PDA

View Full Version : trojan help requested



krichbaum
2012-04-21, 05:33
pc is infected with crypt.AQLW and crypt.ANVH as reported by AVG. This is beyond my abilities so any help would be greatly appreciated. DDS log follows-

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by MyPC at 20:15:26 on 2012-04-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.676 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [DependencyCheck] Performed
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10v_ActiveX.exe -update activex
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [<NO NAME>]
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224614130310
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: Interfaces\{ADE29600-ACA8-4535-9CB6-8840EC57A8EE} : DhcpNameServer = 65.32.1.65
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Notify: igfxcui - igfxsrvc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-26 918880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
S2 avgtdi;SPLITCAM;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 avp;Se58unic;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 caisafe;Snpstd2;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 DirectUpdate;Bthpan;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 GV600_4;TUWinStylerThemeSvc;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 ikfilesec;Cdudf_xp;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 mclserviceatl;Dptrackerd;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 mcshield;Zpsc;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 pavagente;Fax;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 pavsrv;P16X;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 snoopfreesvc;Prtg4service;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 SPService;SPService;c:\windows\system32\svchost.exe -k netsvc [2003-3-31 14336]
S2 vet-rec;SANDRA;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 1025352]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-04-20 22:06:19 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
============= FINISH: 20:16:24.84 ===============


>> I'll try to attach the compressed attach file as well-

jeffce
2012-04-22, 05:32
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

First we need to make all files and folders VISIBLE:

Go to start>control panel>folder options>view
Choose to "show hidden files and folders,"
Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
Close the window with OK
---------

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to format and reinstall your Operating System please let me know and we can assist you with that.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help. :)
----------


Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.

Right click and Run as Administrator the aswMBR icon to run it.
Click the Scan button to start scan.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan-1.png (http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan.png)
Click the image to enlarge it
----------

krichbaum
2012-04-22, 16:43
Hi Jeff, thanks for taking on my case. I've reset the folder views per your instructions, and performed the scan you requested. It follows:


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-22 09:39:31
-----------------------------
09:39:31.312 OS Version: Windows 5.1.2600 Service Pack 3
09:39:31.312 Number of processors: 1 586 0xD08
09:39:31.312 ComputerName: MYPC-OS1TSAXTFY UserName: MyPC
09:39:32.781 Initialize success
09:39:47.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
09:39:47.781 Disk 0 Vendor: HTS541060G9AT00 MB3OA60A Size: 57231MB BusType: 3
09:39:47.843 Disk 0 MBR read successfully
09:39:47.843 Disk 0 MBR scan
09:39:47.843 Disk 0 Windows XP default MBR code
09:39:47.843 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57223 MB offset 63
09:39:47.843 Disk 0 scanning sectors +117194175
09:39:47.937 Disk 0 scanning C:\WINDOWS\system32\drivers
09:39:57.468 Service scanning
09:40:10.343 Modules scanning
09:40:12.437 Module: C:\WINDOWS\System32\DRIVERS\i8042prt.sys **SUSPICIOUS**
09:40:15.968 Disk 0 trace - called modules:
09:40:15.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86241ff0]<<
09:40:15.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8654eab8]
09:40:16.421 3 CLASSPNP.SYS[f761cfd7] -> nt!IofCallDriver -> [0x863beac0]
09:40:16.421 \Driver\00001528[0x861965c8] -> IRP_MJ_CREATE -> 0x86241ff0
09:40:16.421 Scan finished successfully
09:40:46.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\MyPC\Desktop\Security tools\MBR.dat"
09:40:46.718 The log file has been saved successfully to "C:\Documents and Settings\MyPC\Desktop\Security tools\aswMBR.txt"

jeffce
2012-04-22, 21:29
Please download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.exe)

Double-click to run TDSSKiller.exe
Press Change Parameters
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click on the Start Scan button

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Copy and paste the log in your next reply

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

----------

krichbaum
2012-04-22, 21:50
OK, ran TDSSKiller and here is the log file from that:

