . 2010-12-25 19:58 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-01-16 23:36 . 2012-09-05 23:08 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-01-16 23:36 . 2012-09-05 23:08 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2009-01-16 23:36 . 2010-12-25 19:58 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-01-16 23:36 . 2012-09-05 23:08 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2009-01-16 23:36 . 2010-12-25 19:58 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2009-01-16 23:36 . 2010-12-25 19:58 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-01-16 23:36 . 2012-09-05 23:08 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-01-31 00:18 . 2012-09-05 23:43 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-01-31 00:18 . 2010-12-25 19:58 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-10-16 18:55 . 2011-10-16 18:55 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-10-16 18:55 . 2012-09-05 22:39 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2009-02-26 22:43 . 2009-02-26 22:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-26 21:45 . 2009-02-26 21:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2009-02-26 17:06 . 2009-02-26 17:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 17:06 . 2009-02-26 17:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2012-09-05 22:43 . 2010-11-06 00:26 12800 c:\windows\ie8updates\KB2722913-IE8\xpshims.dll
+ 2012-09-05 22:43 . 2010-11-06 00:26 66560 c:\windows\ie8updates\KB2722913-IE8\mshtmled.dll
+ 2012-09-05 22:43 . 2010-11-06 00:26 55296 c:\windows\ie8updates\KB2722913-IE8\msfeedsbs.dll
+ 2012-09-05 22:43 . 2010-11-06 00:26 43520 c:\windows\ie8updates\KB2722913-IE8\licmgr10.dll
+ 2012-09-05 22:43 . 2010-11-06 00:26 25600 c:\windows\ie8updates\KB2722913-IE8\jsproxy.dll
+ 2012-09-05 23:52 . 2012-09-05 23:52 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\3672938c0b0be4c6467c3992845cc7e8\UIAutomationProvider.ni.dll
+ 2012-09-05 23:43 . 2012-09-05 23:43 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e90e8f631640971401f17ac1463bc85a\PresentationFontCache.ni.exe
+ 2012-09-05 23:39 . 2012-09-05 23:39 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\614a736dc39ce496b3c649122d3affa1\PresentationCFFRasterizer.ni.dll
+ 2012-09-04 23:48 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982665\update\spcustom.dll
+ 2012-09-04 23:48 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982665\spmsg.dll
+ 2010-06-17 14:02 . 2010-06-17 14:02 80384 c:\windows\$hf_mig$\KB982665\SP3QFE\iccvid.dll
+ 2012-09-05 00:12 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981322\update\spcustom.dll
+ 2012-09-05 00:12 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981322\spmsg.dll
+ 2012-09-05 00:10 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974392\update\spcustom.dll
+ 2012-09-05 00:10 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974392\spmsg.dll
+ 2012-09-05 00:12 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973507\update\spcustom.dll
+ 2012-09-05 00:12 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973507\spmsg.dll
+ 2009-07-17 19:25 . 2009-07-17 19:25 58880 c:\windows\$hf_mig$\KB973507\SP3QFE\atl.dll
+ 2012-09-05 00:08 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971029\update\spcustom.dll
+ 2012-09-05 00:08 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971029\spmsg.dll
+ 2012-09-05 00:22 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB970430\update\spcustom.dll
+ 2012-09-05 00:22 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB970430\spmsg.dll
+ 2009-10-21 05:40 . 2009-10-21 05:40 75776 c:\windows\$hf_mig$\KB970430\SP3QFE\strmfilt.dll
+ 2009-10-21 05:40 . 2009-10-21 05:40 25088 c:\windows\$hf_mig$\KB970430\SP3QFE\httpapi.dll
+ 2012-09-05 00:15 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2483185\update\spcustom.dll
+ 2012-09-05 00:15 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2483185\spmsg.dll
+ 2012-09-05 00:17 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2481109\update\spcustom.dll
+ 2012-09-05 00:17 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2481109\spmsg.dll
+ 2011-02-02 07:57 . 2011-02-02 07:57 53248 c:\windows\$hf_mig$\KB2481109\SP3QFE\tsgqec.dll
