Thank you so much for your assistance! MBAM updated quickscan: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7323 Windows 6.1.7600 Internet Explorer 9.0.8112.16421 7/29/2011 8:30:21 PM mbam-log-2011-07-29 (20-30-21).txt Scan type: Quick scan Objects scanned: 171139 Time elapsed: 7 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Combofix ComboFix 11-07-29.03 - Heather 07/29/2011 21:33:41.1.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2038.889 [GMT -4:00] Running from: c:\users\Heather\Desktop\ComboFix.exe AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Spybot - Search & Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\34uf34v0.default\extensions\{a92071d9-26dd-4d0a-a6f5-40a81d21c0eb} c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\34uf34v0.default\extensions\{a92071d9-26dd-4d0a-a6f5-40a81d21c0eb}\chrome.manifest c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\34uf34v0.default\extensions\{a92071d9-26dd-4d0a-a6f5-40a81d21c0eb}\chrome\xulcache.jar c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\34uf34v0.default\extensions\{a92071d9-26dd-4d0a-a6f5-40a81d21c0eb}\defaults\preferences\xulcache.js c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\34uf34v0.default\extensions\{a92071d9-26dd-4d0a-a6f5-40a81d21c0eb}\install.rdf c:\users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\jdf5ipm2.default\extensions\{a92071d9-26dd-4d0a-a6f5-40a81d21c0eb} c:\users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\jdf5ipm2.default\extensions\{a92071d9-26dd-4d0a-a6f5-40a81d21c0eb}\chrome.manifest c:\users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\jdf5ipm2.default\extensions\{a92071d9-26dd-4d0a-a6f5-40a81d21c0eb}\chrome\xulcache.jar c:\users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\jdf5ipm2.default\extensions\{a92071d9-26dd-4d0a-a6f5-40a81d21c0eb}\defaults\preferences\xulcache.js c:\users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\jdf5ipm2.default\extensions\{a92071d9-26dd-4d0a-a6f5-40a81d21c0eb}\install.rdf . . ((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-30 ))))))))))))))))))))))))))))))) . . 2011-07-30 00:49 . 2011-07-30 01:31 -------- d-----w- C:\32788R22FWJFW 2011-07-25 01:49 . 2010-09-16 16:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2011-07-25 01:49 . 2008-04-02 20:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2011-07-25 01:49 . 2008-04-02 20:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2011-07-25 01:49 . 2008-04-02 20:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2011-07-25 01:49 . 2004-08-04 12:00 506368 ----a-w- c:\windows\system32\msxml.dll 2011-07-25 01:49 . 2011-07-25 01:49 -------- d-----w- c:\program files\Common Files\PC Tools 2011-07-24 03:46 . 2011-07-24 03:46 -------- d-----w- c:\program files\ESET 2011-07-24 03:21 . 2011-07-24 03:29 -------- d-----w- c:\users\Heather\AppData\Local\NPE 2011-07-24 03:03 . 2011-07-24 03:03 -------- d-----w- c:\users\Heather\AppData\Roaming\QuickScan 2011-07-24 02:34 . 2011-07-24 02:34 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files 2011-07-23 02:49 . 2011-07-23 02:52 -------- d-----w- C:\Symbols 2011-07-23 01:45 . 2011-07-23 01:45 -------- d-----w- c:\windows\CheckSur 2011-07-23 01:31 . 2011-07-23 01:31 -------- d-----w- c:\windows\system32\SPReview 2011-07-23 01:14 . 2011-07-24 02:30 -------- d-----w- c:\users\Heather\AppData\Local\Deployment 2011-07-22 20:45 . 2011-07-22 22:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-07-22 20:45 . 2009-01-25 17:14 15224 ----a-w- c:\windows\system32\sdnclean.exe 2011-07-22 20:45 . 2011-07-22 20:45 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2011-07-22 16:19 . 2011-07-22 16:19 -------- d-----w- c:\windows\Sun 2011-07-22 15:34 . 2011-07-22 15:34 -------- d-----w- c:\program files\Common Files\Java 2011-07-17 19:07 . 2011-07-17 19:07 -------- d-----w- c:\users\Guest\AppData\Roaming\Watchtower 2011-07-14 02:05 . 2011-07-14 02:05 -------- d-----w- c:\windows\system32\EventProviders . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-14 03:22 . 2011-05-20 23:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-06 23:52 . 2011-01-18 01:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 23:52 . 2011-01-18 01:30 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll 2011-05-24 10:35 . 2011-06-29 01:56 294912 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-05-09 15:34 . 2011-05-09 15:34 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-05-09 15:34 . 2011-05-09 15:34 161792 ----a-w- c:\windows\system32\msls31.dll 2011-05-09 15:34 . 2011-05-09 15:34 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-05-09 15:34 . 2011-05-09 15:34 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-05-09 15:34 . 2011-05-09 15:34 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-05-09 15:34 . 2011-05-09 15:34 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-05-09 15:34 . 2011-05-09 15:34 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-05-09 15:34 . 2011-05-09 15:34 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-05-09 15:34 . 2011-05-09 15:34 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-05-09 15:34 . 2011-05-09 15:34 367104 ----a-w- c:\windows\system32\html.iec 2011-05-09 15:34 . 2011-05-09 15:34 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-05-09 15:34 . 2011-05-09 15:34 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-05-09 15:34 . 2011-05-09 15:34 152064 ----a-w- c:\windows\system32\wextract.exe 2011-05-09 15:34 . 2011-05-09 15:34 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-05-09 15:34 . 2011-05-09 15:34 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-05-09 15:34 . 2011-05-09 15:34 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-05-09 15:34 . 2011-05-09 15:34 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-05-09 15:34 . 