14:43:29.0062 0108 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
14:43:29.0140 0108 ============================================================
14:43:29.0140 0108 Current date / time: 2012/04/22 14:43:29.0140
14:43:29.0140 0108 SystemInfo:
14:43:29.0140 0108
14:43:29.0140 0108 OS Version: 5.1.2600 ServicePack: 3.0
14:43:29.0140 0108 Product type: Workstation
14:43:29.0140 0108 ComputerName: MYPC-OS1TSAXTFY
14:43:29.0140 0108 UserName: MyPC
14:43:29.0140 0108 Windows directory: C:\WINDOWS
14:43:29.0140 0108 System windows directory: C:\WINDOWS
14:43:29.0140 0108 Processor architecture: Intel x86
14:43:29.0140 0108 Number of processors: 1
14:43:29.0140 0108 Page size: 0x1000
14:43:29.0140 0108 Boot type: Normal boot
14:43:29.0140 0108 ============================================================
14:43:31.0687 0108 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:43:31.0781 0108 Drive \Device\Harddisk1\DR8 - Size: 0x37000000 (0.86 Gb), SectorSize: 0x200, Cylinders: 0x70, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:43:31.0781 0108 \Device\Harddisk0\DR0:
14:43:31.0781 0108 MBR partitions:
14:43:31.0781 0108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
14:43:31.0781 0108 \Device\Harddisk1\DR8:
14:43:31.0781 0108 MBR partitions:
14:43:31.0781 0108 \Device\Harddisk1\DR8\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1B7FC1
14:43:31.0781 0108 C: <-> \Device\Harddisk0\DR0\Partition0
14:43:31.0781 0108 Initialize success
14:43:31.0781 0108 ============================================================
14:43:43.0234 2144 ============================================================
14:43:43.0234 2144 Scan started
14:43:43.0234 2144 Mode: Manual; SigCheck; TDLFS;
14:43:43.0234 2144 ============================================================
14:43:43.0828 2144 a8djusb - ok
14:43:43.0843 2144 Abiosdsk - ok
14:43:43.0859 2144 abp480n5 - ok
14:43:43.0875 2144 ABVPN2K - ok
14:43:43.0953 2144 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:43:44.0625 2144 ACPI - ok
14:43:44.0687 2144 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:43:44.0828 2144 ACPIEC - ok
14:43:44.0843 2144 adiusbaw - ok
14:43:44.0859 2144 adobeactivefilemonitor5.0 - ok
14:43:44.0875 2144 adpu160m - ok
14:43:44.0890 2144 AEAudioService - ok
14:43:44.0937 2144 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:43:45.0093 2144 aec - ok
14:43:45.0171 2144 AeLookupSvc - ok
14:43:45.0234 2144 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:43:45.0312 2144 AFD - ok
14:43:45.0390 2144 ageresoftmodem - ok
14:43:45.0406 2144 Aha154x - ok
14:43:45.0406 2144 aic78u2 - ok
14:43:45.0421 2144 aic78xx - ok
14:43:45.0437 2144 aksfridge - ok
14:43:45.0453 2144 akshhl - ok
14:43:45.0468 2144 AKSIFDH - ok
14:43:45.0484 2144 alcxsens - ok
14:43:45.0515 2144 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:43:45.0640 2144 Alerter - ok
14:43:45.0671 2144 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:43:45.0828 2144 ALG - ok
14:43:45.0843 2144 AliIde - ok
14:43:45.0859 2144 alim1541 - ok
14:43:45.0875 2144 amsint - ok
14:43:45.0875 2144 apache2 - ok
14:43:45.0953 2144 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
14:43:46.0093 2144 AppMgmt - ok
14:43:46.0156 2144 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:43:46.0281 2144 Arp1394 - ok
14:43:46.0296 2144 arrayssl_vpn_service3,0,1,9 - ok
14:43:46.0312 2144 asc - ok
14:43:46.0328 2144 asc3350p - ok
14:43:46.0343 2144 asc3550 - ok
14:43:46.0343 2144 AsDsm - ok
14:43:46.0359 2144 AsIO - ok
14:43:46.0421 2144 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:43:46.0437 2144 aspnet_state - ok
14:43:46.0468 2144 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:43:46.0593 2144 AsyncMac - ok
14:43:46.0671 2144 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:43:46.0812 2144 atapi - ok
14:43:46.0828 2144 Atdisk - ok
14:43:46.0843 2144 ati2mtag - ok
14:43:46.0875 2144 ATIBTCAP - ok
14:43:46.0890 2144 ATIBTXBAR - ok
14:43:46.0890 2144 atixsaudio - ok
14:43:46.0937 2144 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:43:47.0093 2144 Atmarpc - ok
14:43:47.0125 2144 ATMsrvc - ok
14:43:47.0171 2144 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:43:47.0312 2144 AudioSrv - ok
14:43:47.0375 2144 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:43:47.0500 2144 audstub - ok
14:43:47.0515 2144 AVCSTRM - ok
14:43:47.0750 2144 AVG Security Toolbar Service (3a457c2f798cad79cd30224e723e01fb) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
14:43:47.0828 2144 AVG Security Toolbar Service - ok
14:43:48.0265 2144 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
14:43:48.0625 2144 AVGIDSAgent - ok
14:43:48.0765 2144 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
14:43:48.0796 2144 AVGIDSDriver - ok
14:43:48.0812 2144 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
14:43:48.0828 2144 AVGIDSEH - ok
14:43:48.0859 2144 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
14:43:48.0859 2144 AVGIDSFilter - ok
14:43:48.0921 2144 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
14:43:48.0937 2144 AVGIDSShim - ok
14:43:49.0000 2144 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
14:43:49.0015 2144 Avgldx86 - ok
14:43:49.0125 2144 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
14:43:49.0140 2144 Avgmfx86 - ok
14:43:49.0171 2144 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
14:43:49.0187 2144 Avgrkx86 - ok
14:43:49.0203 2144 avgtdi - ok
14:43:49.0250 2144 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
14:43:49.0281 2144 Avgtdix - ok
14:43:49.0437 2144 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
14:43:49.0453 2144 avgwd - ok
14:43:49.0546 2144 avp - ok
14:43:49.0546 2144 avsvcmonitor - ok
14:43:49.0625 2144 b57w2k (2dc524a5d9c4879e7a7cb7100a2d36b4) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
14:43:49.0671 2144 b57w2k - ok
14:43:49.0687 2144 backupexecdevicemediaservice - ok
14:43:49.0703 2144 BASFND - ok
14:43:49.0750 2144 bdfdll - ok
14:43:49.0796 2144 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:43:49.0953 2144 Beep - ok
14:43:50.0703 2144 besclient - ok
14:43:50.0750 2144 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:43:50.0906 2144 BITS - ok
14:43:50.0921 2144 brmfrmps - ok
14:43:51.0000 2144 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:43:51.0156 2144 Browser - ok
14:43:51.0171 2144 bvrp_pci - ok
14:43:51.0187 2144 caisafe - ok
14:43:51.0203 2144 Cam5603D - ok
14:43:51.0218 2144 Cam5607 - ok
14:43:51.0250 2144 CAMCAUD (9329d489979cb29ba5e2cffc1dd28932) C:\WINDOWS\system32\drivers\camc6aud.sys
14:43:51.0296 2144 CAMCAUD - ok
14:43:51.0437 2144 CAMCHALA (66fb398d9336fee6bea79b68f362b167) C:\WINDOWS\system32\drivers\camc6hal.sys
14:43:51.0515 2144 CAMCHALA - ok
14:43:51.0531 2144 Cardex - ok
14:43:51.0578 2144 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:43:51.0718 2144 cbidf2k - ok
14:43:51.0828 2144 CCALib8 (359e5a91d26d0439933bef1c29cedef7) C:\Program Files\Canon\CAL\CALMAIN.exe
14:43:51.0859 2144 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
14:43:51.0859 2144 CCALib8 - detected UnsignedFile.Multi.Generic (1)
14:43:51.0875 2144 cd20xrnt - ok
14:43:51.0921 2144 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:43:52.0078 2144 Cdaudio - ok
14:43:52.0156 2144 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:43:52.0281 2144 Cdfs - ok
14:43:52.0359 2144 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:43:52.0484 2144 Cdrom - ok
14:43:52.0500 2144 cebdaldr - ok
14:43:52.0515 2144 centennialiptransferagent - ok
14:43:52.0531 2144 Changer - ok
14:43:52.0578 2144 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:43:52.0703 2144 CiSvc - ok
14:43:52.0718 2144 citrixxteserver - ok
14:43:52.0750 2144 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:43:52.0875 2144 ClipSrv - ok
14:43:52.0968 2144 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:43:52.0984 2144 clr_optimization_v2.0.50727_32 - ok
14:43:53.0078 2144 cltnetcnservice - ok
14:43:53.0156 2144 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:43:53.0312 2144 CmBatt - ok
14:43:53.0343 2144 CmdIde - ok
14:43:53.0359 2144 cmuda - ok
14:43:53.0375 2144 CnxTrLan - ok
14:43:53.0390 2144 com4qlb - ok
14:43:53.0406 2144 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:43:53.0531 2144 Compbatt - ok
14:43:53.0546 2144 COMSysApp - ok
14:43:53.0578 2144 Cpqarray - ok
14:43:53.0593 2144 cpqdmi - ok
14:43:53.0593 2144 cpucoolserver - ok
14:43:53.0609 2144 cpuidlep - ok
14:43:53.0656 2144 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:43:53.0781 2144 CryptSvc - ok
14:43:53.0796 2144 crystaloutputfileserver - ok
14:43:53.0796 2144 ctaud2k - ok
14:43:53.0812 2144 CTEDSPFX.DLL - ok
14:43:53.0828 2144 CTEDSPSY.DLL - ok
14:43:53.0843 2144 ctxcpusched - ok
14:43:53.0859 2144 cyberpowerups - ok
14:43:53.0875 2144 cypresslink - ok
14:43:53.0890 2144 dac2w2k - ok
14:43:53.0906 2144 dac960nt - ok
14:43:54.0046 2144 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:43:54.0156 2144 DcomLaunch - ok
14:43:54.0359 2144 Defrag32 - ok
14:43:54.0421 2144 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:43:54.0578 2144 Dhcp - ok
14:43:54.0593 2144 DirectUpdate - ok
14:43:54.0625 2144 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:43:54.0765 2144 Disk - ok
14:43:54.0781 2144 diskperf - ok
14:43:54.0796 2144 DKbFltr - ok
14:43:54.0812 2144 dlartl_n - ok
14:43:54.0828 2144 DLH5X - ok
14:43:54.0843 2144 dlpwd - ok
14:43:54.0859 2144 dmadmin - ok
14:43:54.0921 2144 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:43:55.0109 2144 dmboot - ok
14:43:55.0156 2144 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:43:55.0281 2144 dmio - ok
14:43:55.0390 2144 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:43:55.0546 2144 dmload - ok
14:43:55.0640 2144 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:43:55.0781 2144 dmserver - ok
14:43:55.0812 2144 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:43:55.0953 2144 DMusic - ok
14:43:56.0656 2144 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:43:56.0718 2144 Dnscache - ok
14:43:56.0796 2144 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:43:56.0937 2144 Dot3svc - ok
14:43:57.0046 2144 dphost - ok
14:43:57.0062 2144 dpti2o - ok
14:43:57.0109 2144 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:43:57.0234 2144 drmkaud - ok
14:43:57.0250 2144 drvnddm - ok
14:43:57.0250 2144 dtsrvc - ok
14:43:57.0265 2144 DXEC02 - ok
14:43:57.0281 2144 EACSvrMngr - ok
14:43:57.0328 2144 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:43:57.0453 2144 EapHost - ok
14:43:57.0468 2144 eeyeevnt - ok
14:43:57.0515 2144 elaunidr - ok
14:43:57.0531 2144 emproxy - ok
14:43:57.0546 2144 enethusb - ok
14:43:57.0562 2144 EntDrv51 - ok
14:43:57.0578 2144 epsonbidirectionalservice - ok
14:43:57.0625 2144 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:43:57.0750 2144 ERSvc - ok
14:43:57.0765 2144 ET5Drv - ok
14:43:57.0781 2144 etoksrv - ok
14:43:57.0843 2144 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:43:57.0890 2144 Eventlog - ok
14:43:57.0953 2144 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:43:58.0062 2144 EventSystem - ok
14:43:58.0125 2144 F700isw - ok
14:43:58.0140 2144 FA312 - ok
14:43:58.0171 2144 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:43:58.0312 2144 Fastfat - ok
14:43:58.0437 2144 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:43:58.0468 2144 FastUserSwitchingCompatibility - ok
14:43:58.0484 2144 fcdabus - ok
14:43:58.0546 2144 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:43:58.0656 2144 Fdc - ok
14:43:58.0671 2144 FINEPIX_PCC - ok
14:43:58.0703 2144 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:43:58.0828 2144 Fips - ok
14:43:58.0843 2144 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:43:59.0015 2144 Flpydisk - ok
14:43:59.0078 2144 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:43:59.0218 2144 FltMgr - ok
14:43:59.0515 2144 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:43:59.0531 2144 FontCache3.0.0.0 - ok
14:43:59.0578 2144 FontCache3.0.0.0. - ok
14:43:59.0609 2144 fsdfwd - ok
14:43:59.0625 2144 fshttps - ok
14:43:59.0640 2144 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:43:59.0781 2144 Fs_Rec - ok
14:43:59.0843 2144 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:44:00.0000 2144 Ftdisk - ok
14:44:00.0015 2144 ftrtsvc - ok
14:44:00.0031 2144 gdihook5 - ok
14:44:00.0093 2144 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:44:00.0203 2144 Gpc - ok
14:44:00.0218 2144 GV600_4 - ok
14:44:00.0234 2144 ha20x2k - ok
14:44:00.0265 2144 helpsvc - ok
14:44:00.0281 2144 HidServ - ok
14:44:00.0312 2144 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:44:00.0453 2144 HidUsb - ok
14:44:00.0500 2144 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:44:00.0640 2144 hkmsvc - ok
14:44:00.0656 2144 houdinilicenseserver - ok
14:44:00.0671 2144 hpn - ok
14:44:00.0687 2144 HpqKbFiltr - ok
14:44:00.0703 2144 HpqRemHid - ok
14:44:00.0765 2144 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
14:44:00.0812 2144 HSFHWICH - ok
14:44:00.0875 2144 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:44:01.0109 2144 HSF_DP - ok
14:44:01.0265 2144 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:44:01.0296 2144 HTTP - ok
14:44:01.0359 2144 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:44:01.0500 2144 HTTPFilter - ok
14:44:01.0515 2144 i2omgmt - ok
14:44:01.0531 2144 i2omp - ok
14:44:01.0562 2144 i8042prt (6b1b4d9054fc661ebce1c1e32dba893c) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:44:01.0578 2144 i8042prt ( Virus.Win32.ZAccess.k ) - infected
14:44:01.0578 2144 i8042prt - detected Virus.Win32.ZAccess.k (0)
14:44:01.0671 2144 ialm (d68339f8cde3c00b3fc12ab97e36aa30) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:44:01.0796 2144 ialm - ok
14:44:01.0812 2144 iastor - ok
14:44:01.0828 2144 idisw2km - ok
14:44:02.0000 2144 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:44:02.0078 2144 idsvc - ok
14:44:02.0250 2144 iirsp - ok
14:44:02.0250 2144 ikfilesec - ok
14:44:02.0343 2144 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:44:02.0546 2144 Imapi - ok
14:44:02.0609 2144 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
14:44:02.0781 2144 ImapiService - ok
14:44:02.0796 2144 incdrec - ok
14:44:02.0812 2144 ini910u - ok
14:44:02.0828 2144 IntelIde - ok
14:44:02.0890 2144 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:44:03.0062 2144 intelppm - ok
14:44:03.0062 2144 Intel_MIPMNMP - ok
14:44:03.0125 2144 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:44:03.0281 2144 ip6fw - ok
14:44:03.0296 2144 ipcsvc - ok
14:44:03.0343 2144 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:44:03.0468 2144 IpFilterDriver - ok
14:44:03.0500 2144 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:44:03.0640 2144 IpInIp - ok
14:44:03.0687 2144 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:44:03.0828 2144 IpNat - ok
14:44:03.0968 2144 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:44:04.0109 2144 IPSec - ok
14:44:04.0125 2144 irbus - ok
14:44:04.0171 2144 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:44:04.0312 2144 IRENUM - ok
14:44:04.0359 2144 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:44:04.0500 2144 isapnp - ok
14:44:04.0515 2144 issimon - ok
14:44:04.0515 2144 issm - ok
14:44:04.0531 2144 IWCA - ok
14:44:04.0546 2144 iwebcal - ok
14:44:04.0750 2144 JavaQuickStarterService (112325f53ab720ca77825726d427fbdc) C:\Program Files\Java\jre6\bin\jqs.exe
14:44:04.0765 2144 JavaQuickStarterService - ok
14:44:04.0781 2144 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:44:04.0921 2144 Kbdclass - ok
14:44:04.0937 2144 kerbkey - ok
14:44:04.0968 2144 keriomailserver - ok
14:44:05.0000 2144 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:44:05.0156 2144 kmixer - ok
14:44:05.0203 2144 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:44:05.0359 2144 KSecDD - ok
14:44:05.0484 2144 l8042pr2 - ok
14:44:05.0546 2144 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:44:05.0593 2144 lanmanserver - ok
14:44:05.0656 2144 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:44:05.0703 2144 lanmanworkstation - ok
14:44:05.0718 2144 lbrtfdc - ok
14:44:05.0734 2144 LHidFilt - ok
14:44:05.0750 2144 livesrv - ok
14:44:05.0812 2144 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:44:05.0937 2144 LmHosts - ok
14:44:05.0953 2144 lmimirr - ok
14:44:05.0968 2144 LPDSVC - ok
14:44:05.0984 2144 lvckap - ok
14:44:06.0000 2144 lvprcsrv - ok
14:44:06.0015 2144 lxcccustomerconnect - ok
14:44:06.0031 2144 MaRdPnp - ok
14:44:06.0046 2144 mclserviceatl - ok
14:44:06.0062 2144 mcshield - ok
14:44:06.0125 2144 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:44:06.0203 2144 mdmxsdk - ok
14:44:06.0218 2144 mdvrmng - ok
14:44:06.0250 2144 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:44:06.0375 2144 Messenger - ok
14:44:06.0390 2144 mldserv - ok
14:44:06.0453 2144 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:44:06.0609 2144 mnmdd - ok
14:44:06.0687 2144 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
14:44:06.0812 2144 mnmsrvc - ok
14:44:06.0859 2144 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:44:07.0000 2144 Modem - ok
14:44:07.0125 2144 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:44:07.0234 2144 Mouclass - ok
14:44:07.0312 2144 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:44:07.0453 2144 mouhid - ok
14:44:07.0484 2144 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:44:07.0625 2144 MountMgr - ok
14:44:07.0640 2144 MQAC - ok
14:44:07.0656 2144 mqdmbus - ok
14:44:07.0671 2144 mr2kserv - ok
14:44:07.0687 2144 mraid35x - ok
14:44:07.0703 2144 MRESP50a64 - ok
14:44:07.0734 2144 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:44:07.0875 2144 MRxDAV - ok
14:44:07.0953 2144 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:44:08.0093 2144 MRxSmb - ok
14:44:08.0156 2144 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
14:44:08.0312 2144 MSDTC - ok
14:44:08.0343 2144 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:44:08.0484 2144 Msfs - ok
14:44:08.0671 2144 MSFWDrv - ok
14:44:08.0687 2144 MSFWHLPR - ok
14:44:08.0687 2144 MSIRCOMM - ok
14:44:08.0703 2144 MSIServer - ok
14:44:08.0718 2144 msi_wlan_service - ok
14:44:08.0765 2144 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:44:08.0906 2144 MSKSSRV - ok
14:44:08.0921 2144 msloop - ok
14:44:08.0953 2144 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:44:09.0125 2144 MSPCLOCK - ok
14:44:09.0156 2144 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:44:09.0296 2144 MSPQM - ok
14:44:09.0328 2144 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:44:09.0437 2144 mssmbios - ok
14:44:09.0453 2144 mssqlserverolapservice - ok
14:44:09.0468 2144 MSW_USB - ok
14:44:09.0515 2144 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:44:09.0546 2144 Mup - ok
14:44:09.0562 2144 mxssvr - ok
14:44:09.0609 2144 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:44:09.0781 2144 napagent - ok
14:44:09.0812 2144 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:44:09.0953 2144 NDIS - ok
14:44:10.0046 2144 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:44:10.0140 2144 NdisTapi - ok
14:44:10.0234 2144 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:44:10.0359 2144 Ndisuio - ok
14:44:10.0390 2144 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:44:10.0515 2144 NdisWan - ok