+ 2012-09-05 00:25 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2479943\update\spcustom.dll
+ 2012-09-05 00:25 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2479943\spmsg.dll
+ 2012-09-05 00:24 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2478971\update\spcustom.dll
+ 2012-09-05 00:24 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2478971\spmsg.dll
+ 2012-09-04 23:47 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2478960\update\spcustom.dll
+ 2012-09-04 23:47 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2478960\spmsg.dll
+ 2012-09-05 00:10 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2419632\update\spcustom.dll
+ 2012-09-05 00:10 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2419632\spmsg.dll
+ 2012-09-05 00:23 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2345886\update\spcustom.dll
+ 2012-09-05 00:23 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2345886\spmsg.dll
+ 2010-08-27 06:05 . 2010-08-27 06:05 99840 c:\windows\$hf_mig$\KB2345886\SP3QFE\srvsvc.dll
- 2009-04-15 14:41 . 2010-08-13 12:53 5120 c:\windows\system32\xpsp4res.dll
+ 2009-04-15 14:41 . 2010-08-26 12:52 5120 c:\windows\system32\xpsp4res.dll
- 2009-01-16 23:36 . 2010-12-25 19:58 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-01-16 23:36 . 2012-09-05 23:08 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2009-01-16 23:36 . 2010-12-25 19:58 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-01-16 23:36 . 2012-09-05 23:08 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-01-16 23:36 . 2012-09-05 23:08 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2009-01-16 23:36 . 2010-12-25 19:58 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2010-08-26 12:52 . 2010-08-26 12:52 5120 c:\windows\$hf_mig$\KB2345886\SP3QFE\xpsp4res.dll
+ 2011-05-14 05:17 . 2011-05-14 05:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 05:12 . 2011-05-14 05:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 05:11 . 2011-05-14 05:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
+ 2004-08-04 10:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
- 2004-08-04 10:00 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll
- 2004-08-04 10:00 . 2008-04-14 00:12 135168 c:\windows\system32\shsvcs.dll
+ 2004-08-04 10:00 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll
+ 2004-08-04 10:00 . 2011-01-21 14:44 439296 c:\windows\system32\shimgvw.dll
+ 2004-08-04 10:00 . 2011-02-09 13:53 270848 c:\windows\system32\sbe.dll
- 2004-08-04 10:00 . 2008-04-14 00:12 270848 c:\windows\system32\sbe.dll
+ 2004-08-04 10:00 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll
- 2004-08-04 10:00 . 2008-04-14 00:12 249856 c:\windows\system32\odbc32.dll
- 2004-08-04 10:00 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll
+ 2004-08-04 10:00 . 2012-07-02 17:49 206848 c:\windows\system32\occache.dll
- 2004-08-04 10:00 . 2008-04-14 00:12 270336 c:\windows\system32\oakley.dll
+ 2004-08-04 10:00 . 2009-10-13 10:30 270336 c:\windows\system32\oakley.dll
+ 2004-08-04 10:00 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll
+ 2008-04-29 19:29 . 2011-01-27 11:57 677888 c:\windows\system32\mstsc.exe
- 2008-04-29 19:29 . 2008-04-14 00:12 677888 c:\windows\system32\mstsc.exe
- 2006-03-04 03:33 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll
+ 2006-03-04 03:33 . 2012-07-02 17:49 611840 c:\windows\system32\mstime.dll
+ 2012-08-31 16:44 . 2012-01-31 12:44 237072 c:\windows\system32\MpSigStub.exe
+ 2004-08-04 10:00 . 2011-02-08 13:33 974848 c:\windows\system32\mfc42u.dll
- 2004-08-04 10:00 . 2010-09-18 17:23 974848 c:\windows\system32\mfc42u.dll
+ 2004-08-04 10:00 . 2011-02-08 13:33 978944 c:\windows\system32\mfc42.dll
- 2004-08-04 10:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2004-08-04 10:00 . 2010-12-20 17:26 730112 c:\windows\system32\lsasrv.dll
+ 2004-08-04 10:00 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll
- 2004-08-04 10:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2004-08-04 10:00 . 2012-02-29 14:10 148480 c:\windows\system32\imagehlp.dll
+ 2004-08-04 10:00 . 2012-07-02 17:49 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 10:00 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 10:00 . 2012-07-02 12:05 174080 c:\windows\system32\ie4uinit.exe
