Jump to content

Smart Fortress 2012- Still have rootkits

BekkiT

By BekkiT
in Resolved Malware Removal Logs

 Share

Recommended Posts

BekkiT

BekkiT

Posted
Posted

I stupidly got myself infected with Smart Fortress 2012. I've been running Malwarebytes scans from safe mode, and after multiple scans over the course of 2 days, I'm still picking up 7-20 rootkits per scan. This is clearly not a good sign. I'm at work at the moment but will post my MBAM logs ASAP. Please let me know if there are other scans you would like to see as well.

Thank you.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello BekkiT and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

The scan should be performed in Normal mode. Follow the instructions from this guide:

http://forums.malwarebytes.org/index.php?showtopic=107384

Post the log file in your next reply.

Link to post
Share on other sites
BekkiT

BekkiT

Posted
  • Author
Posted

Okay, here's what I got. First, when I logged in in normal mode the following message popped up:

Missing Virus Definitions: VPTray.exe- Ordinal Not Found. The ordinal 1109 could not be located in the dynamic link library WSOCK32.dll

I'm pretty sure that's nothing of mine so I pretty much opted to just not touch it while I was trying to do the scan.

I tried to run Chameleon but it had difficulty connecting to the internet. I'm not sure if that was my fault or something with whatever is going on. I've been trying to minimize the laptop's ability to get online since this started. I got this error message both time I ran Chameleon:

An error occured. Please report this issue to our support team. PROGRAM_ERROR_UPDATING(0,0,SSL Exception)

Anyway, in normal mode the scan didn't find anything. I knew that seemed a bit off, so I ran it again from Safe Mode. Logs to follow:

First time in normal mode:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.15.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.11

:: PC139818592325 [limited]

4/16/2012 9:43:52 PM

mbam-log-2012-04-16 (21-43-52).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 225591

Time elapsed: 29 minute(s), 42 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Second time in SafeMode:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.15.07

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 7.0.5730.11

Bekki :: PC139818592325 [administrator]

4/17/2012 5:45:10 AM

mbam-log-2012-04-17 (05-45-10).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 223664

Time elapsed: 14 minute(s), 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\WINDOWS\system32\ispwdsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\se59mgmt.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

(end)

If I'm correct that particular RootKit is all kinds of bad news. I'm not sure why it only gets picked up in SafeMode. I just did the Quick Scan that runs with Chameleon there. If I'd run a full, I guarantee it would have found bunches more.

Any guidance is appreciated. Thanks again.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Thanks for your information!

Again in Normal mode:

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log

Link to post
Share on other sites
BekkiT

BekkiT

Posted
  • Author
Posted

I ran into a bit of a problem. I had TDSS on hand so I was able to run that scan with no issues, but it only turned up suspicious items. Log is below. However, when I went to run the updates for MBAM, I ran into that same error message as when I tried to run Chameleon. I checked and I was definitely connected to the internet. Out of curiosity I tried to open a Firefox window- no luck. IE opened, but any attempt to get to a webpage resulted in a redirect, so I closed out and disconnected ASAP.

MESSAGE: An error occured. Please report this issue to our support team. PROGRAM_ERROR_UPDATING(0,0,SSL Exception)

My last successful update to MBAM was on the 15th, immediately after this all started. Any ideas on what to do? I my only thoughts were to check to see if I can download the updates separately on a different machine and then transfer them to the infected machine, or something like that to bypass the connection.

Thanks again.

TDSS Killer log:

22:02:22.0265 0884 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

22:02:22.0609 0884 ============================================================

22:02:22.0609 0884 Current date / time: 2012/04/17 22:02:22.0609

22:02:22.0609 0884 SystemInfo:

22:02:22.0609 0884

22:02:22.0609 0884 OS Version: 5.1.2600 ServicePack: 3.0

22:02:22.0609 0884 Product type: Workstation

22:02:22.0609 0884 ComputerName: PC139818592325

22:02:22.0625 0884 UserName: Bekki

22:02:22.0625 0884 Windows directory: C:\WINDOWS

22:02:22.0625 0884 System windows directory: C:\WINDOWS

22:02:22.0625 0884 Processor architecture: Intel x86

22:02:22.0625 0884 Number of processors: 2

22:02:22.0625 0884 Page size: 0x1000

22:02:22.0625 0884 Boot type: Normal boot

22:02:22.0625 0884 ============================================================

22:02:27.0984 0884 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

22:02:28.0046 0884 \Device\Harddisk0\DR0:

22:02:28.0078 0884 MBR used

22:02:28.0078 0884 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC1D6A2D

22:02:28.0078 0884 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0xC1D6AAB, BlocksNum 0x1BBB053

22:02:28.0531 0884 Initialize success

22:02:28.0531 0884 ============================================================

22:02:47.0593 2712 ============================================================

22:02:47.0593 2712 Scan started

22:02:47.0593 2712 Mode: Manual; SigCheck; TDLFS;

22:02:47.0593 2712 ============================================================

22:02:56.0281 2712 Abiosdsk - ok

22:02:57.0640 2712 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

22:03:52.0453 2712 abp480n5 - ok

22:03:53.0375 2712 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

22:03:55.0093 2712 ACPI - ok

22:03:56.0765 2712 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

22:03:57.0343 2712 ACPIEC - ok

22:03:59.0015 2712 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

22:03:59.0937 2712 adpu160m - ok

22:04:01.0125 2712 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

22:04:01.0546 2712 aec - ok

22:04:03.0125 2712 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

22:04:03.0531 2712 AFD - ok

22:04:04.0765 2712 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

22:04:05.0265 2712 agp440 - ok

22:04:06.0343 2712 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

22:04:13.0265 2712 agpCPQ - ok

22:04:14.0359 2712 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

22:04:14.0812 2712 Aha154x - ok

22:04:15.0984 2712 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

22:04:16.0359 2712 aic78u2 - ok

22:04:17.0093 2712 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

22:04:17.0390 2712 aic78xx - ok

22:04:18.0078 2712 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

22:04:18.0437 2712 Alerter - ok

22:04:19.0093 2712 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

22:04:19.0359 2712 ALG - ok

22:04:20.0171 2712 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

22:04:20.0578 2712 AliIde - ok

22:04:21.0093 2712 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

22:04:21.0359 2712 alim1541 - ok

22:04:21.0734 2712 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

22:04:22.0015 2712 amdagp - ok

22:04:22.0484 2712 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

22:04:22.0671 2712 amsint - ok

22:04:23.0000 2712 anwe - ok

22:04:23.0265 2712 Apple Mobile Device (1961cb10bb48eb4d97e37db6373e9e63) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

22:04:23.0312 2712 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning

22:04:23.0312 2712 Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)

22:04:23.0656 2712 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

22:04:23.0937 2712 AppMgmt - ok

22:04:24.0687 2712 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

22:04:24.0906 2712 Arp1394 - ok

22:04:25.0640 2712 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

22:04:25.0953 2712 asc - ok

22:04:26.0671 2712 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

22:04:27.0000 2712 asc3350p - ok

22:04:27.0546 2712 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

22:04:27.0734 2712 asc3550 - ok

22:04:28.0265 2712 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

22:04:28.0593 2712 aspnet_state - ok

22:04:29.0156 2712 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

22:04:29.0437 2712 AsyncMac - ok

22:04:30.0078 2712 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

22:04:30.0484 2712 atapi - ok

22:04:31.0031 2712 Atdisk - ok

22:04:31.0468 2712 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

22:04:31.0906 2712 Atmarpc - ok

22:04:32.0937 2712 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

22:04:33.0296 2712 AudioSrv - ok

22:04:34.0281 2712 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

22:04:35.0171 2712 audstub - ok

22:04:35.0796 2712 Automatic LiveUpdate Scheduler (7768ce75c5cbf0d8f441ce2bbd806b7f) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

22:04:35.0890 2712 Automatic LiveUpdate Scheduler - ok

22:04:36.0609 2712 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

22:04:37.0968 2712 Beep - ok

22:04:38.0843 2712 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

22:04:40.0218 2712 BITS - ok

22:04:40.0515 2712 Bonjour Service (cfd4c3352e29a8b729536648466e8df5) C:\Program Files\Bonjour\mDNSResponder.exe

22:04:40.0687 2712 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning

22:04:40.0687 2712 Bonjour Service - detected UnsignedFile.Multi.Generic (1)

22:04:41.0359 2712 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

22:04:41.0609 2712 Browser - ok

22:04:42.0265 2712 BTWUSB (7024e11dab9410b31a37547575249dd7) C:\WINDOWS\system32\Drivers\btwusb.sys

22:04:42.0390 2712 BTWUSB ( UnsignedFile.Multi.Generic ) - warning

22:04:42.0390 2712 BTWUSB - detected UnsignedFile.Multi.Generic (1)