14:44:10.0546 2144 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:44:10.0609 2144 NDProxy - ok
14:44:10.0625 2144 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:44:10.0750 2144 NetBIOS - ok
14:44:10.0812 2144 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:44:10.0968 2144 NetBT - ok
14:44:10.0984 2144 netcfgsvr - ok
14:44:11.0046 2144 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:44:11.0171 2144 NetDDE - ok
14:44:11.0187 2144 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:44:11.0312 2144 NetDDEdsdm - ok
14:44:11.0375 2144 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
14:44:11.0500 2144 Netlogon - ok
14:44:11.0546 2144 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:44:11.0687 2144 Netman - ok
14:44:11.0703 2144 NetMsmqActivator - ok
14:44:11.0812 2144 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:44:11.0843 2144 NetTcpPortSharing - ok
14:44:11.0906 2144 networkx - ok
14:44:11.0937 2144 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:44:12.0109 2144 NIC1394 - ok
14:44:12.0125 2144 nidomainservice - ok
14:44:12.0234 2144 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:44:12.0296 2144 Nla - ok
14:44:12.0312 2144 npapimon - ok
14:44:12.0375 2144 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:44:12.0546 2144 Npfs - ok
14:44:12.0546 2144 npkcsvc - ok
14:44:12.0625 2144 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:44:12.0812 2144 Ntfs - ok
14:44:12.0937 2144 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
14:44:13.0062 2144 NtLmSsp - ok
14:44:13.0265 2144 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:44:13.0421 2144 NtmsSvc - ok
14:44:13.0437 2144 ntsvcmgr - ok
14:44:13.0515 2144 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:44:13.0671 2144 Null - ok
14:44:13.0687 2144 nuvaud2 - ok
14:44:13.0703 2144 NVENET - ok
14:44:13.0718 2144 nvnetbus - ok
14:44:13.0718 2144 nvnforce - ok
14:44:13.0750 2144 NVR0FLASHDev - ok
14:44:13.0781 2144 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:44:13.0937 2144 NwlnkFlt - ok
14:44:14.0046 2144 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:44:14.0203 2144 NwlnkFwd - ok
14:44:14.0281 2144 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:44:14.0421 2144 ohci1394 - ok
14:44:14.0437 2144 olregcap - ok
14:44:14.0453 2144 oracleorahome92tnslistener - ok
14:44:14.0546 2144 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:44:14.0578 2144 ose - ok
14:44:14.0593 2144 P17xfi - ok
14:44:14.0609 2144 p2pimsvc - ok
14:44:14.0625 2144 paamsrv - ok
14:44:14.0671 2144 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
14:44:14.0796 2144 Parport - ok
14:44:14.0812 2144 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:44:14.0937 2144 PartMgr - ok
14:44:14.0984 2144 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:44:15.0156 2144 ParVdm - ok
14:44:15.0187 2144 pavagente - ok
14:44:15.0203 2144 pavsrv - ok
14:44:15.0218 2144 pcandis5 - ok
14:44:15.0234 2144 PcdrNt - ok
14:44:15.0250 2144 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:44:15.0390 2144 PCI - ok
14:44:15.0406 2144 PCIDump - ok
14:44:15.0421 2144 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:44:15.0562 2144 PCIIde - ok
14:44:15.0609 2144 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:44:15.0734 2144 Pcmcia - ok
14:44:15.0781 2144 pcouffin - ok
14:44:15.0812 2144 pcscnsrv - ok
14:44:15.0828 2144 PDCOMP - ok
14:44:15.0843 2144 PDFRAME - ok
14:44:15.0859 2144 pdlndint - ok
14:44:15.0875 2144 PDRELI - ok
14:44:15.0890 2144 PDRFRAME - ok
14:44:15.0906 2144 perc2 - ok
14:44:15.0921 2144 perc2hib - ok
14:44:15.0953 2144 picturetaker - ok
14:44:16.0000 2144 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:44:16.0015 2144 PlugPlay - ok
14:44:16.0031 2144 pnkbstrb - ok
14:44:16.0093 2144 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
14:44:16.0203 2144 PolicyAgent - ok
14:44:16.0234 2144 pop3d32 - ok
14:44:16.0281 2144 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:44:16.0421 2144 PptpMiniport - ok
14:44:16.0531 2144 PrismXL (6135b976e16f80c1b1363be882344785) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
14:44:16.0562 2144 PrismXL ( UnsignedFile.Multi.Generic ) - warning
14:44:16.0562 2144 PrismXL - detected UnsignedFile.Multi.Generic (1)
14:44:16.0593 2144 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
14:44:16.0734 2144 Processor - ok
14:44:16.0765 2144 procexp100 - ok
14:44:16.0781 2144 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:44:16.0906 2144 ProtectedStorage - ok
14:44:16.0921 2144 proxyhostmirrordisplay - ok
14:44:16.0937 2144 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:44:17.0093 2144 PSched - ok
14:44:17.0187 2144 pserve - ok
14:44:17.0250 2144 pshost - ok
14:44:17.0265 2144 PTDCVsp - ok
14:44:17.0281 2144 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:44:17.0437 2144 Ptilink - ok
14:44:17.0453 2144 pxfhbus - ok
14:44:17.0468 2144 qbposdbextservices - ok
14:44:17.0484 2144 qcdonner - ok
14:44:17.0500 2144 ql1080 - ok
14:44:17.0515 2144 Ql10wnt - ok
14:44:17.0546 2144 ql12160 - ok
14:44:17.0562 2144 ql1240 - ok
14:44:17.0578 2144 ql1280 - ok
14:44:17.0593 2144 QPCapSvc - ok
14:44:17.0625 2144 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:44:17.0750 2144 RasAcd - ok
14:44:17.0843 2144 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:44:17.0968 2144 RasAuto - ok
14:44:18.0015 2144 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:44:18.0140 2144 Rasl2tp - ok
14:44:18.0218 2144 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:44:18.0359 2144 RasMan - ok
14:44:18.0453 2144 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:44:18.0593 2144 RasPppoe - ok
14:44:18.0625 2144 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:44:18.0781 2144 Raspti - ok
14:44:18.0796 2144 razerusb - ok
14:44:18.0828 2144 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:44:18.0953 2144 Rdbss - ok
14:44:19.0031 2144 rdnaoflsvc - ok
14:44:19.0046 2144 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:44:19.0203 2144 RDPCDD - ok
14:44:19.0250 2144 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:44:19.0390 2144 rdpdr - ok
14:44:19.0484 2144 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:44:19.0562 2144 RDPWD - ok
14:44:19.0593 2144 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:44:19.0718 2144 RDSessMgr - ok
14:44:19.0734 2144 RecAgent - ok
14:44:19.0781 2144 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:44:19.0921 2144 redbook - ok
14:44:19.0937 2144 regmanserv - ok
14:44:20.0015 2144 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:44:20.0156 2144 RemoteAccess - ok
14:44:20.0203 2144 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
14:44:20.0343 2144 RemoteRegistry - ok
14:44:20.0390 2144 rimmptsk - ok
14:44:20.0406 2144 rksample - ok
14:44:20.0421 2144 rootmodem - ok
14:44:20.0437 2144 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
14:44:20.0562 2144 RpcLocator - ok
14:44:20.0625 2144 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
14:44:20.0656 2144 RpcSs - ok
14:44:20.0703 2144 rpcsvr4x - ok
14:44:20.0734 2144 rpsupdaterr - ok
14:44:20.0796 2144 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
14:44:20.0953 2144 RSVP - ok
14:44:20.0968 2144 rt61 - ok
14:44:20.0984 2144 s116bus - ok
14:44:21.0062 2144 s116mdm - ok
14:44:21.0078 2144 s117unic - ok
14:44:21.0093 2144 s24trans - ok
14:44:21.0109 2144 s3savagemx - ok
14:44:21.0140 2144 s616bus - ok
14:44:21.0156 2144 s716bus - ok
14:44:21.0171 2144 S7oppilx - ok
14:44:21.0218 2144 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:44:21.0343 2144 SamSs - ok
14:44:21.0359 2144 sandboxu - ok
14:44:21.0375 2144 sbp2port - ok
14:44:21.0453 2144 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:44:21.0593 2144 SCardSvr - ok
14:44:21.0656 2144 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:44:21.0796 2144 Schedule - ok
14:44:21.0843 2144 scsk4 - ok
14:44:21.0875 2144 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:44:22.0015 2144 sdbus - ok
14:44:22.0031 2144 SE2Cmgmt - ok
14:44:22.0046 2144 se45obex - ok
14:44:22.0062 2144 se58nd5 - ok
14:44:22.0078 2144 se59nd5 - ok
14:44:22.0125 2144 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:44:22.0265 2144 Secdrv - ok
14:44:22.0328 2144 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:44:22.0484 2144 seclogon - ok
14:44:22.0500 2144 senfilt - ok
14:44:22.0515 2144 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
14:44:22.0640 2144 SENS - ok
14:44:22.0703 2144 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
14:44:22.0843 2144 Serial - ok
14:44:22.0875 2144 SetupSys - ok
14:44:22.0890 2144 sf - ok
14:44:22.0921 2144 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:44:23.0046 2144 Sfloppy - ok
14:44:23.0062 2144 SGIR - ok
14:44:23.0140 2144 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:44:23.0265 2144 SharedAccess - ok
14:44:23.0281 2144 shdserv - ok
14:44:23.0343 2144 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:44:23.0359 2144 ShellHWDetection - ok
14:44:23.0406 2144 si3114r - ok
14:44:23.0421 2144 Si3132r5 - ok
14:44:23.0437 2144 Simbad - ok
14:44:23.0453 2144 Sk99202k - ok
14:44:23.0468 2144 slpmonx - ok
14:44:23.0484 2144 smsmdd - ok
14:44:23.0500 2144 snoopfreesvc - ok
14:44:23.0515 2144 sonicatheaterinstallerservice - ok
14:44:23.0531 2144 Sparrow - ok
14:44:23.0546 2144 SPFDRV - ok
14:44:23.0593 2144 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:44:23.0734 2144 splitter - ok
14:44:23.0796 2144 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:44:23.0828 2144 Spooler - ok
14:44:23.0953 2144 SPService - ok
14:44:24.0078 2144 Spsmqvsm - ok
14:44:24.0156 2144 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:44:24.0281 2144 sr - ok
14:44:24.0343 2144 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:44:24.0468 2144 srservice - ok
14:44:24.0515 2144 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:44:24.0593 2144 Srv - ok
14:44:24.0609 2144 sscdbus - ok
14:44:24.0625 2144 sscdmdfl - ok
14:44:24.0656 2144 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:44:24.0796 2144 SSDPSRV - ok
14:44:24.0812 2144 ssmdrv - ok
14:44:24.0843 2144 ssrtln - ok
14:44:24.0859 2144 ssrvc - ok
14:44:24.0875 2144 StickyMesger - ok
14:44:24.0921 2144 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:44:25.0093 2144 stisvc - ok
14:44:25.0140 2144 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:44:25.0265 2144 swenum - ok
14:44:25.0312 2144 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:44:25.0437 2144 swmidi - ok
14:44:25.0500 2144 SwPrv - ok
14:44:25.0531 2144 symc810 - ok
14:44:25.0546 2144 symc8xx - ok
14:44:25.0562 2144 SymIM - ok
14:44:25.0578 2144 sym_hi - ok
14:44:25.0593 2144 sym_u3 - ok
14:44:25.0609 2144 sysaidagent - ok
14:44:25.0671 2144 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:44:25.0812 2144 sysaudio - ok
14:44:25.0843 2144 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:44:25.0984 2144 SysmonLog - ok
14:44:26.0000 2144 Tablet2k - ok
14:44:26.0046 2144 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:44:26.0203 2144 TapiSrv - ok
14:44:26.0234 2144 Tb2RCAssist - ok
14:44:26.0250 2144 TBPanel - ok
14:44:26.0312 2144 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:44:26.0406 2144 Tcpip - ok
14:44:26.0500 2144 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:44:26.0656 2144 TDPIPE - ok
14:44:26.0687 2144 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:44:26.0828 2144 TDTCP - ok
14:44:26.0859 2144 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:44:27.0000 2144 TermDD - ok
14:44:27.0125 2144 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:44:27.0281 2144 TermService - ok
14:44:27.0312 2144 tfsnudf - ok
14:44:27.0375 2144 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:44:27.0406 2144 Themes - ok
14:44:27.0453 2144 tifm21 (1154850749ecd019972d901ea6c6950c) C:\WINDOWS\system32\drivers\tifm21.sys
14:44:27.0515 2144 tifm21 - ok
14:44:27.0531 2144 tiwlnsvc - ok
14:44:27.0562 2144 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
14:44:27.0703 2144 TlntSvr - ok
14:44:27.0765 2144 tmesbs32 - ok
14:44:27.0781 2144 TosIde - ok
14:44:27.0796 2144 tosrfcom - ok
14:44:27.0812 2144 TPwSav - ok
14:44:27.0890 2144 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:44:28.0031 2144 TrkWks - ok
14:44:28.0046 2144 tsmapip - ok
14:44:28.0062 2144 TVALG - ok
14:44:28.0078 2144 twotrack - ok
14:44:28.0125 2144 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:44:28.0265 2144 Udfs - ok
14:44:28.0281 2144 ultra - ok
14:44:28.0296 2144 UMAXPCLS - ok
14:44:28.0375 2144 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:44:28.0562 2144 Update - ok
14:44:28.0593 2144 uphclean - ok
14:44:28.0640 2144 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:44:28.0781 2144 upnphost - ok
14:44:28.0875 2144 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:44:29.0015 2144 UPS - ok
14:44:29.0031 2144 upsentry_smart - ok
14:44:29.0046 2144 us30sys - ok
14:44:29.0062 2144 USBCCID - ok
14:44:29.0109 2144 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:44:29.0250 2144 usbehci - ok
14:44:29.0281 2144 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:44:29.0421 2144 usbhub - ok
14:44:29.0437 2144 usbio - ok
14:44:29.0500 2144 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:44:29.0625 2144 usbscan - ok
14:44:29.0687 2144 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:44:29.0812 2144 USBSTOR - ok
14:44:29.0828 2144 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:44:29.0968 2144 usbuhci - ok
14:44:29.0984 2144 usbvideo - ok
14:44:30.0000 2144 USB_RNDIS - ok
14:44:30.0015 2144 usr11g - ok
14:44:30.0031 2144 UVCFTR - ok
14:44:30.0046 2144 UxTuneUp - ok
14:44:30.0062 2144 VC6SecS - ok
14:44:30.0078 2144 VCAM - ok
14:44:30.0093 2144 vds - ok
14:44:30.0109 2144 vet-rec - ok
14:44:30.0156 2144 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:44:30.0296 2144 VgaSave - ok
14:44:30.0328 2144 ViaIde - ok
14:44:30.0375 2144 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:44:30.0546 2144 VolSnap - ok
14:44:30.0593 2144 vproeventmonitor - ok
14:44:30.0609 2144 VrAcFil - ok
14:44:30.0671 2144 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:44:30.0828 2144 VSS - ok
14:44:31.0046 2144 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
14:44:31.0109 2144 vToolbarUpdater10.2.0 - ok
14:44:31.0234 2144 vusbbus - ok
14:44:31.0250 2144 vwlogger - ok
14:44:31.0359 2144 w22n51 (4c009d4352849d79bf347846b6e03bfd) C:\WINDOWS\system32\DRIVERS\w22n51.sys
14:44:31.0562 2144 w22n51 - ok
14:44:31.0718 2144 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
14:44:31.0906 2144 w29n51 - ok
14:44:32.0156 2144 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:44:32.0359 2144 W32Time - ok
14:44:32.0375 2144 W700mdm - ok
14:44:32.0390 2144 w810obex - ok
14:44:32.0406 2144 W8335XP - ok
14:44:32.0500 2144 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:44:32.0625 2144 Wanarp - ok
14:44:32.0640 2144 WaveFDE - ok
14:44:32.0656 2144 WavxDMgr - ok
14:44:32.0671 2144 WcesComm - ok
14:44:32.0703 2144 WDICA - ok
14:44:32.0734 2144 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:44:32.0875 2144 wdmaud - ok
14:44:32.0906 2144 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:44:33.0046 2144 WebClient - ok
14:44:33.0156 2144 websenserealtimeanalyzer - ok
14:44:33.0171 2144 websenseusagemonitor - ok
14:44:33.0187 2144 wg5n - ok
14:44:33.0203 2144 WimFltr - ok
14:44:33.0281 2144 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:44:33.0437 2144 winachsf - ok
14:44:33.0484 2144 windowblinds - ok
14:44:33.0562 2144 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:44:33.0687 2144 winmgmt - ok
14:44:33.0718 2144 winss - ok
14:44:33.0734 2144 wintab32 - ok
14:44:33.0750 2144 winvnc4 - ok
14:44:33.0765 2144 WISTechVIDCAP - ok
14:44:33.0781 2144 wlluc48b - ok
14:44:33.0796 2144 wlmel51b - ok
14:44:33.0812 2144 WmaCVideo32 - ok
14:44:33.0875 2144 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
14:44:34.0000 2144 WmdmPmSN - ok
14:44:34.0078 2144 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
14:44:34.0187 2144 Wmi - ok
14:44:34.0250 2144 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
14:44:34.0390 2144 WmiApSrv - ok
14:44:34.0437 2144 wudfrd - ok
14:44:34.0531 2144 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:44:34.0703 2144 WZCSVC - ok
14:44:34.0718 2144 x10nets - ok
14:44:34.0734 2144 XAudio - ok
14:44:34.0750 2144 xfactorae1 - ok
14:44:34.0796 2144 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:44:34.0953 2144 xmlprov - ok
14:44:34.0968 2144 Xyz777b - ok
14:44:34.0984 2144 ZSMC301b - ok
14:44:35.0015 2144 {6080a529-897e-4629-a488-aba0c29b635e} - ok
14:44:35.0046 2144 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:44:35.0312 2144 \Device\Harddisk0\DR0 - ok
14:44:35.0312 2144 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR8
14:44:44.0546 2144 \Device\Harddisk1\DR8 - ok
14:44:44.0562 2144 Boot (0x1200) (132ea25f25ff782e912309ec8e25856c) \Device\Harddisk0\DR0\Partition0
14:44:44.0562 2144 \Device\Harddisk0\DR0\Partition0 - ok
14:44:44.0562 2144 Boot (0x1200) (d464319cf0bccdbbed1dd97e83618d7d) \Device\Harddisk1\DR8\Partition0
14:44:44.0562 2144 \Device\Harddisk1\DR8\Partition0 - ok
14:44:44.0562 2144 ============================================================
14:44:44.0562 2144 Scan finished
14:44:44.0562 2144 ============================================================
14:44:44.0671 3060 Detected object count: 3
14:44:44.0671 3060 Actual detected object count: 3
14:46:20.0343 3060 C:\Program Files\Canon\CAL\CALMAIN.exe - copied to quarantine
14:46:20.0343 3060 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
14:46:20.0578 3060 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - copied to quarantine
14:46:20.0578 3060 C:\WINDOWS\$NtUninstallKB38874$\1512164859\@ - copied to quarantine
14:46:20.0593 3060 C:\WINDOWS\$NtUninstallKB38874$\1512164859\bckfg.tmp - copied to quarantine
14:46:20.0593 3060 C:\WINDOWS\$NtUninstallKB38874$\1512164859\cfg.ini - copied to quarantine
14:46:20.0609 3060 C:\WINDOWS\$NtUninstallKB38874$\1512164859\Desktop.ini - copied to quarantine
14:46:20.0703 3060 C:\WINDOWS\$NtUninstallKB38874$\1512164859\kwrd.dll - copied to quarantine
14:46:20.0750 3060 C:\WINDOWS\$NtUninstallKB38874$\1512164859\L\qavjuxlo - copied to quarantine
14:46:20.0859 3060 C:\WINDOWS\$NtUninstallKB38874$\1512164859\lsflt7.ver - copied to quarantine
14:46:20.0937 3060 C:\WINDOWS\$NtUninstallKB38874$\1512164859\U\00000001.@ - copied to quarantine
14:46:21.0046 3060 C:\WINDOWS\$NtUninstallKB38874$\1512164859\U\00000002.@ - copied to quarantine
14:46:21.0062 3060 C:\WINDOWS\$NtUninstallKB38874$\1512164859\U\00000004.@ - copied to quarantine
14:46:21.0109 3060 C:\WINDOWS\$NtUninstallKB38874$\1512164859\U\80000000.@ - copied to quarantine
14:46:21.0140 3060 C:\WINDOWS\$NtUninstallKB38874$\1512164859\U\80000004.@ - copied to quarantine
14:46:21.0187 3060 C:\WINDOWS\$NtUninstallKB38874$\1512164859\U\80000032.@ - copied to quarantine
14:46:21.0203 3060 C:\WINDOWS\$NtUninstallKB38874$\1512164859\version - copied to quarantine
14:46:21.0203 3060 i8042prt ( Virus.Win32.ZAccess.k ) - User select action: Quarantine
14:46:21.0406 3060 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS - copied to quarantine
14:46:21.0406 3060 PrismXL ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
14:46:46.0015 3208 Deinitialize success