+ 2008-04-29 09:15 . 2012-09-06 02:11 268600 c:\windows\system32\FNTCACHE.DAT
- 2008-04-29 09:15 . 2010-12-26 02:28 268600 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 10:00 . 2011-10-18 11:13 186880 c:\windows\system32\encdec.dll
- 2004-08-04 10:00 . 2008-04-14 00:11 186880 c:\windows\system32\encdec.dll
+ 2004-08-04 10:00 . 2011-02-17 13:18 357888 c:\windows\system32\drivers\srv.sys
+ 2004-08-04 10:00 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys
+ 2012-03-21 00:44 . 2012-03-21 00:44 171064 c:\windows\system32\drivers\MpFilter.sys
+ 2004-08-04 10:00 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys
- 2004-08-04 10:00 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys
+ 2004-08-04 10:00 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys
- 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2009-12-24 06:59 . 2012-02-29 14:10 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2006-03-04 03:33 . 2012-07-02 17:49 916992 c:\windows\system32\dllcache\wininet.dll
+ 2004-12-05 21:52 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
+ 2008-05-09 10:53 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
+ 2004-08-04 10:00 . 2012-07-02 17:49 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-04 10:00 . 2009-03-08 08:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-15 02:44 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys
+ 2009-07-27 23:17 . 2009-07-27 23:17 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2011-01-21 14:44 . 2011-01-21 14:44 439296 c:\windows\system32\dllcache\shimgvw.dll
- 2004-08-04 10:00 . 2008-04-14 00:12 270848 c:\windows\system32\dllcache\sbe.dll
+ 2004-08-04 10:00 . 2011-02-09 13:53 270848 c:\windows\system32\dllcache\sbe.dll
+ 2008-04-29 19:29 . 2012-07-04 14:05 139784 c:\windows\system32\dllcache\rdpwd.sys
+ 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2004-08-04 10:00 . 2012-07-02 17:49 206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 10:00 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
+ 2009-04-15 14:43 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-04 10:00 . 2011-04-21 13:37 105472 c:\windows\system32\dllcache\mup.sys
- 2008-06-20 17:46 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2008-06-20 17:46 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2006-03-04 03:33 . 2012-07-02 17:49 611840 c:\windows\system32\dllcache\mstime.dll
- 2006-03-04 03:33 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll
- 2004-12-05 21:52 . 2008-04-14 00:12 102400 c:\windows\system32\dllcache\msjro.dll
+ 2004-12-05 21:52 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
+ 2008-04-29 23:25 . 2012-07-02 17:49 629760 c:\windows\system32\dllcache\msfeeds.dll
+ 2004-12-05 21:52 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
- 2004-12-05 21:52 . 2008-04-14 00:11 200704 c:\windows\system32\dllcache\msadox.dll
+ 2004-12-05 21:52 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
- 2004-12-05 21:52 . 2008-04-14 00:11 180224 c:\windows\system32\dllcache\msadomd.dll
- 2004-12-05 21:52 . 2008-04-14 00:11 536576 c:\windows\system32\dllcache\msado15.dll
+ 2004-12-05 21:52 . 2012-05-28 18:16 536576 c:\windows\system32\dllcache\msado15.dll
+ 2004-12-05 21:52 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
- 2004-12-05 21:52 . 2008-04-14 00:11 143360 c:\windows\system32\dllcache\msadco.dll
+ 2004-08-04 10:00 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
- 2004-08-04 10:00 . 2010-09-18 17:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2004-08-04 10:00 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
- 2009-04-15 14:43 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-04-15 14:43 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2008-04-29 19:29 . 2008-04-14 00:12 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2008-04-29 19:29 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
- 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-06-25 08:25 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2008-05-09 10:53 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