2011-05-09 15:34 11776 ----a-w- c:\windows\system32\mshta.exe 2011-05-09 15:34 . 2011-05-09 15:34 101888 ----a-w- c:\windows\system32\admparse.dll 2011-05-04 08:52 . 2010-07-14 17:34 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-04 04:53 . 2011-06-29 01:56 1553920 ----a-w- c:\windows\system32\tquery.dll 2011-05-04 04:52 . 2011-06-29 01:56 1401856 ----a-w- c:\windows\system32\mssrch.dll 2011-05-04 04:52 . 2011-06-29 01:56 666624 ----a-w- c:\windows\system32\mssvp.dll 2011-05-04 04:52 . 2011-06-29 01:56 59392 ----a-w- c:\windows\system32\msscntrs.dll 2011-05-04 04:52 . 2011-06-29 01:56 337408 ----a-w- c:\windows\system32\mssph.dll 2011-05-04 04:52 . 2011-06-29 01:56 197120 ----a-w- c:\windows\system32\mssphtb.dll 2011-05-04 04:52 . 2011-06-29 01:56 428032 ----a-w- c:\windows\system32\SearchIndexer.exe 2011-05-04 04:52 . 2011-06-29 01:56 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe 2011-05-04 04:52 . 2011-06-29 01:56 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe 2011-05-04 02:43 . 2011-06-17 02:28 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-05-04 02:43 . 2011-06-17 02:28 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-05-04 02:43 . 2011-06-17 02:28 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-05-03 04:50 . 2011-06-17 02:28 740864 ----a-w- c:\windows\system32\inetcomm.dll 2006-05-03 09:06 163328 --sh--r- c:\windows\System32\flvDX.dll 2007-02-21 10:47 31232 --sh--r- c:\windows\System32\msfDX.dll 2008-03-16 12:30 216064 --sh--r- c:\windows\System32\nbDX.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-07-13 . ADD2ADE1C2B285AB8378D2DAAF991481 . 17920 . . [6.1.7600.16385] . . c:\windows\System32\drivers\asyncmac.sys [-] 2009-07-13 . ADD2ADE1C2B285AB8378D2DAAF991481 . 17920 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_242e2506962cd3e0\asyncmac.sys . [-] 2009-07-13 . 505506526A9D467307B3C393DEDAF858 . 6144 . . [6.1.7600.16385] . . c:\windows\System32\drivers\beep.sys [-] 2009-07-13 . 505506526A9D467307B3C393DEDAF858 . 6144 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys . [-] 2009-07-13 . F9756A98D69098DCA8945D62858A812C . 4608 . . [6.1.7600.16385] . . c:\windows\System32\drivers\null.sys [-] 2009-07-13 . F9756A98D69098DCA8945D62858A812C . 4608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_a93c43a07c50a038\null.sys . [-] 2010-11-20 . 6E11F33D14D020F58D5E02E4D67DFA19 . 102400 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_7af090a4fc408e78\browser.dll [-] 2009-07-14 . 598E1280E7FF3744F4B8329366CC5635 . 102400 . . [6.1.7600.16385] . . c:\windows\System32\browser.dll [-] 2009-07-14 . 598E1280E7FF3744F4B8329366CC5635 . 102400 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.16385_none_78bf7cdcff520ade\browser.dll . [-] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\System32\lsass.exe [-] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe [-] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe [-] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe [-] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe . [-] 2009-07-14 . 7CCCFCA7510684768DA22092D1FA4DB2 . 280576 . . [6.1.7600.16385] . . c:\windows\System32\netman.dll [-] 2009-07-14 . 7CCCFCA7510684768DA22092D1FA4DB2 . 280576 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll . [-] 2009-07-14 . 808D8A8B2A3074002852BC856D419576 . 1297408 . . [2001.12.8530.16385] . . c:\windows\System32\comres.dll [-] 2009-07-14 . 808D8A8B2A3074002852BC856D419576 . 1297408 . . [2001.12.8530.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_2c8730fb47856e94\comres.dll . [-] 2010-11-20 . E585445D5021971FAE10393F0F1C3961 . 585728 . . [7.5.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll [-] 2009-07-14 . 53F476476F55A27F580661BDE09C4EC4 . 589312 . . [7.5.7600.16385] . . c:\windows\System32\qmgr.dll [-] 2009-07-14 . 53F476476F55A27F580661BDE09C4EC4 . 589312 . . [7.5.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll . [-] 2010-11-20 . 7660F01D3B38ACA1747E397D21D790AF . 376832 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll [-] 2009-07-14 . B82CD39E336973359D7C9BF911E8E84F . 376320 . . [6.1.7600.16385] . . c:\windows\System32\rpcss.dll [-] 2009-07-14 . B82CD39E336973359D7C9BF911E8E84F . 376320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll . [-] 2009-07-14 . 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 . 259072 . . [6.1.7600.16385] . . c:\windows\System32\services.exe [-] 2009-07-14 . 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 . 259072 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe . [-] 2010-11-20 . 866A43013535DC8587C258E43579C764 . 317440 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe [-] 2010-08-21 . D1BB750EB51694DE183E08B9C33BE5B2 . 316928 . . [6.1.7600.16385] . . c:\windows\System32\spoolsv.exe [-] 2010-08-21 . D1BB750EB51694DE183E08B9C33BE5B2 . 316928 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe [-] 2010-08-20 . 2FB4CE429488156B19C0D8E5C4552043 . 316928 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe [-] 2009-07-14 . 49B6DD6AB3715B7A67965F17194E98A9 . 316416 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe . [-] 2010-11-20 . 6D13E1406F50C66E2A95D97F22C47560 . 286720 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [-] 2009-10-28 . 37CDB7E72EB66BA85A87CBE37E7F03FD . 285696 . . [6.1.7600.16385] . . c:\windows\System32\winlogon.exe [-] 2009-10-28 . 37CDB7E72EB66BA85A87CBE37E7F03FD . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [-] 2009-10-28 . 3BABE6767C78FBF5FB8435FEED187F30 . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [-] 2009-07-14 . 8EC6A4AB12B8F3759E21F8E3A388F2CF . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe . [-] 2010-11-20 . 75B06ACD9D8DC0FE3603294E1899F496 . 47104 . . [7.5.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_c315782c0def9f8f\wuauclt.exe [-] 2009-07-14 . B0DA80FF42A0819D162A86612896AAF2 . 