jeffce
2012-04-22, 21:57
Hi,


Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://img.photobucket.com/albums/v706/ried7/RCUpdate1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
5. If after the reboot you get errors about programs being marked for deletion then reboot, that will cure it.
---------

krichbaum
2012-04-23, 00:11
OK, ran combofix (installed windows recovery console in the process), here is the resulting log:


ComboFix 12-04-22.01 - MyPC 04/22/2012 15:44:21.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.628 [GMT -4:00]
Running from: c:\documents and settings\MyPC\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\NetworkService\Local Settings\Application Data\hipomea.dll
c:\windows\$NtUninstallKB38874$\1512164859\@
c:\windows\$NtUninstallKB38874$\1512164859\bckfg.tmp
c:\windows\$NtUninstallKB38874$\1512164859\cfg.ini
c:\windows\$NtUninstallKB38874$\1512164859\Desktop.ini
c:\windows\$NtUninstallKB38874$\1512164859\keywords
c:\windows\$NtUninstallKB38874$\1512164859\kwrd.dll
c:\windows\$NtUninstallKB38874$\1512164859\L\qavjuxlo
c:\windows\$NtUninstallKB38874$\1512164859\lsflt7.ver
c:\windows\$NtUninstallKB38874$\1512164859\U\00000001.@
c:\windows\$NtUninstallKB38874$\1512164859\U\00000002.@
c:\windows\$NtUninstallKB38874$\1512164859\U\00000004.@
c:\windows\$NtUninstallKB38874$\1512164859\U\80000000.@
c:\windows\$NtUninstallKB38874$\1512164859\U\80000004.@
c:\windows\$NtUninstallKB38874$\1512164859\U\80000032.@
c:\windows\$NtUninstallKB38874$\1512164859\version
c:\windows\$NtUninstallKB38874$\3334500808
c:\windows\help\wmplayer.bak
c:\windows\system32\bjmcmng.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b7a97b31c4a0bbfb.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d480d8f0513b2221.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f3e9c57cbc53f4a1.fb
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\rpaservice.dll
c:\windows\$NtUninstallKB38874$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_SPService
-------\Legacy_3dkeybd
-------\Legacy_akshasp
-------\Legacy_AsDsm
-------\Service_3dkeybd
-------\Service_akshasp
-------\Service_AsDsm
.
.
((((((((((((((((((((((((( Files Created from 2012-03-22 to 2012-04-22 )))))))))))))))))))))))))))))))
.
.
2012-04-22 18:46 . 2012-04-22 18:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-21 00:14 . 2012-04-21 00:14 -------- d-----w- c:\program files\ERUNT
2012-04-20 18:44 . 2012-04-20 18:44 -------- d-----w- c:\program files\VS Revo Group
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-26 16:23 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-26 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-10-21 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-10-21 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-02-26 149280]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 5:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 4:49 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/26/2012 12:23 PM 918880]
S2 pcouffin;VX1000;c:\windows\system32\svchost.exe -k netsvcs [3/31/2003 8:00 AM 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/12/2011 5:08 PM 1025352]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 10:42 PM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 10:42 PM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 10:42 PM 16720]
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
GV600_4
AeLookupSvc
SE2Cmgmt
tfsnudf
DXEC02
etoksrv
networkx
Cardex
vet-rec
slpmonx
AsDsm
brmfrmps
se45obex
smsmdd
s3savagemx
usbvideo
W700mdm
ssmdrv
ikfilesec
olregcap
backupexecdevicemediaservice
Tb2RCAssist
AEAudioService
cpuidlep
ATIBTCAP
F700isw
StickyMesger
avp
p2pimsvc
s616bus
DirectUpdate
CTEDSPFX.DLL
ctxcpusched
NVENET
websenserealtimeanalyzer
rdnaoflsvc
WISTechVIDCAP
mdvrmng
houdinilicenseserver
lxcccustomerconnect
netcfgsvr
rt61
shdserv
npkcsvc
s116mdm
sscdmdfl
ntsvcmgr
upsentry_smart
EACSvrMngr
NVR0FLASHDev
sonicatheaterinstallerservice
pshost
caisafe
razerusb
sscdbus
proxyhostmirrordisplay
mclserviceatl
avgtdi
x10nets
cypresslink
avsvcmonitor
nidomainservice
ATMsrvc
wlluc48b
PTDCVsp
pavagente
besclient
pnkbstrb
FINEPIX_PCC
paamsrv
Defrag32
CTEDSPSY.DLL
usbio
websenseusagemonitor
arrayssl_vpn_service3,0,1,9
{6080a529-897e-4629-a488-aba0c29b635e}
wintab32
l8042pr2
dtsrvc
cmuda
npapimon
issm
VCAM
cebdaldr
nuvaud2
s116bus
SGIR
msi_wlan_service
si3114r
pcscnsrv
tosrfcom
iwebcal
twotrack
crystaloutputfileserver
TBPanel
Cam5603D
BASFND
RecAgent
kerbkey
us30sys
lmimirr
tiwlnsvc
idisw2km
vwlogger
ET5Drv
windowblinds
rksample
livesrv
dphost
ha20x2k
vproeventmonitor
Xyz777b
USBCCID
citrixxteserver
Si3132r5
mcshield
WimFltr
WmaCVideo32
MSIRCOMM
QPCapSvc
MaRdPnp
adiusbaw
pxfhbus
pcouffin
pop3d32
AVCSTRM
a8djusb
incdrec
pcandis5
cltnetcnservice
UVCFTR
3dkeybd
akshasp
vds
nvnetbus
fcdabus
TVALG
s117unic
emproxy
se59nd5
Spsmqvsm
NetMsmqActivator
ZSMC301b
AsIO
alcxsens
LPDSVC
snoopfreesvc
s716bus
lvckap
lvprcsrv
mxssvr
cpqdmi
ageresoftmodem
usr11g
gdihook5
SetupSys
irbus
MSW_USB
IWCA
sysaidagent
elaunidr
enethusb
rimmptsk
picturetaker
senfilt
HpqRemHid
TPwSav
UxTuneUp
cyberpowerups
P17xfi
xfactorae1
dlartl_n
FontCache3.0.0.0.
Intel_MIPMNMP
tsmapip
com4qlb
apache2
ati2mtag
Sk99202k
s24trans
mldserv
fsdfwd
pdlndint
issimon
WavxDMgr
AKSIFDH
DLH5X
XAudio
uphclean
eeyeevnt
iirsp
ABVPN2K
ipcsvc
nvnforce
mssqlserverolapservice
wudfrd
CnxTrLan
DKbFltr
scsk4
qcdonner
rpsupdaterr
sf
pserve
sbp2port
MSFWHLPR
centennialiptransferagent
VrAcFil
se58nd5
w810obex
MRESP50a64
winvnc4
atixsaudio
vusbbus
USB_RNDIS
HpqKbFiltr
S7oppilx
ftrtsvc
UMAXPCLS
wg5n
mr2kserv
MSFWDrv
drvnddm
ssrtln
keriomailserver
wlmel51b
fshttps
tmesbs32
akshhl
WaveFDE
pavsrv
VC6SecS
rootmodem
ssrvc
PcdrNt
dlpwd
SymIM
Tablet2k
qbposdbextservices
msloop
LHidFilt
sandboxu
Cam5607
cpucoolserver
adobeactivefilemonitor5.0
W8335XP
bdfdll
alim1541
bvrp_pci
iastor
procexp100
EntDrv51
ATIBTXBAR
mqdmbus
winss
WcesComm
MQAC
rpcsvr4x
FA312
aksfridge
SPFDRV
regmanserv
epsonbidirectionalservice
diskperf
ctaud2k
oracleorahome92tnslistener
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
TermService
wuauserv
BITS
ShellHWDetection
helpsvc
WmdmPmSN
xmlprov
wscsvc
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-22 15:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(216)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-04-22 16:03:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-22 20:03
.
Pre-Run: 49,175,400,448 bytes free
Post-Run: 49,679,376,384 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 6B78B76FEFCDE7805BB83205EEA8AC68