+ 2012-02-29 14:10 . 2012-02-29 14:10 148480 c:\windows\system32\dllcache\imagehlp.dll
- 2009-06-13 04:44 . 2010-11-06 00:26 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-13 04:44 . 2012-07-02 17:49 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2006-03-04 03:33 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-03-04 03:33 . 2012-07-02 17:49 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-12-25 02:00 . 2010-11-06 00:26 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-12-25 02:00 . 2012-07-02 17:49 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2004-08-04 10:00 . 2012-07-02 17:49 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-04 10:00 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 10:00 . 2012-07-02 12:05 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
- 2004-08-04 10:00 . 2008-04-14 00:11 186880 c:\windows\system32\dllcache\encdec.dll
+ 2004-08-04 10:00 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
+ 2008-06-20 17:46 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll
+ 2012-05-31 13:22 . 2012-05-31 13:22 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2010-10-28 13:13 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
- 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
+ 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
+ 2012-04-06 03:52 . 2012-04-06 03:52 131168 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2012-09-05 22:58 . 2012-09-05 22:58 467456 c:\windows\Installer\3e9b0bf.msi
+ 2012-08-31 16:40 . 2012-08-31 16:40 301056 c:\windows\Installer\2d322e2.msi
+ 2009-01-16 23:36 . 2012-09-05 23:08 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2009-01-16 23:36 . 2010-12-25 19:58 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2009-01-16 23:36 . 2010-12-25 19:58 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-01-16 23:36 . 2012-09-05 23:08 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2012-08-30 23:00 . 2012-08-31 16:41 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\SCEP.exe
- 2012-08-30 23:00 . 2012-08-30 23:00 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\SCEP.exe
+ 2012-08-31 16:41 . 2012-08-31 16:41 123352 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\MSE.exe
- 2012-08-30 23:00 . 2012-08-30 23:00 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\INTUNE.exe
+ 2012-08-30 23:00 . 2012-08-31 16:41 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\INTUNE.exe
+ 2012-08-30 23:00 . 2012-08-31 16:41 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\FEP.exe
- 2012-08-30 23:00 . 2012-08-30 23:00 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\FEP.exe
+ 2012-08-30 23:00 . 2012-08-31 16:41 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\EPP.exe
- 2012-08-30 23:00 . 2012-08-30 23:00 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\EPP.exe
+ 2010-03-31 05:16 . 2010-03-31 05:16 130408 c:\windows\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\PresentationHostDLL_X86.dll
+ 2012-09-05 22:43 . 2010-11-06 00:26 916480 c:\windows\ie8updates\KB2722913-IE8\wininet.dll
+ 2012-09-05 22:43 . 2009-03-08 08:34 105984 c:\windows\ie8updates\KB2722913-IE8\url.dll
+ 2012-09-05 22:44 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2722913-IE8\spuninst\updspapi.dll
+ 2012-09-05 22:44 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2722913-IE8\spuninst\spuninst.exe
+ 2012-09-05 22:43 . 2010-11-06 00:26 206848 c:\windows\ie8updates\KB2722913-IE8\occache.dll
+ 2012-09-05 22:43 . 2010-11-06 00:26 611840 c:\windows\ie8updates\KB2722913-IE8\mstime.dll
+ 2012-09-05 22:43 . 2010-11-06 00:26 602112 c:\windows\ie8updates\KB2722913-IE8\msfeeds.dll
+ 2012-09-05 22:43 . 2009-03-08 08:35 521216 c:\windows\ie8updates\KB2722913-IE8\jsdbgui.dll
+ 2012-09-05 22:43 . 2010-11-06 00:26 247808 c:\windows\ie8updates\KB2722913-IE8\ieproxy.dll
+ 2012-09-05 22:43 . 2010-11-06 00:26 184320 c:\windows\ie8updates\KB2722913-IE8\iepeers.dll
+ 2012-09-05 22:43 . 2010-11-06 00:26 743424 c:\windows\ie8updates\KB2722913-IE8\iedvtool.dll
+ 2012-09-05 22:43 . 2010-11-06 00:26 387584 c:\windows\ie8updates\KB2722913-IE8\iedkcs32.dll
+ 2012-09-05 22:43 . 2010-11-03 12:26 173568 c:\windows\ie8updates\KB2722913-IE8\ie4uinit.exe