47104 . . [7.3.7600.16385] . . c:\windows\System32\wuauclt.exe [-] 2009-07-14 . B0DA80FF42A0819D162A86612896AAF2 . 47104 . . [7.3.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_3086c9dad36a69b3\wuauclt.exe . [-] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll [-] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll [-] 2010-11-20 . 352B3DC62A0D259A82A052238425C872 . 1680896 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll [-] 2010-08-21 . BF5D71B4A40687A90C8B47F776758A6F . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.20787_none_39fe18355266e2d8\comctl32.dll [-] 2010-08-21 . BF5D71B4A40687A90C8B47F776758A6F . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.20787_none_ede2ad2969983532\comctl32.dll [-] 2010-08-21 . 70EF5DFEF7069164EACF7140C2CC6344 . 1680896 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.20787_none_2b43b51e45274037\comctl32.dll [-] 2010-08-21 . D3EAD1CF16BA729A7F7C9A5D94AA7C05 . 530432 . . [5.82] . . c:\windows\System32\comctl32.dll [-] 2010-08-21 . D3EAD1CF16BA729A7F7C9A5D94AA7C05 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16661_none_39841986393e7322\comctl32.dll [-] 2010-08-21 . D3EAD1CF16BA729A7F7C9A5D94AA7C05 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll [-] 2010-08-21 . 4B8DD8541C0E26602005DD0137333615 . 1680896 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll [-] 2009-07-14 . B62AA1BB1F63839051441D2C6DD7B775 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16385_none_39727524394b18eb\comctl32.dll [-] 2009-07-14 . B62AA1BB1F63839051441D2C6DD7B775 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_ebf82fc36c758ad5\comctl32.dll [-] 2009-07-14 . 0FA436A553408CBEBA070E3182658DE3 . 1680896 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll . [-] 2010-11-20 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll [-] 2009-07-14 . 9C231178CE4FB385F4B54B0A9080B8A4 . 135680 . . [6.1.7600.16385] . . c:\windows\System32\cryptsvc.dll [-] 2009-07-14 . 9C231178CE4FB385F4B54B0A9080B8A4 . 135680 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll . [-] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] . . c:\windows\System32\es.dll [-] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll . [-] 2010-11-20 . 4A8E2F20809CC161107FAA94F6CF2685 . 118272 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_5e5d8801d8ad160d\imm32.dll [-] 2009-07-14 . 5DF8132ADF721329234403189FC94E16 . 118272 . . [6.1.7600.16385] . . c:\windows\System32\imm32.dll [-] 2009-07-14 . 5DF8132ADF721329234403189FC94E16 . 118272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_5c2c7439dbbe9273\imm32.dll . [-] 2011-06-03 . 11826814AA8C1177CBF6BC40105E9A87 . 868352 . . [6.1.7600.20978] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_942bb277d0b1dfc0\kernel32.dll [-] 2011-05-14 . 5717FC9D2A1DAA0596DC7D940F2D613C . 868352 . . [6.1.7601.21728] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_96481f19cdafbff7\kernel32.dll [-] 2011-05-14 . 4F9C07F0D68E135F1E07C20647FC54F9 . 868352 . . [6.1.7600.16385] . . c:\windows\System32\kernel32.dll [-] 2011-05-14 . 4F9C07F0D68E135F1E07C20647FC54F9 . 868352 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_93e0f4a0b76565a2\kernel32.dll [-] 2011-05-14 . 02D5E2D9D9497F314C97E082A1CB9808 . 868352 . . [6.1.7601.17617] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_95c851f0b48aeae5\kernel32.dll [-] 2010-11-20 . 5553784D774CA845380650E010BBDA2C . 857600 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_95c54f2cb48da1b9\kernel32.dll [-] 2009-12-08 . EB7B2309A2B16EEB73C2C13477FEF8FB . 857088 . . [6.1.7600.20591] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20591_none_940f0901d0c871a5\kernel32.dll [-] 2009-12-08 . 0369BA73CE6D918745579B24339765E8 . 857088 . . [6.1.7600.16481] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16481_none_93903c22b7a2b5ea\kernel32.dll [-] 2009-07-14 . 4605F7EE9805F7E1C98D6C959DD2949C . 857088 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_93943b64b79f1e1f\kernel32.dll . [-] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] . . c:\windows\System32\linkinfo.dll [-] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_383b884006a7a723\linkinfo.dll . [-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\System32\lpk.dll [-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_a9a96e9bbbd9f2bd\lpk.dll [-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_a9fcef03bb9bc457\lpk.dll [-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_a9d3afe7bbba66c9\lpk.dll [-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16600_none_a9faf23bbb9d8bf7\lpk.dll [-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16691_none_a99aa339bbe5a0c7\lpk.dll [-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16734_none_a9de8585bbb2424d\lpk.dll [-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16763_none_a9bd1577bbcb7cc9\lpk.dll [-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_aa2b3c58d4fcfa7d\lpk.dll [-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_aa517c7cd4e1092d\lpk.dll [-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20720_none_aa6eef2ed4cb63a3\lpk.dll [-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20821_none_aa6ff15ed4ca7a21\lpk.dll [-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20875_none_aa3de2ead4ef6b32\lpk.dll [-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20905_none_aa899444d4b6a4c2\lpk.dll [-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_abda8263b8c87657\lpk.dll [-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_abc7e369b8d5fa3e\lpk.dll [-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_aba3727db8f1e8b5\lpk.dll [-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_ac507fead1f480b1\lpk.dll [-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_ac2e0f92d20ea1d6\lpk.dll . [-] 2011-05-09 . 