jeffce
2012-04-23, 16:34
Hi,

Next I would like you to take the following steps:
Click Start then Run type Notepad and click Ok
Copy and Paste the contents of the Code box below into Notepad



Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=hex(7):36,74,6f,34,00,41,70,70,4d,67,6d,74,00,41,75,64,69,6f,53,72,\
76,00,42,72,6f,77,73,65,72,00,43,72,79,70,74,53,76,63,00,44,4d,53,65,72,76,\
65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,76,65,6e,74,53,79,73,74,65,6d,\
00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,\
62,69,6c,69,74,79,00,48,69,64,53,65,72,76,00,49,61,73,00,49,70,72,69,70,00,\
49,72,6d,6f,6e,00,4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,4c,61,6e,6d,61,6e,\
57,6f,72,6b,73,74,61,74,69,6f,6e,00,4d,65,73,73,65,6e,67,65,72,00,4e,65,74,\
6d,61,6e,00,4e,6c,61,00,4e,74,6d,73,73,76,63,00,4e,57,43,57,6f,72,6b,73,74,\
61,74,69,6f,6e,00,4e,77,73,61,70,61,67,65,6e,74,00,52,61,73,61,75,74,6f,00,\
52,61,73,6d,61,6e,00,52,65,6d,6f,74,65,61,63,63,65,73,73,00,53,63,68,65,64,\
75,6c,65,00,53,65,63,6c,6f,67,6f,6e,00,53,45,4e,53,00,53,68,61,72,65,64,61,\
63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,54,\
68,65,6d,65,73,00,54,72,6b,57,6b,73,00,57,33,32,54,69,6d,65,00,57,5a,43,53,\
56,43,00,57,6d,69,00,57,6d,64,6d,50,6d,53,70,00,77,69,6e,6d,67,6d,74,00,77,\
73,63,73,76,63,00,78,6d,6c,70,72,6f,76,00,6e,61,70,61,67,65,6e,74,00,68,6b,\
6d,73,76,63,00,42,49,54,53,00,77,75,61,75,73,65,72,76,00,53,68,65,6c,6c,48,\
57,44,65,74,65,63,74,69,6f,6e,00,68,65,6c,70,73,76,63,00,00


Save as regfix.reg to your Desktop
Make sure to save file type as All Files
Now right-click regfix.reg and select Merge
----------



Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


ClearJavaCache::

Folder::
c:\windows\$NtUninstallKB38874$


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

krichbaum
2012-04-23, 19:39
Hello again Jeff, I edited the registry per your instructions, and ran combofix with the supplied script. It rebooted the pc and then completed. Here is the log:


ComboFix 12-04-22.01 - MyPC 04/23/2012 12:13:24.2.1 - x86
Running from: c:\documents and settings\MyPC\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MyPC\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))
.
.
2012-04-23 00:46 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-04-23 00:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-04-22 18:46 . 2012-04-22 18:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-21 00:14 . 2012-04-21 00:14 -------- d-----w- c:\program files\ERUNT
2012-04-20 18:44 . 2012-04-20 18:44 -------- d-----w- c:\program files\VS Revo Group
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 11:01 . 2003-03-31 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2003-03-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2003-03-31 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2003-03-31 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2003-03-31 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((( SnapShot@2012-04-22_19.58.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-23 16:11 . 2012-04-23 16:11 16384 c:\windows\Temp\Perflib_Perfdata_73c.dat
- 2003-03-31 12:00 . 2012-03-26 16:18 68162 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2012-04-23 07:06 68162 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2012-03-01 11:01 66560 c:\windows\system32\mshtmled.dll
- 2003-03-31 12:00 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
- 2007-08-13 22:54 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 22:54 . 2012-03-01 11:01 55296 c:\windows\system32\msfeedsbs.dll
+ 2003-03-31 12:00 . 2012-03-01 11:01 25600 c:\windows\system32\jsproxy.dll
- 2003-03-31 12:00 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
- 2011-02-26 23:36 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2011-02-26 23:36 . 2012-03-01 11:01 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2007-08-13 22:54 . 2012-03-01 11:01 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-13 22:54 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2008-10-22 15:20 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-22 15:20 . 2012-03-01 11:01 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-08-13 22:44 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 22:44 . 2012-03-01 11:01 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 22:54 . 2012-03-01 11:01 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2007-08-13 22:54 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2012-04-23 07:07 . 2011-11-04 19:20 12800 c:\windows\ie8updates\KB2675157-IE8\xpshims.dll
+ 2012-04-23 07:07 . 2011-11-04 19:20 66560 c:\windows\ie8updates\KB2675157-IE8\mshtmled.dll
+ 2012-04-23 07:07 . 2011-11-04 19:20 55296 c:\windows\ie8updates\KB2675157-IE8\msfeedsbs.dll
+ 2012-04-23 07:07 . 2011-11-04 19:20 43520 c:\windows\ie8updates\KB2675157-IE8\licmgr10.dll
+ 2012-04-23 07:07 . 2011-11-04 19:20 25600 c:\windows\ie8updates\KB2675157-IE8\jsproxy.dll
+ 2012-04-23 07:15 . 2012-04-23 07:15 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
+ 2012-04-23 07:15 . 2012-04-23 07:15 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
+ 2012-04-23 07:13 . 2012-04-23 07:13 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-04-23 07:09 . 2012-04-23 07:09 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3aa4296d4aa01fe0533de2c15f818d5f\PresentationFontCache.ni.exe
+ 2012-04-23 07:08 . 2012-04-23 07:08 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\820acb71782d9cd006800b3ac7e1ca53\PresentationCFFRasterizer.ni.dll
+ 2012-04-23 07:14 . 2012-04-23 07:14 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-01-11 01:11 . 2012-01-11 01:11 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-01-11 01:11 . 2012-01-11 01:11 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-01-11 01:11 . 2012-01-11 01:11 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-11 01:11 . 2012-01-11 01:11 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-10-21 18:38 . 2011-11-16 14:21 354816 c:\windows\system32\winhttp.dll
- 2008-10-21 18:38 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
- 2003-03-31 12:00 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
+ 2003-03-31 12:00 . 2012-03-01 11:01 105984 c:\windows\system32\url.dll
+ 2003-03-31 12:00 . 2011-11-16 14:21 152064 c:\windows\system32\schannel.dll
- 2003-03-31 12:00 . 2012-03-26 16:18 433372 c:\windows\system32\perfh009.dat
+ 2003-03-31 12:00 . 2012-04-23 07:06 433372 c:\windows\system32\perfh009.dat
+ 2003-03-31 12:00 . 2012-03-01 11:01 206848 c:\windows\system32\occache.dll
- 2003-03-31 12:00 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
+ 2003-03-31 12:00 . 2012-03-01 11:01 611840 c:\windows\system32\mstime.dll
- 2003-03-31 12:00 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
- 2007-08-13 22:54 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
+ 2007-08-13 22:54 . 2012-03-01 11:01 602112 c:\windows\system32\msfeeds.dll
+ 2003-03-31 12:00 . 2012-03-01 11:01 184320 c:\windows\system32\iepeers.dll
- 2003-03-31 12:00 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
- 2003-03-31 12:00 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
+ 2003-03-31 12:00 . 2012-03-01 11:01 387584 c:\windows\system32\iedkcs32.dll
- 2003-03-31 12:00 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
+ 2003-03-31 12:00 . 2012-02-29 12:17 174080 c:\windows\system32\ie4uinit.exe
+ 2008-10-21 13:38 . 2012-04-23 07:25 114968 c:\windows\system32\FNTCACHE.DAT
- 2008-10-21 13:38 . 2011-12-15 08:22 114968 c:\windows\system32\FNTCACHE.DAT
+ 2008-10-21 17:54 . 2012-01-09 16:20 139784 c:\windows\system32\drivers\rdpwd.sys
- 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2009-12-24 06:59 . 2012-02-29 14:10 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-08-20 05:30 . 2012-03-01 11:01 916992 c:\windows\system32\dllcache\wininet.dll
- 2008-08-20 05:30 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
- 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
- 2007-08-13 22:44 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-13 22:44 . 2012-03-01 11:01 105984 c:\windows\system32\dllcache\url.dll
+ 2009-06-25 08:25 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2011-08-10 14:43 . 2012-01-09 16:20 139784 c:\windows\system32\dllcache\rdpwd.sys
- 2007-08-13 22:44 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 22:44 . 2012-03-01 11:01 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 22:54 . 2012-03-01 11:01 611840 c:\windows\system32\dllcache\mstime.dll
- 2007-08-13 22:54 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-10-22 15:20 . 2012-03-01 11:01 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2008-10-22 15:20 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2012-02-29 14:10 . 2012-02-29 14:10 148480 c:\windows\system32\dllcache\imagehlp.dll
+ 2011-02-26 23:36 . 2012-03-01 11:01 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2011-02-26 23:36 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2007-08-13 22:54 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 22:54 . 2012-03-01 11:01 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2011-02-26 23:36 . 2012-03-01 11:01 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2011-02-26 23:36 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2007-08-13 22:39 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 22:39 . 2012-03-01 11:01 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-13 22:39 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-13 22:39 . 2012-02-29 12:17 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2012-04-23 07:07 . 2011-11-04 19:20 916992 c:\windows\ie8updates\KB2675157-IE8\wininet.dll
+ 2012-04-23 07:07 . 2011-11-04 19:20 105984 c:\windows\ie8updates\KB2675157-IE8\url.dll
+ 2012-04-23 07:07 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2675157-IE8\spuninst\updspapi.dll
+ 2012-04-23 07:07 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2675157-IE8\spuninst\spuninst.exe
+ 2012-04-23 07:07 . 2011-11-04 19:20 206848 c:\windows\ie8updates\KB2675157-IE8\occache.dll
+ 2012-04-23 07:07 . 2011-11-04 19:20 611840 c:\windows\ie8updates\KB2675157-IE8\mstime.dll
+ 2012-04-23 07:07 . 2011-11-04 19:20 602112 c:\windows\ie8updates\KB2675157-IE8\msfeeds.dll
+ 2012-04-23 07:07 . 2011-11-04 19:20 247808 c:\windows\ie8updates\KB2675157-IE8\ieproxy.dll
+ 2012-04-23 07:07 . 2011-11-04 19:20 184320 c:\windows\ie8updates\KB2675157-IE8\iepeers.dll
+ 2012-04-23 07:07 . 2011-11-04 19:20 743424 c:\windows\ie8updates\KB2675157-IE8\iedvtool.dll
+ 2012-04-23 07:07 . 2011-11-04 19:20 387584 c:\windows\ie8updates\KB2675157-IE8\iedkcs32.dll
+ 2012-04-23 07:07 . 2011-11-04 11:24 174080 c:\windows\ie8updates\KB2675157-IE8\ie4uinit.exe
+ 2012-04-23 07:12 . 2012-04-23 07:12 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\edc5691acfb65ac37f49de2ec497083a\WsatConfig.ni.exe
+ 2012-04-23 07:11 . 2012-04-23 07:11 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4ad8369d6a60765d7e9b43cdf9023f41\WindowsFormsIntegration.ni.dll
+ 2012-04-23 07:11 . 2012-04-23 07:11 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\68f4157e570c77df653057c0583395bd\UIAutomationClient.ni.dll
+ 2012-04-23 07:15 . 2012-04-23 07:15 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
+ 2012-04-23 07:15 . 2012-04-23 07:15 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc63b434b2f253cd27625487f7b02ac0\System.Web.Routing.ni.dll
+ 2012-04-23 07:10 . 2012-04-23 07:10 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
+ 2012-04-23 07:15 . 2012-04-23 07:15 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\86650d4fb220f94f25bb5da42a03d454\System.Web.Extensions.Design.ni.dll
+ 2012-04-23 07:15 . 2012-04-23 07:15 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\654465871e547e131668874de7c60b8c\System.Web.Entity.ni.dll
+ 2012-04-23 07:15 . 2012-04-23 07:15 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f0d6895f6e709d425cb5da6053c603d2\System.Web.Entity.Design.ni.dll
+ 2012-04-23 07:15 . 2012-04-23 07:15 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3f3b7dc7208e302e39a2dfb5b2cb953b\System.Web.DynamicData.ni.dll
+ 2012-04-23 07:14 . 2012-04-23 07:14 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll
+ 2012-04-23 07:10 . 2012-04-23 07:10 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
+ 2012-04-23 07:10 . 2012-04-23 07:10 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
+ 2012-04-23 07:08 . 2012-04-23 07:08 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
+ 2012-04-23 07:09 . 2012-04-23 07:09 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1335dd98ce5ce22ad1f51cc274ca5a1d\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-04-23 07:10 . 2012-04-23 07:10 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
+ 2012-04-23 07:14 . 2012-04-23 07:14 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a4b2b1ee81acd843970d9a81b281f1c1\System.Net.ni.dll
+ 2012-04-23 07:15 . 2012-04-23 07:15 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\ab7515dcbeff3f7d9533902e98278283\System.Messaging.ni.dll
+ 2012-04-23 07:14 . 2012-04-23 07:14 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
+ 2012-04-23 07:14 . 2012-04-23 07:14 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e3436edde657a5111d39d5b2eecf9715\System.Management.Instrumentation.ni.dll
+ 2012-04-23 07:12 . 2012-04-23 07:12 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\974ded7dd3bca225a1b90de778846c78\System.IO.Log.ni.dll
+ 2012-04-23 07:12 . 2012-04-23 07:12 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\01eba24390736a59c39becd825b5756e\System.IdentityModel.Selectors.ni.dll
+ 2012-04-23 07:10 . 2012-04-23 07:10 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
+ 2012-04-23 07:10 . 2012-04-23 07:10 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
+ 2012-04-23 07:10 . 2012-04-23 07:10 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e9ae7ae6d1e9edc7aaf819889cd1c692\System.Drawing.Design.ni.dll
+ 2012-04-23 07:10 . 2012-04-23 07:10 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\78a370dc153011708dd9e4cb0e606bfc\System.DirectoryServices.Protocols.ni.dll
+ 2012-04-23 07:14 . 2012-04-23 07:14 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6e644fc7464d9fe23fc9cd6001296f2f\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-04-23 07:14 . 2012-04-23 07:14 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bac39be66bb9f987c1948b766833f8e6\System.Data.Services.Client.ni.dll
+ 2012-04-23 07:14 . 2012-04-23 07:14 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\2b5ecd231320e57010043c408783d80b\System.Data.Services.Design.ni.dll
+ 2012-04-23 07:13 . 2012-04-23 07:13 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\4ac9ac2326720485aefd4d79d2024945\System.Data.Entity.Design.ni.dll
+ 2012-04-23 07:13 . 2012-04-23 07:13 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\d504d550fd0a6994fcb1466ea7be92af\System.Data.DataSetExtensions.ni.dll
+ 2012-04-23 07:07 . 2012-04-23 07:07 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
+ 2012-04-23 07:10 . 2012-04-23 07:10 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\28637135c6939e74450bbbf110b12643\System.Configuration.Install.ni.dll
+ 2012-04-23 07:13 . 2012-04-23 07:13 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\958b5c0114d664ab5ba72575c301e2ea\System.AddIn.ni.dll
+ 2012-04-23 07:12 . 2012-04-23 07:12 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4dcff3b0e79fc27e31549bb2af00efb5\SMSvcHost.ni.exe
+ 2012-04-23 07:12 . 2012-04-23 07:12 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
+ 2012-04-23 07:12 . 2012-04-23 07:12 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\edec83be646eb52204c991371751a428\ServiceModelReg.ni.exe
+ 2012-04-23 07:10 . 2012-04-23 07:10 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\52015457bc28e7a9a563d9eab8ab0015\PresentationFramework.Royale.ni.dll
+ 2012-04-23 07:10 . 2012-04-23 07:10 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\46a680814559114706a33282e9df4b7a\PresentationFramework.Classic.ni.dll
+ 2012-04-23 07:10 . 2012-04-23 07:10 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2713754549b1114c9152d33efe5f72c7\PresentationFramework.Aero.ni.dll
+ 2012-04-23 07:10 . 2012-04-23 07:10 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
+ 2012-04-23 07:12 . 2012-04-23 07:12 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7c51497b188c82e2ccbe6315549ce023\MSBuild.ni.exe
+ 2012-04-23 07:12 . 2012-04-23 07:12 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f0f6dd614d294295c5d8386cc4192034\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-04-23 07:13 . 2012-04-23 07:13 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fb938a1d399e2cfca2304bdca4fe76dc\Microsoft.PowerShell.Security.ni.dll
+ 2012-04-23 07:12 . 2012-04-23 07:12 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a03adbb7c3084d986da6e22dcce9805f\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-04-23 07:12 . 2012-04-23 07:12 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8a25afef0d57ac430ba392595eba639f\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-04-23 07:12 . 2012-04-23 07:12 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\875af0c2a5e8a4bed88232b6f445cfaa\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-04-23 07:08 . 2012-04-23 07:08 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fd1338828beec8737fed8f50f4fcc567\Microsoft.Build.Utilities.ni.dll
+ 2012-04-23 07:12 . 2012-04-23 07:12 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\0d5f999c4b7e51151548c37c676c1b8e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-04-23 07:12 . 2012-04-23 07:12 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\792168ce8fe03a3db43e12cf736cf91e\Microsoft.Build.Engine.ni.dll
+ 2012-04-23 07:12 . 2012-04-23 07:12 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0a5277c34ddc1f55df1defb4231e814f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-04-23 07:12 . 2012-04-23 07:12 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a8df37aadb089f1f34d3d2f103966fbc\ComSvcConfig.ni.exe
+ 2012-04-23 07:12 . 2012-04-23 07:12 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\25ce400b547f517258c8afb0480390ea\AspNetMMCExt.ni.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-11 01:11 . 2012-01-11 01:11 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-01-11 01:11 . 2012-01-11 01:11 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-11 01:11 . 2012-01-11 01:11 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-01-11 01:11 . 2012-01-11 01:11 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2003-03-31 12:00 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
+ 2003-03-31 12:00 . 2012-03-01 11:01 1212416 c:\windows\system32\urlmon.dll
+ 2003-03-31 12:00 . 2012-03-01 11:01 5978624 c:\windows\system32\mshtml.dll
- 2007-08-13 22:34 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
+ 2007-08-13 22:34 . 2012-03-01 11:01 2000384 c:\windows\system32\iertutil.dll
+ 2008-10-21 20:13 . 2012-02-03 09:22 1860096 c:\windows\system32\dllcache\win32k.sys
- 2008-08-20 05:30 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-08-20 05:30 . 2012-03-01 11:01 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-08-20 05:30 . 2012-03-01 11:01 5978624 c:\windows\system32\dllcache\mshtml.dll
+ 2008-10-22 15:20 . 2012-03-01 11:01 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2008-10-22 15:20 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-10-26 07:39 . 2011-10-26 07:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-10-31 02:54 . 2011-10-31 02:54 2748416 c:\windows\Installer\261834c.msp
+ 2012-04-23 07:07 . 2011-11-04 19:20 1212416 c:\windows\ie8updates\KB2675157-IE8\urlmon.dll
+ 2012-04-23 07:07 . 2011-11-04 19:20 5978112 c:\windows\ie8updates\KB2675157-IE8\mshtml.dll
+ 2012-04-23 07:07 . 2011-11-04 19:20 2000384 c:\windows\ie8updates\KB2675157-IE8\iertutil.dll
+ 2012-04-23 07:08 . 2012-04-23 07:08 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
+ 2012-04-23 07:11 . 2012-04-23 07:11 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\94f5164ff4f664c5e4e7fb4c3af1abad\UIAutomationClientsideProviders.ni.dll
+ 2012-04-23 07:07 . 2012-04-23 07:07 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
+ 2012-04-23 07:07 . 2012-04-23 07:07 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
+ 2012-04-23 07:15 . 2012-04-23 07:15 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c4c671c737b553db8e07664816475333\System.WorkflowServices.ni.dll
+ 2012-04-23 07:15 . 2012-04-23 07:15 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\248ea47105ff4af6ee75e6fdd5b450a1\System.Workflow.Runtime.ni.dll
+ 2012-04-23 07:15 . 2012-04-23 07:15 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\80a288b6611668160334668cc2608e4a\System.Workflow.ComponentModel.ni.dll
+ 2012-04-23 07:15 . 2012-04-23 07:15 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4c27548df5897320840ee0d65db38742\System.Workflow.Activities.ni.dll
+ 2012-04-23 07:10 . 2012-04-23 07:10 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
+ 2012-04-23 07:15 . 2012-04-23 07:15 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\030cde14924eefebc06c240dbfe093a4\System.Web.Mobile.ni.dll
+ 2012-04-23 07:15 . 2012-04-23 07:15 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6379c8ca8ae11effb415139990923ff1\System.Web.Extensions.ni.dll
+ 2012-04-23 07:11 . 2012-04-23 07:11 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e456140d5d6c43d7383bd36d3f9e12c6\System.Speech.ni.dll
+ 2012-04-23 07:14 . 2012-04-23 07:14 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\285dfbf2380436e187cb624bd1cd4683\System.ServiceModel.Web.ni.dll
+ 2012-04-23 07:12 . 2012-04-23 07:12 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
+ 2012-04-23 07:09 . 2012-04-23 07:09 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d51e6bb07124a1d780d1e024858e0dc1\System.Printing.ni.dll
+ 2012-04-23 07:14 . 2012-04-23 07:14 4950016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\10fdfb918f01ebc41f38a391334146a9\System.Management.Automation.ni.dll
+ 2012-04-23 07:12 . 2012-04-23 07:12 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\8ef05061cd205c4f2a8583d97f32a603\System.IdentityModel.ni.dll
+ 2012-04-23 07:09 . 2012-04-23 07:09 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
+ 2012-04-23 07:09 . 2012-04-23 07:09 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77d0e93f024055d04c07cc2700b4c590\System.DirectoryServices.ni.dll
+ 2012-04-23 07:09 . 2012-04-23 07:09 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\707a05a7d5a8d99dd56d1d50311a60d2\System.Deployment.ni.dll
+ 2012-04-23 07:09 . 2012-04-23 07:09 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
+ 2012-04-23 07:08 . 2012-04-23 07:08 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\857300fa64d09c69125451fd8894f3da\System.Data.SqlXml.ni.dll
+ 2012-04-23 07:14 . 2012-04-23 07:14 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e9d4a1fb13572c769ddd9b86e55baab4\System.Data.Services.ni.dll
+ 2012-04-23 07:10 . 2012-04-23 07:10 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\3f2e74586111fb32d5edc059f709fa94\System.Data.OracleClient.ni.dll
+ 2012-04-23 07:10 . 2012-04-23 07:10 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3d9c33f71d15a3e2e240092a244eba3\System.Data.Linq.ni.dll
+ 2012-04-23 07:13 . 2012-04-23 07:13 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\424160369b301ccd1b6fd86265611955\System.Data.Entity.ni.dll
+ 2012-04-23 07:10 . 2012-04-23 07:10 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
+ 2012-04-23 07:09 . 2012-04-23 07:09 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\33cdfb4c322a528260016ac759230501\ReachFramework.ni.dll
+ 2012-04-23 07:09 . 2012-04-23 07:09 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a6def83aee1aaf3336675ce58ac09013\PresentationUI.ni.dll
+ 2012-04-23 07:07 . 2012-04-23 07:07 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\59cd6ce5a254006179eee92952cd2272\PresentationBuildTasks.ni.dll
+ 2012-04-23 07:13 . 2012-04-23 07:13 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
+ 2012-04-23 07:12 . 2012-04-23 07:12 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f7071f9a1c0523540f6aa7f11c302fb6\Microsoft.Transactions.Bridge.ni.dll
+ 2012-04-23 07:14 . 2012-04-23 07:14 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\806b1d127ed3e906db972751e87585c4\Microsoft.JScript.ni.dll
+ 2012-04-23 07:12 . 2012-04-23 07:12 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\912789fd859e0887e10a935cade08e72\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-04-23 07:12 . 2012-04-23 07:12 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6c1d3eec78906cc2a2ecffb013114c50\Microsoft.Build.Tasks.ni.dll
+ 2012-04-23 07:12 . 2012-04-23 07:12 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d6edd4b4619a9052d3dfe50c3067d5e0\Microsoft.Build.Engine.ni.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-01-11 01:11 . 2012-01-11 01:11 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-01-11 01:11 . 2012-01-11 01:11 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-01-11 01:11 . 2012-01-11 01:11 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-11 01:12 . 2012-01-11 01:12 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-04-23 07:05 . 2012-04-23 07:05 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-10-21 21:10 . 2012-03-29 07:02 55154568 c:\windows\system32\MRT.exe
+ 2007-08-13 22:54 . 2012-03-02 10:01 11082752 c:\windows\system32\ieframe.dll
+ 2008-10-22 15:20 . 2012-03-02 10:01 11082752 c:\windows\system32\dllcache\ieframe.dll
+ 2012-04-23 07:07 . 2011-11-04 19:20 11081728 c:\windows\ie8updates\KB2675157-IE8\ieframe.dll
+ 2012-04-23 07:09 . 2012-04-23 07:09 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
+ 2012-04-23 07:10 . 2012-04-23 07:10 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
+ 2012-04-23 07:14 . 2012-04-23 07:14 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll
+ 2012-04-23 07:10 . 2012-04-23 07:10 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c8f8fb506c32500acc1b6190d054f26\System.Design.ni.dll
+ 2012-04-23 07:09 . 2012-04-23 07:09 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll
+ 2012-04-23 07:08 . 2012-04-23 07:08 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-26 16:23 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-26 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-10-21 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-10-21 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-02-26 149280]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
R2 pcouffin;VX1000;c:\windows\system32\svchost.exe [2008-04-14 14336]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-26 918880]
.
.
NETSVCS REQUIRES REPAIRS - current entries shown
??????????v???r????????r??????????????????????????y???v?s??p??n???????????????????????n?a???c????????????t???o?????????s????????n????????s????e???v??????s???e?????????p???t???????????t?????S????????????n???c
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-23 12:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-04-23 12:21:52
ComboFix-quarantined-files.txt 2012-04-23 16:21
ComboFix2.txt 2012-04-22 20:03
.
Pre-Run: 49,156,575,232 bytes free
Post-Run: 49,179,815,936 bytes free
.
- - End Of File - - 3AE138E2B887BC6A9BE7B8942A5761CD