+ 2012-09-05 22:32 . 2009-03-08 08:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2012-09-05 22:32 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2012-09-05 22:32 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2012-09-05 22:41 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2012-09-05 22:41 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2012-09-05 22:41 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2012-09-05 22:41 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2012-09-05 23:52 . 2012-09-05 23:52 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6decc4730bac161b4cae7c8e59b59742\WindowsFormsIntegration.ni.dll
+ 2012-09-05 23:52 . 2012-09-05 23:52 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\a5003fc8367ca40672b3b425377d29c9\UIAutomationClient.ni.dll
+ 2012-09-05 23:48 . 2012-09-05 23:48 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c065edb2da7bf21a3cb5f73ab1070a10\PresentationFramework.Classic.ni.dll
+ 2012-09-05 23:48 . 2012-09-05 23:48 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcfc0267b35e80b21e83f29c90fc49e5\PresentationFramework.Luna.ni.dll
+ 2012-09-05 23:48 . 2012-09-05 23:48 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a5aa59449237ce28be79613522a64a52\PresentationFramework.Royale.ni.dll
+ 2012-09-05 23:46 . 2012-09-05 23:46 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3fda6027c2d080a0bb40f3a216b32eb2\PresentationFramework.Aero.ni.dll
+ 2012-09-05 23:37 . 2012-09-05 23:37 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2009-02-27 00:12 . 2009-02-27 00:12 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-09-05 23:37 . 2012-09-05 23:37 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-09-04 23:48 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982665\update\updspapi.dll
+ 2012-09-04 23:48 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982665\update\update.exe
+ 2012-09-04 23:48 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982665\spuninst.exe
+ 2012-09-05 00:12 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981322\update\updspapi.dll
+ 2012-09-05 00:12 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981322\update\update.exe
+ 2012-09-05 00:12 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981322\spuninst.exe
+ 2010-04-16 15:29 . 2010-04-16 15:29 406016 c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
+ 2012-09-05 00:10 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974392\update\updspapi.dll
+ 2012-09-05 00:10 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974392\update\update.exe
+ 2012-09-05 00:10 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974392\spuninst.exe
+ 2009-10-13 10:38 . 2009-10-13 10:38 270336 c:\windows\$hf_mig$\KB974392\SP3QFE\oakley.dll
+ 2012-09-05 00:12 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973507\update\updspapi.dll
+ 2012-09-05 00:12 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973507\update\update.exe
+ 2012-09-05 00:12 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973507\spuninst.exe
+ 2012-09-05 00:08 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971029\update\updspapi.dll
+ 2012-09-05 00:08 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971029\update\update.exe
+ 2012-09-05 00:08 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971029\spuninst.exe
+ 2009-07-27 22:13 . 2009-07-27 22:13 135168 c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
+ 2012-09-05 00:22 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB970430\update\updspapi.dll
+ 2012-09-05 00:22 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB970430\update\update.exe
+ 2012-09-05 00:22 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB970430\spuninst.exe
+ 2009-10-20 15:21 . 2009-10-20 15:21 265728 c:\windows\$hf_mig$\KB970430\SP3QFE\http.sys
+ 2012-09-05 00:15 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2483185\update\updspapi.dll
+ 2012-09-05 00:15 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2483185\update\update.exe
+ 2012-09-05 00:15 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2483185\spuninst.exe
+ 2011-01-21 14:42 . 2011-01-21 14:42 439808 c:\windows\$hf_mig$\KB2483185\SP3QFE\shimgvw.dll