4DEF8126CABAA6CDC12103CD74C6A919 . 12268544 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16421_none_2bc2b55a3c6fcc91\mshtml.dll [-] 2011-04-22 . 3F63F95C998F7E1AF409BC74E83D45E5 . 12269056 . . [9.00.8112.16421] . . c:\windows\System32\mshtml.dll [-] 2011-04-22 . 3F63F95C998F7E1AF409BC74E83D45E5 . 12269056 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16430_none_2bb6e5243c78cf2b\mshtml.dll [-] 2011-04-22 . 858AD7EC121DBC3D39D4ABFE2E7E789C . 12269056 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20530_none_2c4081ef55966ef5\mshtml.dll [-] 2011-03-07 . 3D2F69861D7B24A3C5B0473583FE3D9D . 5981696 . . [8.00.7601.17573] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17573_none_2fc2e3ecf79f1af3\mshtml.dll [-] 2011-03-07 . 5E87C06B924495F6FA381391FDE0C9D4 . 5981696 . . [8.00.7601.21676] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21676_none_304f819610ba06c2\mshtml.dll [-] 2011-02-24 . F861A76F208BD31031A91412AA77BD4F . 5982720 . . [8.00.7600.20908] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20908_none_2eb6d67e13590714\mshtml.dll [-] 2011-02-24 . C75417DD80FE9D56A906DD9DA791ED6F . 5981696 . . [8.00.7600.16766] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16766_none_2dea57b0fa6ddf1b\mshtml.dll [-] 2011-01-07 . 1C6045D48179D15A843486D12BEC0EAF . 5980672 . . [8.00.7601.17537] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_2ff224c4f77b108b\mshtml.dll [-] 2011-01-07 . 1011333570E1CECAE8FAC34C8D9461BC . 5980672 . . [8.00.7601.21636] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_307ac146109996fe\mshtml.dll [-] 2010-12-18 . 6E9E2D2DC298FE9A3A3C164FB8A2C9EA . 5980672 . . [8.00.7600.16722] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16722_none_2e119638fa5109fb\mshtml.dll [-] 2010-12-18 . A8B89A12E7A379AC443FB002F4AAB51F . 5980672 . . [8.00.7600.20861] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20861_none_2e6ef30a13900032\mshtml.dll [-] 2010-11-20 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_3004c3bef76d8ca4\mshtml.dll [-] 2010-11-04 . 61854D1111E33A09603452B32A84B5F0 . 5979136 . . [8.00.7600.20831] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20831_none_2e8f62ce1377ac5f\mshtml.dll [-] 2010-11-04 . 9145EF1A437A3FCA06069FC649E16E32 . 5978112 . . [8.00.7600.16700] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16700_none_2e25357cfa429f6b\mshtml.dll [-] 2010-09-08 . 4F3DEEE94B0F650862F7AB7ABBE40CA1 . 5977088 . . [8.00.7600.20795] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20795_none_2e52828813a4bc3a\mshtml.dll [-] 2010-09-08 . BAF92C3C3D5A0958817B661439A81FD9 . 5977600 . . [8.00.7600.16671] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16671_none_2dda846cfa7a7f32\mshtml.dll [-] 2010-06-30 . BDFD710842C8A25DD27254D91DE60AC6 . 5971456 . . [8.00.7600.16625] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16625_none_2e149530fa4e58d9\mshtml.dll [-] 2010-06-30 . 25C1646ADC24C371B594544C3D530967 . 5972992 . . [8.00.7600.20745] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20745_none_2e889224137c3085\mshtml.dll [-] 2010-05-06 . 1186C9E0759E0AC7CC6C9A0F66D003ED . 5972992 . . [8.00.7600.20708] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20708_none_2eb6d2b213590cc6\mshtml.dll [-] 2010-05-06 . C5A57D9A8C055643BBB2E65D5E181D52 . 5970944 . . [8.00.7600.16588] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16588_none_2dd6b4a0fa7c4f5d\mshtml.dll [-] 2009-07-14 . 43592D31AFF84DD957199248898D9430 . 5957632 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_2dd3aff6fa7f090a\mshtml.dll . [-] 2009-07-14 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385] . . c:\windows\System32\msvcrt.dll [-] 2009-07-14 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll . [-] 2010-11-20 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll [-] 2009-07-14 . 11A41F17527ED75D6B758FDD7F4FD00D . 232448 . . [6.1.7600.16385] . . c:\windows\System32\mswsock.dll [-] 2009-07-14 . 11A41F17527ED75D6B758FDD7F4FD00D . 232448 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll . [-] 2010-11-20 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [-] 2009-07-14 . EAA75D9000B71F10EEC04D2AE6C60E81 . 563712 . . [6.1.7600.16385] . . c:\windows\System32\netlogon.dll [-] 2009-07-14 . EAA75D9000B71F10EEC04D2AE6C60E81 . 563712 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll . [-] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] . . c:\windows\System32\powrprof.dll [-] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_a2eff4845e2bf4e2\powrprof.dll . [-] 2010-11-20 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll [-] 2009-07-14 . 26073302DAEA83CC5B944C546D6B47D2 . 175616 . . [6.1.7600.16385] . . c:\windows\System32\scecli.dll [-] 2009-07-14 . 26073302DAEA83CC5B944C546D6B47D2 . 175616 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll . [-] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] . . c:\windows\System32\sfc.dll [-] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll . [-] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] . . c:\windows\System32\svchost.exe [-] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe . [-] 2010-11-20 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_e54442c74334b18a\tapisrv.dll [-] 2009-07-14 . 2F46B0C70A4ADC8C90CF825DA3B4FEAF . 241664 . . [6.1.7600.16385] . . c:\windows\System32\tapisrv.dll [-] 2009-07-14 . 2F46B0C70A4ADC8C90CF825DA3B4FEAF . 241664 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7600.16385_none_e3132eff46462df0\tapisrv.dll . [-] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll [-] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [-] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . [-] 2010-11-20 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [-] 2009-07-14 . 6DE80F60D7DE9CE6B8C2DDFDF79EF175 . 