22:04:42.0890 2712 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

22:04:43.0406 2712 cbidf - ok

22:04:44.0281 2712 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

22:04:44.0484 2712 cbidf2k - ok

22:04:44.0890 2712 ccEvtMgr (c8e9f9c289eef55b97ee2c1d245b1af3) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

22:04:45.0000 2712 ccEvtMgr - ok

22:04:45.0359 2712 ccPwdSvc (5c09a042cab7de5a50a7b65f0980d279) C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

22:04:45.0671 2712 ccPwdSvc - ok

22:04:45.0968 2712 ccSetMgr (c70b0215de5cfc5681d536506edb42dd) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

22:04:46.0031 2712 ccSetMgr - ok

22:04:46.0812 2712 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

22:04:47.0015 2712 cd20xrnt - ok

22:04:47.0656 2712 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

22:04:47.0953 2712 Cdaudio - ok

22:04:48.0562 2712 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

22:04:48.0828 2712 Cdfs - ok

22:04:49.0609 2712 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

22:04:51.0359 2712 Cdrom - ok

22:04:52.0484 2712 Changer - ok

22:04:54.0062 2712 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

22:04:54.0437 2712 CiSvc - ok

22:04:55.0328 2712 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

22:04:55.0640 2712 ClipSrv - ok

22:04:56.0312 2712 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:04:56.0921 2712 clr_optimization_v2.0.50727_32 - ok

22:04:57.0687 2712 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

22:04:58.0062 2712 CmBatt - ok

22:04:58.0500 2712 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

22:04:58.0671 2712 CmdIde - ok

22:04:59.0093 2712 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

22:04:59.0281 2712 Compbatt - ok

22:04:59.0468 2712 COMSysApp - ok

22:04:59.0734 2712 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

22:04:59.0921 2712 Cpqarray - ok

22:05:00.0296 2712 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

22:05:00.0484 2712 CryptSvc - ok

22:05:00.0875 2712 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

22:05:01.0312 2712 dac2w2k - ok

22:05:01.0656 2712 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

22:05:01.0812 2712 dac960nt - ok

22:05:02.0296 2712 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

22:05:02.0484 2712 DcomLaunch - ok

22:05:02.0687 2712 DefWatch (1bcfdaff0e5ca8efa32295c94bc864e9) C:\Program Files\Symantec AntiVirus\DefWatch.exe

22:05:02.0703 2712 DefWatch - ok

22:05:02.0984 2712 DellAMBrokerService - ok

22:05:03.0265 2712 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

22:05:03.0500 2712 Dhcp - ok

22:05:03.0968 2712 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

22:05:04.0218 2712 Disk - ok

22:05:04.0531 2712 dmadmin - ok

22:05:05.0125 2712 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

22:05:06.0265 2712 dmboot - ok

22:05:06.0640 2712 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

22:05:06.0953 2712 dmio - ok

22:05:07.0296 2712 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

22:05:07.0484 2712 dmload - ok

22:05:07.0875 2712 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

22:05:08.0156 2712 dmserver - ok

22:05:08.0453 2712 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

22:05:08.0625 2712 DMusic - ok

22:05:08.0921 2712 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

22:05:09.0156 2712 Dnscache - ok

22:05:09.0531 2712 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

22:05:09.0859 2712 Dot3svc - ok

22:05:10.0281 2712 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

22:05:10.0531 2712 dpti2o - ok

22:05:10.0921 2712 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

22:05:11.0093 2712 drmkaud - ok

22:05:11.0656 2712 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys

22:05:11.0750 2712 drvmcdb ( UnsignedFile.Multi.Generic ) - warning

22:05:11.0750 2712 drvmcdb - detected UnsignedFile.Multi.Generic (1)

22:05:12.0328 2712 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys

22:05:12.0625 2712 drvnddm ( UnsignedFile.Multi.Generic ) - warning

22:05:12.0625 2712 drvnddm - detected UnsignedFile.Multi.Generic (1)