+ 2012-09-05 00:17 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2481109\update\updspapi.dll
+ 2012-09-05 00:17 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2481109\update\update.exe
+ 2012-09-05 00:17 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2481109\spuninst.exe
+ 2011-01-27 11:41 . 2011-01-27 11:41 677888 c:\windows\$hf_mig$\KB2481109\SP3QFE\lhmstsc.exe
+ 2011-02-02 07:57 . 2011-02-02 07:57 136192 c:\windows\$hf_mig$\KB2481109\SP3QFE\aaclient.dll
+ 2012-09-05 00:25 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2479943\update\updspapi.dll
+ 2012-09-05 00:25 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2479943\update\update.exe
+ 2012-09-05 00:25 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2479943\spuninst.exe
+ 2011-02-09 13:52 . 2011-02-09 13:52 270848 c:\windows\$hf_mig$\KB2479943\SP3QFE\sbe.dll
+ 2011-02-09 13:52 . 2011-02-09 13:52 186880 c:\windows\$hf_mig$\KB2479943\SP3QFE\encdec.dll
+ 2012-09-05 00:24 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2478971\update\updspapi.dll
+ 2012-09-05 00:24 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2478971\update\update.exe
+ 2012-09-05 00:24 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2478971\spuninst.exe
+ 2010-12-22 12:32 . 2010-12-22 12:32 301568 c:\windows\$hf_mig$\KB2478971\SP3QFE\kerberos.dll
+ 2012-09-04 23:47 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2478960\update\updspapi.dll
+ 2012-09-04 23:47 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2478960\update\update.exe
+ 2012-09-04 23:47 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2478960\spuninst.exe
+ 2010-12-20 17:24 . 2010-12-20 17:24 730112 c:\windows\$hf_mig$\KB2478960\SP3QFE\lsasrv.dll
+ 2012-09-05 00:10 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2419632\update\updspapi.dll
+ 2012-09-05 00:10 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2419632\update\update.exe
+ 2012-09-05 00:10 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2419632\spuninst.exe
+ 2010-11-09 14:50 . 2010-11-09 14:50 253952 c:\windows\$hf_mig$\KB2419632\SP3QFE\odbc32.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 102400 c:\windows\$hf_mig$\KB2419632\SP3QFE\msjro.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 200704 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadox.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 180224 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadomd.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 565248 c:\windows\$hf_mig$\KB2419632\SP3QFE\msado15.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 143360 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadco.dll
+ 2012-09-05 00:23 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2345886\update\updspapi.dll
+ 2012-09-05 00:23 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2345886\update\update.exe
+ 2012-09-05 00:23 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2345886\spuninst.exe
+ 2010-08-26 13:37 . 2010-08-26 13:37 357248 c:\windows\$hf_mig$\KB2345886\SP3QFE\srv.sys
+ 2011-05-14 00:04 . 2011-05-14 00:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 00:04 . 2011-05-14 00:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2004-08-04 10:00 . 2012-04-11 13:12 1862272 c:\windows\system32\win32k.sys
+ 2004-08-04 10:00 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
+ 2005-03-30 01:21 . 2012-04-11 13:14 2148352 c:\windows\system32\ntoskrnl.exe
+ 2005-03-30 01:01 . 2012-04-11 12:35 2026496 c:\windows\system32\ntkrnlpa.exe
- 2009-01-16 04:53 . 2009-07-31 15:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-01-16 04:53 . 2012-06-05 15:50 1372672 c:\windows\system32\msxml6.dll
+ 2008-04-29 19:29 . 2011-02-02 07:58 2067456 c:\windows\system32\mstscax.dll
+ 2009-01-15 02:45 . 2012-04-11 13:12 1862272 c:\windows\system32\dllcache\win32k.sys