jeffce
2012-04-24, 03:56
Hi,

Please download and run ERUNT (http://www.snapfiles.com/get/erunt.html) (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

I would like you to take the following steps:
Click Start then Run type Notepad and click Ok
Copy and Paste the entire contents of the Code box below into Notepad



REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=hex(7):36,74,6f,34,00,41,70,70,4d,67,6d,74,00,41,75,64,69,6f,53,72,\
76,00,42,72,6f,77,73,65,72,00,43,72,79,70,74,53,76,63,00,44,4d,53,65,72,76,\
65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,76,65,6e,74,53,79,73,74,65,6d,\
00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,\
62,69,6c,69,74,79,00,48,69,64,53,65,72,76,00,49,61,73,00,49,70,72,69,70,00,\
49,72,6d,6f,6e,00,4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,4c,61,6e,6d,61,6e,\
57,6f,72,6b,73,74,61,74,69,6f,6e,00,4d,65,73,73,65,6e,67,65,72,00,4e,65,74,\
6d,61,6e,00,4e,6c,61,00,4e,74,6d,73,73,76,63,00,4e,57,43,57,6f,72,6b,73,74,\
61,74,69,6f,6e,00,4e,77,73,61,70,61,67,65,6e,74,00,52,61,73,61,75,74,6f,00,\
52,61,73,6d,61,6e,00,52,65,6d,6f,74,65,61,63,63,65,73,73,00,53,63,68,65,64,\
75,6c,65,00,53,65,63,6c,6f,67,6f,6e,00,53,45,4e,53,00,53,68,61,72,65,64,61,\
63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,54,\
68,65,6d,65,73,00,54,72,6b,57,6b,73,00,57,33,32,54,69,6d,65,00,57,5a,43,53,\
56,43,00,57,6d,69,00,57,6d,64,6d,50,6d,53,70,00,77,69,6e,6d,67,6d,74,00,77,\
73,63,73,76,63,00,78,6d,6c,70,72,6f,76,00,6e,61,70,61,67,65,6e,74,00,68,6b,\
6d,73,76,63,00,42,49,54,53,00,77,75,61,75,73,65,72,76,00,53,68,65,6c,6c,48,\
57,44,65,74,65,63,74,69,6f,6e,00,68,65,6c,70,73,76,63,00,00


Save as regfix.reg to your Desktop
Make sure to save file type as All Files
Now right-click regfix.reg and select Merge
----------

Run a new scan with ComboFix and post the new log when complete.

krichbaum
2012-04-24, 05:16
Ok, I backed up the reg, merged the changes, and ran combofix. Hereis the latest log from that:


ComboFix 12-04-22.01 - MyPC 04/23/2012 21:56:18.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.637 [GMT -4:00]
Running from: c:\documents and settings\MyPC\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-23 00:46 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-04-23 00:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-04-22 18:46 . 2012-04-22 18:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-21 00:14 . 2012-04-21 00:14 -------- d-----w- c:\program files\ERUNT
2012-04-20 18:44 . 2012-04-20 18:44 -------- d-----w- c:\program files\VS Revo Group
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 11:01 . 2003-03-31 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2003-03-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2003-03-31 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2003-03-31 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2003-03-31 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-23_16.20.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-24 01:55 . 2012-04-24 01:55 16384 c:\windows\Temp\Perflib_Perfdata_73c.dat
- 2012-04-23 16:11 . 2012-04-23 16:11 16384 c:\windows\Temp\Perflib_Perfdata_73c.dat
+ 2012-04-24 01:48 . 2012-04-24 01:48 204800 c:\windows\ERDNT\4-23-2012\Users\00000002\UsrClass.dat
+ 2012-04-24 01:48 . 2005-10-20 16:02 163328 c:\windows\ERDNT\4-23-2012\ERDNT.EXE
+ 2012-04-24 01:48 . 2012-04-24 01:48 3076096 c:\windows\ERDNT\4-23-2012\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-26 16:23 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-26 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-10-21 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-10-21 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-02-26 149280]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 5:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 4:49 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/26/2012 12:23 PM 918880]
S2 pcouffin;VX1000;c:\windows\system32\svchost.exe -k netsvcs [3/31/2003 8:00 AM 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/12/2011 5:08 PM 1025352]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 10:42 PM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 10:42 PM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 10:42 PM 16720]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-23 22:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-04-23 22:05:33
ComboFix-quarantined-files.txt 2012-04-24 02:05
ComboFix2.txt 2012-04-23 16:21
ComboFix3.txt 2012-04-22 20:03
.
Pre-Run: 49,137,582,080 bytes free
Post-Run: 49,131,225,088 bytes free
.
- - End Of File - - 083B56B9F8688EB20CE1EFB4BE8976E9

jeffce
2012-04-24, 14:39
Hi,

That looks better. :)

Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.

http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM.jpg

When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.



The log can also be found here:
C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.htmll).

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.



Please go here (http://www.eset.com/us/online-scanner/) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif
[quote]Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:


Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.


Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
----------

In your next reply please post the logs made by Malwarebytes and ESET. :)

krichbaum
2012-04-24, 20:46
Jeff, sorry it took so long to respond, but following are the mbam log then following that are the results of the eset scan. As for the delayed response, somewhere along the way the keyboard has lost it's functionality. Device Manager thinks its working properly. Since the infected pc is a laptop, I hooke up a usb keyboard to complete this step. Any insight into this?

===========================================================

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.24.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
MyPC :: MYPC-OS1TSAXTFY [administrator]

4/24/2012 11:02:37 AM
mbam-log-2012-04-24 (11-02-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 176361
Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKLM\System\CurrentControlSet\Services\ntsvcmgr (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

=========================================================

C:\Documents and Settings\MyPC\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com\chrome\pptextlinks.jar Win32/Adware.Gamevance.Gen application
C:\System Volume Information\_restore{BE5AD16C-4787-4EC0-973E-EF78890A64B2}\RP328\A0050085.dll a variant of Win32/Adware.Gamevance.BC application
C:\System Volume Information\_restore{BE5AD16C-4787-4EC0-973E-EF78890A64B2}\RP328\A0050086.exe a variant of Win32/Adware.Gamevance.AV application
C:\TDSSKiller_Quarantine\22.04.2012_14.43.29\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\22.04.2012_14.43.29\rtkt0000\zafs0000\tsk0003.dta Win32/Sirefef.DN trojan
C:\TDSSKiller_Quarantine\22.04.2012_14.43.29\rtkt0000\zafs0000\tsk0010.dta Win32/Sirefef.ES trojan
C:\TDSSKiller_Quarantine\22.04.2012_14.43.29\rtkt0000\zafs0000\tsk0012.dta a variant of Win32/Sirefef.EU trojan
C:\WINDOWS\system32\drivers\i8042prt.sys Win32/Sirefef.DA trojan

jeffce
2012-04-24, 20:56
Hi,

So Device Manager is telling you that your keyboard should be working huh? How long has it been non-functional?
----------



Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


ClearJavaCache::

File::
C:\Documents and Settings\MyPC\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com\chrome\pptextlinks.jar
C:\WINDOWS\system32\drivers\i8042prt.sys


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

krichbaum
2012-04-24, 21:35
I really don't know how long it hasn't worked-sometime during this thread. I only noticed it on the previous step as that was the first time I had to input anything from the keyboard, up until then it was all point and click. Here's the newest combofix log:


ComboFix 12-04-22.01 - MyPC 04/24/2012 14:15:10.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.635 [GMT -4:00]
Running from: c:\documents and settings\MyPC\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MyPC\Desktop\CFScript2.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\documents and settings\MyPC\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com\chrome\pptextlinks.jar"
"c:\windows\system32\drivers\i8042prt.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\MyPC\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com\chrome\pptextlinks.jar
.
.
((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 16:42 . 2012-04-24 16:42 -------- d-----w- c:\program files\ESET
2012-04-24 16:39 . 2012-04-24 16:39 -------- d-----w- c:\documents and settings\MyPC\Local Settings\Application Data\Mozilla
2012-04-24 16:39 . 2012-04-24 16:39 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-24 16:29 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-04-24 16:29 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-04-24 15:01 . 2012-04-24 15:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-24 15:01 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-23 00:46 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-04-23 00:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-04-22 18:46 . 2012-04-22 18:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-21 00:14 . 2012-04-21 00:14 -------- d-----w- c:\program files\ERUNT
2012-04-20 18:44 . 2012-04-20 18:44 -------- d-----w- c:\program files\VS Revo Group
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 11:01 . 2003-03-31 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2003-03-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2003-03-31 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2003-03-31 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2003-03-31 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-04-21 01:19 . 2012-04-24 16:39 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-23_16.20.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-24 18:13 . 2012-04-24 18:13 16384 c:\windows\Temp\Perflib_Perfdata_1d0.dat
+ 2003-03-31 12:00 . 2012-04-24 07:03 68162 c:\windows\system32\perfc009.dat
- 2003-03-31 12:00 . 2012-04-23 07:06 68162 c:\windows\system32\perfc009.dat
+ 2012-04-24 07:08 . 2012-04-24 07:08 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\36124bfc4baaa1c2063d699e77324080\System.Web.DynamicData.Design.ni.dll
+ 2012-04-24 07:02 . 2012-04-24 07:02 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-04-24 07:02 . 2012-04-24 07:02 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-04-24 07:02 . 2012-04-24 07:02 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-04-24 07:02 . 2012-04-24 07:02 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-24 07:02 . 2012-04-24 07:02 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-04-23 07:05 . 2012-04-23 07:05 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-04-23 07:05 . 2012-04-23 07:05 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2003-03-31 12:00 . 2012-04-24 07:03 433372 c:\windows\system32\perfh009.dat
- 2003-03-31 12:00 . 2012-04-23 07:06 433372 c:\windows\system32\perfh009.dat
+ 2012-01-31 07:38 . 2012-01-31 07:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-02-03 03:56 . 2012-02-03 03:56 963584 c:\windows\Installer\11867e4.msp
+ 2012-04-24 01:48 . 2012-04-24 01:48 204800 c:\windows\ERDNT\4-23-2012\Users\00000002\UsrClass.dat
+ 2012-04-24 01:48 . 2005-10-20 16:02 163328 c:\windows\ERDNT\4-23-2012\ERDNT.EXE
+ 2012-04-24 07:06 . 2012-04-24 07:06 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\5be064066858620a8aa628fca459a888\WindowsFormsIntegration.ni.dll
+ 2012-04-24 07:08 . 2012-04-24 07:08 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\1107b3a711bab40c83e2561ba2431d62\System.Web.Routing.ni.dll
+ 2012-04-24 07:08 . 2012-04-24 07:08 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d7c8c294920cfe79765215e242308d28\System.Web.Extensions.Design.ni.dll
+ 2012-04-24 07:08 . 2012-04-24 07:08 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\5176923a8264305118a299419e1c7bde\System.Web.Entity.ni.dll
+ 2012-04-24 07:08 . 2012-04-24 07:08 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d746c0f0ed36226efb2e0115de42cdd6\System.Web.Entity.Design.ni.dll
+ 2012-04-24 07:08 . 2012-04-24 07:08 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\df5542604898c9ea3fda32c8619ae0e5\System.Web.DynamicData.ni.dll
+ 2012-04-24 07:08 . 2012-04-24 07:08 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\b9c8715157536097b489132574ad5c17\System.Web.Abstractions.ni.dll
+ 2012-04-24 07:06 . 2012-04-24 07:06 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll
+ 2012-04-24 07:08 . 2012-04-24 07:08 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\55a9cbd5683fa954af88540e23949fff\System.Messaging.ni.dll
+ 2012-04-24 07:05 . 2012-04-24 07:05 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\cc2cd3bc46c9c2b30e47281e404a3230\System.Drawing.Design.ni.dll
+ 2012-04-24 07:08 . 2012-04-24 07:08 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3e041a29f5dfd7b1063478673fff4376\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-04-24 07:07 . 2012-04-24 07:07 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\8d6cd6a93f679608d52b6c874088b963\AspNetMMCExt.ni.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-04-24 07:02 . 2012-04-24 07:02 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-04-24 07:02 . 2012-04-24 07:02 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-04-24 07:02 . 2012-04-24 07:02 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-04-24 07:02 . 2012-04-24 07:02 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-04-24 01:48 . 2012-04-24 01:48 3076096 c:\windows\ERDNT\4-23-2012\Users\00000001\NTUSER.DAT
+ 2012-04-24 07:09 . 2012-04-24 07:09 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\d31d2eb0a862d3c1d3561be5f1570c3e\System.WorkflowServices.ni.dll
+ 2012-04-24 07:08 . 2012-04-24 07:08 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\53c2336db392bfa5484850780048e37a\System.Workflow.ComponentModel.ni.dll
+ 2012-04-24 07:08 . 2012-04-24 07:08 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\f243723cda77dd647b250dd9c42c35e2\System.Workflow.Activities.ni.dll
+ 2012-04-24 07:08 . 2012-04-24 07:08 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d1dacd5cb445b242b70bf7d606464293\System.Web.Mobile.ni.dll
+ 2012-04-24 07:08 . 2012-04-24 07:08 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6acbb8bb1a43fab0fdcf55bedd1fbcc3\System.Web.Extensions.ni.dll
+ 2012-04-24 07:05 . 2012-04-24 07:05 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\44d507a702c1623810e094adf751f687\System.Printing.ni.dll
+ 2012-04-24 07:04 . 2012-04-24 07:04 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
+ 2012-04-24 07:04 . 2012-04-24 07:04 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3d253a2235f7c03630003bc1fbaf34a3\System.Deployment.ni.dll
+ 2012-04-24 07:05 . 2012-04-24 07:05 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\c73e109dbac6b099786cc68fe36e3d0b\ReachFramework.ni.dll
+ 2012-04-24 07:05 . 2012-04-24 07:05 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\20d72aeac1109863b77532d37d3f4fa2\PresentationUI.ni.dll
+ 2012-04-24 07:08 . 2012-04-24 07:08 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c\Microsoft.VisualBasic.ni.dll
+ 2012-04-24 07:07 . 2012-04-24 07:07 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\876b7280cf4e81fd65b120f60d38a7d9\Microsoft.Build.Tasks.ni.dll
+ 2012-04-24 07:07 . 2012-04-24 07:07 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\64ba53308e90fa3837fe47977e2d37b6\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-24 07:02 . 2012-04-24 07:02 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-24 07:02 . 2012-04-24 07:02 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-04-24 07:02 . 2012-04-24 07:02 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-24 07:03 . 2012-04-24 07:03 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-04-23 07:05 . 2012-04-23 07:05 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-04-24 07:04 . 2012-04-24 07:04 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
+ 2012-04-24 07:05 . 2012-04-24 07:05 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
+ 2012-04-24 07:05 . 2012-04-24 07:05 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\561138d8d199861578c197c4d24e3934\System.Design.ni.dll
+ 2012-04-24 07:05 . 2012-04-24 07:05 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\029d1d9e6495065aa4f38bcf2315ee8c\PresentationFramework.ni.dll
+ 2012-04-24 07:04 . 2012-04-24 07:04 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0a059ecfca6e421629a8298b03a7814c\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-26 16:23 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-26 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-10-21 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-10-21 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-02-26 149280]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 5:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 4:49 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/26/2012 12:23 PM 918880]
S2 pcouffin;VX1000;c:\windows\system32\svchost.exe -k netsvcs [3/31/2003 8:00 AM 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/12/2011 5:08 PM 1025352]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 10:42 PM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 10:42 PM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 10:42 PM 16720]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 12:39 PM 129976]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\MyPC\Application Data\Mozilla\Firefox\Profiles\dfr2gtrd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Play Pickle - c:\program files\Play Pickle\ppun.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-24 14:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-04-24 14:23:54
ComboFix-quarantined-files.txt 2012-04-24 18:23
ComboFix2.txt 2012-04-24 02:05
ComboFix3.txt 2012-04-23 16:21
ComboFix4.txt 2012-04-22 20:03
.
Pre-Run: 48,934,141,952 bytes free
Post-Run: 48,962,461,696 bytes free
.
- - End Of File - - DFBEA5D25184B94DF8343BE0916670C1

jeffce
2012-04-24, 21:53
Hi,

Have you tried to uninstall and then reinstall the driver yet?

krichbaum
2012-04-24, 22:11
no I haven't-didn't want to mess with your work, so I thought I'd just use a usb keyboard until after-

jeffce
2012-04-25, 00:58
Go ahead with reinstalling the driver and see if that helps. :)

krichbaum
2012-04-25, 05:23
uninstalled the driver and reinstalled-keyboard works fine now.

jeffce
2012-04-25, 14:50
Hi,

Great! Glad you have your keyboard back. :)
---------

Let's get some updates.
Please download JavaRa (http://raproducts.org/click/click.php?id=1) to your desktop and unzip it to its own
folder
Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then
click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest
Java Runtime Environment (JRE) version for your computer using the Offline version of either x86 (32bit operating system) or x64 (64bit operating system).
----------


You have an older version of Adobe Reader. You can download the current version HERE (http://www.adobe.com/products/acrobat/readstep2.html)

You may want to consider Foxit Reader (http://www.foxitsoftware.com/downloads/index.php) instead. It may be a bit lighter on resources.

Visit their support forum
Foxit Forum (http://www.foxitsoftware.com/bbs/forumdisplay.php?f=3)

In either case you should uninstall Adobe Reader 9.1 first. Be sure to move any PDF documents to another folder first though.
----------

Run a new scan with DDS and post both of the logs that are created to your next reply. :)

krichbaum
2012-04-25, 19:18
Jeff: I updated the Java runtime environments and Adobe reader software. Attached are the dds logs(one as an attachment).


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.3.0
Run by MyPC at 12:12:43 on 2012-04-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.628 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [DependencyCheck] Performed
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224614130310
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{A57A161C-0C09-4D52-9D54-D4A925BA559C} : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{ADE29600-ACA8-4535-9CB6-8840EC57A8EE} : DhcpNameServer = 65.32.1.65
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Notify: igfxcui - igfxsrvc.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mypc\application data\mozilla\firefox\profiles\dfr2gtrd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-26 918880]
S2 avgtdi;SPLITCAM;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 avp;Se58unic;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 caisafe;Snpstd2;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 DirectUpdate;Bthpan;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 GV600_4;TUWinStylerThemeSvc;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 ikfilesec;Cdudf_xp;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 mclserviceatl;Dptrackerd;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 mcshield;Zpsc;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 pavagente;Fax;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 pavsrv;P16X;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 snoopfreesvc;Prtg4service;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 vet-rec;SANDRA;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 1025352]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 129976]
.
=============== Created Last 30 ================
.
2012-04-25 15:49:06 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-25 15:49:06 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-24 16:42:20 -------- d-----w- c:\program files\ESET
2012-04-24 16:29:45 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-04-24 16:29:45 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-04-24 15:01:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-24 15:01:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-23 00:46:56 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-04-23 00:46:56 3072 ------w- c:\windows\system32\iacenc.dll
2012-04-22 19:29:54 -------- d-sha-r- C:\cmdcons
2012-04-22 19:22:08 98816 ----a-w- c:\windows\sed.exe
2012-04-22 19:22:08 518144 ----a-w- c:\windows\SWREG.exe
2012-04-22 19:22:08 256000 ----a-w- c:\windows\PEV.exe
2012-04-22 19:22:08 208896 ----a-w- c:\windows\MBR.exe
2012-04-22 18:46:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-20 18:44:01 -------- d-----w- c:\program files\VS Revo Group
2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-04-25 15:48:47 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 12:13:35.48 ===============

jeffce
2012-04-25, 21:32
Good job!

Providing there are no other malware related problems...

IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :D SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :D

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following text into the Run box as shown and click OK.
Combofix /Uninstall
(Note: There is a space between the ..X and the /U that needs to be there.)

http://i1224.photobucket.com/albums/ee380/jeffce74/CF.jpg
----------

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
Open Internet Explorer
Click on Tools > Internet Options
Press Security tab
Select Internet zone then place check next to Enable Protected Mode if not already done
Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html). **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

6. WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

7.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

krichbaum
2012-04-25, 23:58
Jeff, I can't thank you enough for your help. I've installed firewall software and the WOT plugin. Thanks again, and have a great day!

jeffce
2012-04-26, 00:16
You are more than welcome! I am glad that I could help. :rockon:

jeffce
2012-04-26, 17:42
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you are the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
----------