26112 . . [6.1.7600.16385] . . c:\windows\System32\userinit.exe [-] 2009-07-14 . 6DE80F60D7DE9CE6B8C2DDFDF79EF175 . 26112 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe . [-] 2011-05-09 . A1236375B74EA63C75657D564890C436 . 1126912 . . [9.00.8112.16421] . . c:\windows\System32\wininet.dll [-] 2011-05-09 . A1236375B74EA63C75657D564890C436 . 1126912 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16421_none_1a68963bbc19635b\wininet.dll [-] 2011-03-07 . A5B19B240901CAB0C8E7767D2873613E . 981504 . . [8.00.7601.17573] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_1e68c4ce7748b1bd\wininet.dll [-] 2011-03-07 . EDEB2904636B657782F824D8FF97D0B8 . 981504 . . [8.00.7601.21676] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_1ef5627790639d8c\wininet.dll [-] 2011-02-24 . DA2950BAD7306006EBA77DD93CC42690 . 982016 . . [8.00.7600.20908] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20908_none_1d5cb75f93029dde\wininet.dll [-] 2011-02-24 . 214605C48AE416BC067C39D227CFCC57 . 981504 . . [8.00.7600.16766] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16766_none_1c9038927a1775e5\wininet.dll [-] 2010-12-21 . 78B9ADA2BC8946AF7B17678E0D07A773 . 981504 . . [8.00.7600.16723] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_1cb8776479f9ba1c\wininet.dll [-] 2010-12-21 . 1B3DD46BC6396143A205EAAF05F38039 . 981504 . . [8.00.7600.20862] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_1d15d4359338b053\wininet.dll [-] 2010-12-18 . F019FCA21F609E34B79AE130681D08F7 . 981504 . . [8.00.7600.16722] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16722_none_1cb7771a79faa0c5\wininet.dll [-] 2010-12-18 . 025031C16D3A486F6AFE1C9B2FB1ADE0 . 981504 . . [8.00.7600.20861] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20861_none_1d14d3eb933996fc\wininet.dll [-] 2010-11-20 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll [-] 2010-11-04 . 749A4DDB8915066566E2BB38C2618048 . 981504 . . [8.00.7600.20831] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20831_none_1d3543af93214329\wininet.dll [-] 2010-11-04 . A7360A3B20B38F1D6A09402FB6E9E2C3 . 978944 . . [8.00.7600.16700] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16700_none_1ccb165e79ec3635\wininet.dll [-] 2010-09-08 . 84795F28EB2E942951138827B8704819 . 980480 . . [8.00.7600.20795] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20795_none_1cf86369934e5304\wininet.dll [-] 2010-09-08 . 3D6AA6DD4D0F3BB41B804747EB489831 . 978432 . . [8.00.7600.16671] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16671_none_1c80654e7a2415fc\wininet.dll [-] 2010-06-30 . 250267CE6217C1AB4517F22FB7EA13E8 . 978432 . . [8.00.7600.16625] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_1cba761279f7efa3\wininet.dll [-] 2010-06-30 . 91A9CCAD9829A89C840899932B9EC2DF . 980480 . . [8.00.7600.20745] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_1d2e73059325c74f\wininet.dll [-] 2010-05-21 . ABE73A2F762A74B6AD2C9BE636915595 . 977920 . . [8.00.7600.16596] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16596_none_1c6fc5027a2fcf6a\wininet.dll [-] 2010-05-21 . 5FF3118C688D43ED77DEADC6F4895EF9 . 980480 . . [8.00.7600.20716] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20716_none_1d4fe313930c8cd3\wininet.dll [-] 2009-07-14 . 0D874F3BC751CC2198AF2E6783FB8B35 . 977920 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll . [-] 2010-11-20 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll [-] 2009-07-14 . DAAE8A9B8C0ACC7F858454132553C30D . 206336 . . [6.1.7600.16385] . . c:\windows\System32\ws2_32.dll [-] 2009-07-14 . DAAE8A9B8C0ACC7F858454132553C30D . 206336 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll . [-] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] . . c:\windows\System32\ws2help.dll [-] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\ws2help.dll . [-] 2011-02-26 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [-] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16385] . . c:\windows\explorer.exe [-] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [-] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [-] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [-] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [-] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [-] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [-] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [-] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [-] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe . [-] 2009-07-14 . 8A4883F5E7AC37444F23279239553878 . 398336 . . [6.1.7600.16385] . . c:\windows\regedit.exe [-] 2009-07-14 . 8A4883F5E7AC37444F23279239553878 . 398336 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe . [-] 2010-11-20 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_ae2511475093798f\ole32.dll [-] 2010-06-29 . E2C2D8C982316C8ABF800C6CE3F28FAB . 1413632 . . [6.1.7600.16385] . . c:\windows\System32\ole32.dll [-] 2010-06-29 . E2C2D8C982316C8ABF800C6CE3F28FAB . 1413632 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16624_none_ac33e26f53752c6d\ole32.dll [-] 2010-06-29 . 40E6BF57F6A923038B94C07387118089 . 1414144 . . [6.1.7600.20744] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.20744_none_aca7df626ca30419\ole32.dll [-] 2009-07-14 . 4ACB903AD1693858A918907358CBD9E4 . 1412608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16385_none_abf3fd7f53a4f5f5\ole32.dll . [-] 2010-11-20 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_af01e2f9b6be7939\usp10.dll [-] 2009-07-14 . 0BA19F3198C40AC4E8CC66EE02EDA6C6 . 627200 . . [1.0626.7600.16385] . . c:\windows\System32\usp10.dll [-] 2009-07-14 . 0BA19F3198C40AC4E8CC66EE02EDA6C6 . 627200 . . [1.0626.