+ 2006-03-18 11:09 . 2012-07-02 17:49 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2009-01-15 02:45 . 2012-04-11 13:10 2192640 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-01-15 02:45 . 2012-04-11 12:35 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-01-15 02:45 . 2012-04-11 12:35 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-01-15 02:45 . 2012-04-11 13:14 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-01-16 04:53 . 2009-07-31 15:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2009-01-16 04:53 . 2012-06-05 15:50 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2004-08-04 10:00 . 2012-06-05 15:50 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2004-08-04 10:00 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2006-03-23 17:32 . 2012-07-02 17:49 6008320 c:\windows\system32\dllcache\mshtml.dll
+ 2008-04-29 19:29 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2008-04-29 23:25 . 2012-07-02 17:49 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-12-26 13:59 . 2011-12-26 13:59 4368896 c:\windows\Installer\3e9b175.msp
+ 2012-04-05 02:38 . 2012-04-05 02:38 3620864 c:\windows\Installer\3e9b168.msp
+ 2011-11-01 17:34 . 2011-11-01 17:34 2531840 c:\windows\Installer\3e9b11d.msp
+ 2012-04-29 01:43 . 2012-04-29 01:43 8459264 c:\windows\Installer\3e9b112.msp
+ 2011-04-28 16:23 . 2011-04-28 16:23 9607680 c:\windows\Installer\3e9b0f5.msp
+ 2011-02-25 18:25 . 2011-02-25 18:25 7968256 c:\windows\Installer\3e9b0df.msp
+ 2012-03-21 03:57 . 2012-03-21 03:57 6188544 c:\windows\Installer\3d75117.msp
+ 2012-08-31 16:41 . 2012-08-31 16:41 1826304 c:\windows\Installer\2d322e7.msi
+ 2010-03-31 05:16 . 2010-03-31 05:16 1249280 c:\windows\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\WindowsBase_x86.dll
+ 2010-12-25 19:50 . 2010-12-25 19:50 1249280 c:\windows\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\WindowsBase_GAC_x86.dll
+ 2010-03-31 05:16 . 2010-03-31 05:16 4210688 c:\windows\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\PresentationCore_x86.dll
+ 2010-12-25 19:50 . 2010-12-25 19:50 4210688 c:\windows\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\PresentationCore_GAC_x86.dll
+ 2011-07-07 06:58 . 2011-07-07 06:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OGL.DLL
+ 2012-09-05 22:43 . 2010-11-06 00:26 1210880 c:\windows\ie8updates\KB2722913-IE8\urlmon.dll
+ 2012-09-05 22:43 . 2010-11-06 00:26 5959168 c:\windows\ie8updates\KB2722913-IE8\mshtml.dll
+ 2012-09-05 22:43 . 2010-11-06 00:26 1991680 c:\windows\ie8updates\KB2722913-IE8\iertutil.dll
+ 2009-01-15 02:45 . 2012-04-11 13:10 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-01-15 02:45 . 2012-04-11 12:35 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-01-15 02:45 . 2012-04-11 12:35 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-01-15 02:45 . 2012-04-11 13:14 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-09-05 23:40 . 2012-09-05 23:40 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4f07a2a0c3bca965ec451174632d45e6\WindowsBase.ni.dll
+ 2012-09-05 23:52 . 2012-09-05 23:52 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\53acf4c61a887e1b998da4489af697cc\UIAutomationClientsideProviders.ni.dll
+ 2012-09-05 23:51 . 2012-09-05 23:51 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\7392ea1ead49e964463c7a4ec0a685a2\System.Printing.ni.dll
+ 2012-09-05 23:49 . 2012-09-05 23:49 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\aa29cb1699a7dc73b7d006e9b5bfa823\ReachFramework.ni.dll
+ 2012-09-05 23:49 . 2012-09-05 23:49 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\92b6c02fa702d943f15732210013ee65\PresentationUI.ni.dll
- 2010-12-25 19:50 . 2010-12-25 19:50 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-09-05 23:37 . 2012-09-05 23:37 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-09-05 23:37 . 2012-09-05 23:37 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-09-05 23:37 . 2012-09-05 23:37 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2009-07-27 22:13 . 2009-07-27 22:13 8462848 c:\windows\$hf_mig$\KB971029\SP3QFE\shell32.dll
+ 2011-01-21 14:42 . 2011-01-21 14:42 8463360 c:\windows\$hf_mig$\KB2483185\SP3QFE\shell32.dll
+ 2011-02-02 07:57 . 2011-02-02 07:57 2069504 c:\windows\$hf_mig$\KB2481109\SP3QFE\lhmstscx.dll
+ 2008-04-29 23:25 . 2012-07-03 03:19 11111424 c:\windows\system32\dllcache\ieframe.dll
+ 2012-04-06 07:13 . 2012-04-06 07:13 16527872 c:\windows\Installer\3e9b15d.msp
+ 2011-09-15 22:37 . 2011-09-15 22:37 38176256 c:\windows\Installer\3e9b14e.msp
+ 2012-07-18 19:53 . 2012-07-18 19:53 10937344 c:\windows\Installer\3e9b0cb.msp