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7600.16385_none_acd0cf31b9cff59f\usp10.dll . [-] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] . . c:\windows\System32\ksuser.dll [-] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7600.16385_none_e7d7f27ff89fda02\ksuser.dll [-] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_ea090647f58e5d9c\ksuser.dll . [-] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] . . c:\windows\System32\cngaudit.dll [-] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll . [-] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] . . c:\windows\System32\wininit.exe [-] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe . [-] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] . . c:\windows\System32\ctfmon.exe [-] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe . [-] 2010-11-20 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_cf37c7157b2fafed\shsvcs.dll [-] 2009-07-14 . CD2E48FA5B29EE2B3B5858056D246EF2 . 328192 . . [6.1.7600.16385] . . c:\windows\System32\shsvcs.dll [-] 2009-07-14 . CD2E48FA5B29EE2B3B5858056D246EF2 . 328192 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7600.16385_none_cd06b34d7e412c53\shsvcs.dll . [-] 2009-07-14 . CB9A8683F4EF2BF99E123D79950D7935 . 112640 . . [6.1.7600.16385] . . c:\windows\System32\regsvc.dll [-] 2009-07-14 . CB9A8683F4EF2BF99E123D79950D7935 . 112640 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_893c5bdce4cae672\regsvc.dll . [-] 2010-11-20 . A04BB13F8A72F8B6E8B4071723E4E336 . 750592 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_3108887cf54491c3\schedsvc.dll [-] 2010-11-02 . DF1E5C82E4D09CF8105CC644980C4803 . 749056 . . [6.1.7600.16385] . . c:\windows\System32\schedsvc.dll [-] 2010-11-02 . DF1E5C82E4D09CF8105CC644980C4803 . 749056 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16699_none_2ed0aba2f85a86eb\schedsvc.dll [-] 2010-11-02 . 0F7A8520F0895E6F0F1A0A3FD3EA40D4 . 749056 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.20830_none_2f922742114f9827\schedsvc.dll [-] 2009-07-14 . 3E8B0C453E25613A1F59762A5C42AA75 . 743424 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16385_none_2ed774b4f8560e29\schedsvc.dll . [-] 2009-07-14 . D887C9FD02AC9FA880F6E5027A43E118 . 162816 . . [6.1.7600.16385] . . c:\windows\System32\ssdpsrv.dll [-] 2009-07-14 . D887C9FD02AC9FA880F6E5027A43E118 . 162816 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_7f9fc90f328bdf26\ssdpsrv.dll . [-] 2010-11-20 . 382C804C92811BE57829D8E550A900E2 . 521216 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll [-] 2009-07-14 . A01E50A04D7B1960B33E92B9080E6A94 . 543232 . . [6.1.7600.16385] . . c:\windows\System32\termsrv.dll [-] 2009-07-14 . A01E50A04D7B1960B33E92B9080E6A94 . 543232 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll . [-] 2009-07-14 . 6383C60EC0133B14F5705F96369421B2 . 288256 . . [6.1.7600.16385] . . c:\windows\System32\hnetcfg.dll [-] 2009-07-14 . 6383C60EC0133B14F5705F96369421B2 . 288256 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_b00c9bd7f5ed1c02\hnetcfg.dll . [-] 2009-07-14 . A45D184DF6A8803DA13A0B329517A64A . 149504 . . [6.1.7600.16385] . . c:\windows\System32\appmgmts.dll [-] 2009-07-14 . A45D184DF6A8803DA13A0B329517A64A . 149504 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_81a53e87bd5d36aa\appmgmts.dll . [-] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] . . c:\windows\System32\ias.dll [-] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7600.16385_none_f8d730c7a3d9d889\ias.dll [-] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_fb08448fa0c85c23\ias.dll . [-] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll [-] 2010-08-31 04:32 . 1B3A500340AC40F08D03A2C45213A17D . 954288 . . [4.1.6140] . . c:\windows\System32\mfc40u.dll [-] 2010-08-31 04:32 . 1B3A500340AC40F08D03A2C45213A17D . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16666_none_f3000dfcb6d2a7e4\mfc40u.dll [-] 2010-08-31 04:25 . A716981A8BB41F4149203687EE2D1BE4 . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.20791_none_f3643991d00d1cce\mfc40u.dll [-] 2009-07-14 01:15 . F8742FC618ECBDA92A406725197E93AE . 924944 . . [4.1.6140] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16385_none_f2e96828b6e3cefa\mfc40u.dll . [-] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] . . c:\windows\System32\upnphost.dll [-] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_c1be8a9895d79340\upnphost.dll . [-] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] . . c:\windows\System32\dsound.dll [-] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll . [-] 2010-11-20 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d9.dll [-] 2009-07-14 . 7459301D21C2E21468823F73042D9F87 . 1826816 . . [6.1.7600.16385] . . c:\windows\System32\d3d9.dll [-] 2009-07-14 . 7459301D21C2E21468823F73042D9F87 . 1826816 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_c223c2c8c219cb6a\d3d9.dll . [-] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] . . c:\windows\System32\ddraw.dll [-] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll . [-] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll [-] 2009-07-14 01:16 . C10459DBDC2099C5A8428CB7D87DB85F . 90112 . . [6.1.7600.16385] . . c:\windows\System32\olepro32.dll [-] 2009-07-14 01:16 . C10459DBDC2099C5A8428CB7D87DB85F . 90112 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7600.16385_none_39ea10b66307dbef\olepro32.dll . [-] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] . . c:\windows\System32\perfctrs.dll [-] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_314993e6be6d6809\perfctrs.dll . [-] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] . . c:\windows\System32\version.dll [-] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll . [-] 2009-07-14 . 55187FD710E27D5095D10A472C8BAF1C . 288768 . . [6.1.7600.16385] . . c:\windows\System32\w32time.dll [-] 2009-07-14 . 55187FD710E27D5095D10A472C8BAF1C . 288768 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-time-service_31bf3856ad364e35_6.1.7600.16385_none_887db9d2ce9e3aa0\w32time.dll . [-] 2010-11-20 . E1FB3706030FB4578A0D72C2FC3689E4 . 