+ 2012-09-05 22:36 . 2012-09-05 22:36 20343808 c:\windows\Installer\3d75122.msp
+ 2012-09-05 22:43 . 2010-11-06 00:26 11080704 c:\windows\ie8updates\KB2722913-IE8\ieframe.dll
+ 2012-09-05 23:45 . 2012-09-05 23:45 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\61341b67c15f121a333c7878c6f6c3be\PresentationFramework.ni.dll
+ 2012-09-05 23:42 . 2012-09-05 23:42 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f9c1bbfa5b6a45643ed775dc68704f09\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol System Monitor"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2011-02-13 325000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-14 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-10-29 2498560]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2012-06-02 206120]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\c:\0autocheck autochk /p \??\c:\0autocheck autochk /p \??\c:\0autocheck autochk /p \??\c:\0autocheck autochk /r \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Ares\\chatServer.exe"=
"c:\\Documents and Settings\\LaVi\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [6/2/2012 6:34 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [6/2/2012 6:35 AM 185640]
S1 MpKsl80942173;MpKsl80942173;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DFB8036E-2B86-4921-B9CF-174BDDACB600}\MpKsl80942173.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DFB8036E-2B86-4921-B9CF-174BDDACB600}\MpKsl80942173.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/25/2011 4:51 PM 135664]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [8/3/2012 4:22 PM 352248]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/4/2012 8:15 AM 250056]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [7/24/2009 4:06 PM 112640]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/25/2011 4:51 PM 135664]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [7/24/2009 4:06 PM 100480]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [9/24/2011 4:45 PM 18432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ZSMC211
nmservice
MXOPSWD
cmuda3
tbhsd
Uim_IM
s7oppitx
akshhl
whoisd32
vmnetuserif
JGOGO
slimsvc
cdmservice
CSDriver
symantecantibotwatcher
pshost
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 01:54]
.
2012-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-25 20:51]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-25 20:51]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-602609370-1417001333-1003Core.job
- c:\documents and settings\LaVi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-09 16:42]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-602609370-1417001333-1003UA.job
- c:\documents and settings\LaVi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-09 16:42]
.
2012-09-02 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
2012-09-05 c:\windows\Tasks\User_Feed_Synchronization-{E5DE94E7-9A75-4BF0-9936-3EEE8C9D2555}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Adobe - c:\documents and settings\LaVi\Local Settings\Application Data\ApplicationHistory\Adobe\xitdbv.dll
HKU-Default-Run-Adobe - c:\documents and settings\LaVi\Local Settings\Application Data\ApplicationHistory\Adobe\xitdbv.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-05 22:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\07\01\0b\0e4\05y"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2572)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\mmfinfo.dll
c:\windows\system32\mkunicode.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\rpcnet.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\SigmaTel\C-Major Audio\WDM\StacSV.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Digital Line Detect\DLG.exe
c:\progra~1\COMMON~1\MICROS~1\DW\DW20.EXE
.
**************************************************************************
.
Completion time: 2012-09-05 23:42:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-06 03:41
ComboFix2.txt 2012-08-31 04:39
ComboFix3.txt 2011-01-30 04:40
.
Pre-Run: 26,573,402,112 bytes free
Post-Run: 26,822,836,224 bytes free
.
- - End Of File - - 53E1031B5EDE44DDF4A78885751B6DDF




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users