463360 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7601.17514_none_349ba4fd11957512\wiaservc.dll [-] 2009-07-14 . A22825E7BB7018E8AF3E229A5AF17221 . 462336 . . [6.1.7600.16385] . . c:\windows\System32\wiaservc.dll [-] 2009-07-14 . A22825E7BB7018E8AF3E229A5AF17221 . 462336 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7600.16385_none_326a913514a6f178\wiaservc.dll . [-] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] . . c:\windows\System32\midimap.dll [-] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll . [-] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] . . c:\windows\System32\rasadhlp.dll [-] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_0fb054d9c6a6b4d4\rasadhlp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-09-23 23:30 173592 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-09-23 23:30 141848 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-07-06 23:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2011-07-06 23:52 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonUpdateAgent] 2011-04-05 18:19 2692024 ----a-w- c:\programdata\Norton\NUA.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-09-23 23:30 150552 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray] 2011-07-06 15:21 3788704 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor] 2010-11-15 21:05 112600 ----a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . R4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-26 135664] R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-26 135664] R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-07-06 1060272] R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-07-06 909224] R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-07-06 169624] R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-17 1343400] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2009-10-15 328752] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110723.001\BHDrvx86.sys [2011-07-23 815736] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110729.030\IDSvix86.sys [2011-06-30 367736] S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [2011-07-06 38504] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-06-24 105592] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712] S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-09-11 626688] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920] S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480] S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640] S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792] S4 SDHookService;Spybot-S&D 2 Hooks Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-07-06 130976] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ERASERUTILDRV11113 *Deregistered* - EraserUtilDrv11113 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-26 00:54] . 2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-26 00:54] . 2011-07-25 c:\windows\Tasks\RMSchedule.job - c:\program files\Registry Mechanic\RegMech.exe [2011-07-25 21:05] . . ------- Supplementary Scan ------- . uStart Page = hxxp://abcnews.go.com/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 68.87.68.166 68.87.74.166 DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab FF - ProfilePath - c:\users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\jdf5ipm2.default\ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 56040 FF - prefs.js: network.proxy.type - 4 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} . - - - - ORPHANS REMOVED - - - - . Notify-SDWinLogon - SDWinLogon.dll MSConfigStartUp-conhost - c:\users\Heather\AppData\Roaming\Microsoft\conhost.exe MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe AddRemove-Homestead Professional - c:\program files\Homestead\Homestead Professional\hkuninst.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-07-29 22:08:02 ComboFix-quarantined-files.txt 2011-07-30 02:08 . Pre-Run: 286,800,986,112 bytes free Post-Run: 286,596,866,048 bytes free . - - End Of File - - A3CC8DB4EDD2CD1839492899AD7DE838 DDS . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Heather at 22:24:26 on 2011-07-29 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2038.903 [GMT -4:00] . AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Spybot - Search & Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\SearchIndexer.exe C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\ProgramData\Norton\NUA.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\PrintIsolationHost.exe C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\notepad.exe C:\Windows\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://abcnews.go.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 68.87.68.166 68.87.74.166 TCP: Interfaces\{0EB6D7DD-6A91-4929-9C8F-3A6D55561DD7} : DhcpNameServer = 68.87.68.166 68.87.74.166 TCP: Interfaces\{2F91CF51-16D8-4313-93FD-23D9FC9B7F3B} : DhcpNameServer = 68.87.68.166 68.87.74.166 TCP: Interfaces\{2F91CF51-16D8-4313-93FD-23D9FC9B7F3B}\2516D616461694E6E6D27457563747 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{2F91CF51-16D8-4313-93FD-23D9FC9B7F3B}\25F637567796C6C6534483335443 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{2F91CF51-16D8-4313-93FD-23D9FC9B7F3B}\34F657E64727970205C616365602759664960213 : DhcpNameServer = 10.1.10.1 TCP: Interfaces\{2F91CF51-16D8-4313-93FD-23D9FC9B7F3B}\C696E6B6379737 : DhcpNameServer = 68.87.68.166 68.87.74.166 TCP: Interfaces\{2F91CF51-16D8-4313-93FD-23D9FC9B7F3B}\D41697F584F6D656 : DhcpNameServer = 192.168.1.44 TCP: Interfaces\{2F91CF51-16D8-4313-93FD-23D9FC9B7F3B}\E4544574541425 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{37C7A392-3FFD-466E-BA2D-3DE9D35833A8} : DhcpNameServer = 68.87.68.166 68.87.74.166 TCP: Interfaces\{37C7A392-3FFD-466E-BA2D-3DE9D35833A8}\25F637567796C6C6534483335443 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{37C7A392-3FFD-466E-BA2D-3DE9D35833A8}\741445D213 : DhcpNameServer = 192.168.1.1 Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\heather\appdata\roaming\mozilla\firefox\profiles\jdf5ipm2.default\ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 56040 FF - prefs.js: network.proxy.type - 4 FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn_2010_9_0_6\components\coFFPlgn.dll FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\users\heather\appdata\roaming\mozilla\firefox\profiles\jdf5ipm2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\IPSFFPlgn FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coFFPlgn_2010_9_0_6 FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-10-26 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-10-26 173104] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110723.001\BHDrvx86.sys [2011-7-22 815736] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-10-26 501888] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110729.030\IDSvix86.sys [2011-7-29 367736] R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2011-7-22 38504] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-10-26 116784] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys [2010-10-26 339504] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-10-26 126392] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-23 105592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-17 22712] R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2009-9-11 626688] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480] R4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-17 366640] R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-7-24 632792] R4 SDHookService;Spybot-S&D 2 Hooks Service;c:\program files\spybot - search & destroy 2\SDHookSvc.exe [2011-7-22 130976] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-25 135664] S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-25 135664] S4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2011-7-22 1060272] S4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2011-7-22 909224] S4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2011-7-22 169624] S4 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-17 1343400] . =============== Created Last 30 ================ . 2011-07-30 02:08:09 -------- d-sh--w- C:\$RECYCLE.BIN 2011-07-30 01:56:05 -------- d-----w- c:\users\heather\appdata\local\temp 2011-07-30 01:32:01 98816 ----a-w- c:\windows\sed.exe 2011-07-30 01:32:01 518144 ----a-w- c:\windows\SWREG.exe 2011-07-30 01:32:01 256000 ----a-w- c:\windows\PEV.exe 2011-07-30 01:32:01 208896 ----a-w- c:\windows\MBR.exe 2011-07-25 01:49:48 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2011-07-25 01:49:48 506368 ----a-w- c:\windows\system32\msxml.dll 2011-07-25 01:49:48 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2011-07-25 01:49:48 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2011-07-25 01:49:48 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2011-07-25 01:49:40 -------- d-----w- c:\program files\common files\PC Tools 2011-07-24 03:46:30 -------- d-----w- c:\program files\ESET 2011-07-24 03:21:19 -------- d-----w- c:\users\heather\appdata\local\NPE 2011-07-24 03:03:38 -------- d-----w- c:\users\heather\appdata\roaming\QuickScan 2011-07-24 02:34:27 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files 2011-07-23 02:49:34 -------- d-----w- C:\Symbols 2011-07-23 01:45:36 -------- d-----w- c:\windows\CheckSur 2011-07-23 01:31:04 -------- d-----w- c:\windows\system32\SPReview 2011-07-23 01:14:21 -------- d-----w- c:\users\heather\appdata\local\Deployment 2011-07-22 20:45:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-07-22 20:45:34 15224 ----a-w- c:\windows\system32\sdnclean.exe 2011-07-22 20:45:28 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2011-07-14 02:05:37 -------- d-----w- c:\windows\system32\EventProviders . ==================== Find3M ==================== . 2011-07-14 03:22:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-11 02:37:19 2332672 ----a-w- c:\windows\system32\win32k.sys 2011-06-02 17:53:02 94208 ----a-w- c:\windows\system32\dpl100.dll 2011-06-02 05:59:55 169984 ----a-w- c:\windows\system32\winsrv.dll 2011-06-02 05:58:05 290816 ----a-w- c:\windows\system32\KernelBase.dll 2011-06-02 05:55:31 271872 ----a-w- c:\windows\system32\conhost.exe 2011-06-02 03:45:49 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-06-02 03:45:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-06-02 03:45:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-06-02 03:45:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-05-24 10:35:34 294912 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-04 04:53:10 1553920 ----a-w- c:\windows\system32\tquery.dll 2011-05-04 04:52:59 666624 ----a-w- c:\windows\system32\mssvp.dll 2011-05-04 04:52:59 59392 ----a-w- c:\windows\system32\msscntrs.dll 2011-05-04 04:52:59 337408 ----a-w- c:\windows\system32\mssph.dll 2011-05-04 04:52:59 197120 ----a-w- c:\windows\system32\mssphtb.dll 2011-05-04 04:52:59 1401856 ----a-w- c:\windows\system32\mssrch.dll 2011-05-04 04:52:12 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe 2011-05-04 04:52:12 428032 ----a-w- c:\windows\system32\SearchIndexer.exe 2011-05-04 04:52:12 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe 2011-05-04 02:43:59 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-05-04 02:43:48 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-05-04 02:43:41 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-05-03 04:50:29 740864 ----a-w- c:\windows\system32\inetcomm.dll 2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll . ============= FINISH: 22:25:27.05 ===============