22:05:13.0078 2712 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys

22:05:13.0218 2712 E100B - ok

22:05:13.0531 2712 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys

22:05:13.0656 2712 eabfiltr - ok

22:05:13.0984 2712 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys

22:05:14.0062 2712 eabusb - ok

22:05:14.0203 2712 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

22:05:14.0484 2712 EapHost - ok

22:05:14.0765 2712 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

22:05:14.0875 2712 eeCtrl - ok

22:05:15.0375 2712 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe

22:05:15.0656 2712 ehRecvr - ok

22:05:15.0921 2712 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe

22:05:16.0015 2712 ehSched - ok

22:05:16.0328 2712 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

22:05:16.0359 2712 EraserUtilRebootDrv - ok

22:05:16.0750 2712 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

22:05:17.0031 2712 ERSvc - ok

22:05:17.0312 2712 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

22:05:17.0375 2712 Eventlog - ok

22:05:17.0484 2712 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

22:05:17.0703 2712 EventSystem - ok

22:05:18.0546 2712 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

22:05:18.0906 2712 Fastfat - ok

22:05:19.0406 2712 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

22:05:19.0843 2712 FastUserSwitchingCompatibility - ok

22:05:20.0296 2712 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

22:05:20.0609 2712 Fdc - ok

22:05:21.0109 2712 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

22:05:21.0359 2712 Fips - ok

22:05:21.0562 2712 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

22:05:21.0921 2712 FLEXnet Licensing Service - ok

22:05:22.0281 2712 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

22:05:22.0546 2712 Flpydisk - ok

22:05:23.0203 2712 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

22:05:23.0593 2712 FltMgr - ok

22:05:24.0203 2712 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

22:05:24.0281 2712 FontCache3.0.0.0 - ok

22:05:24.0609 2712 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

22:05:24.0859 2712 Fs_Rec - ok

22:05:25.0250 2712 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

22:05:25.0500 2712 Ftdisk - ok

22:05:26.0031 2712 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

22:05:26.0062 2712 GEARAspiWDM - ok

22:05:26.0234 2712 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

22:05:26.0578 2712 Gpc - ok

22:05:27.0156 2712 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys

22:05:27.0250 2712 HBtnKey - ok

22:05:27.0453 2712 HdAudAddService (34af2366ae5ba06626b023c81369039e) C:\WINDOWS\system32\drivers\CHDAud.sys

22:05:28.0031 2712 HdAudAddService - ok

22:05:28.0453 2712 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

22:05:28.0703 2712 HDAudBus - ok

22:05:29.0078 2712 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

22:05:29.0265 2712 helpsvc - ok

22:05:29.0687 2712 HidServ - ok

22:05:29.0953 2712 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

22:05:30.0234 2712 HidUsb - ok

22:05:30.0921 2712 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

22:05:31.0187 2712 hkmsvc - ok

22:05:31.0765 2712 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

22:05:32.0046 2712 hpn - ok

22:05:32.0296 2712 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

22:05:32.0390 2712 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning

22:05:32.0390 2712 hpqwmiex - detected UnsignedFile.Multi.Generic (1)

22:05:32.0765 2712 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

22:05:33.0093 2712 HSFHWAZL - ok

22:05:33.0640 2712 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

22:05:34.0015 2712 HSF_DPV - ok

22:05:34.0359 2712 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

22:05:34.0484 2712 HTTP - ok

22:05:34.0640 2712 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

22:05:34.0921 2712 HTTPFilter - ok

22:05:35.0296 2712 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

22:05:35.0484 2712 i2omgmt - ok

22:05:35.0812 2712 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

22:05:36.0015 2712 i2omp - ok

22:05:36.0187 2712 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

22:05:36.0609 2712 i8042prt - ok

22:05:37.0093 2712 ialm (85d42b7f0dd406adf5e3ec7659a279ec) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

22:05:37.0500 2712 ialm - ok

22:05:37.0921 2712 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

22:05:38.0156 2712 iaStor - ok

22:05:38.0281 2712 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

22:05:38.0328 2712 IDriverT ( UnsignedFile.Multi.Generic ) - warning

22:05:38.0328 2712 IDriverT - detected UnsignedFile.Multi.Generic (1)

22:05:38.0812 2712 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

22:05:39.0171 2712 idsvc - ok

22:05:39.0671 2712 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

22:05:40.0093 2712 Imapi - ok

22:05:40.0640 2712 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

22:05:41.0015 2712 ImapiService - ok

22:05:41.0453 2712 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

22:05:41.0750 2712 ini910u - ok

22:05:42.0328 2712 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

22:05:42.0515 2712 IntelIde - ok

22:05:42.0656 2712 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

22:05:42.0843 2712 intelppm - ok

22:05:42.0875 2712 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

22:05:43.0031 2712 Ip6Fw - ok

22:05:43.0171 2712 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

22:05:43.0359 2712 IpFilterDriver - ok

22:05:43.0609 2712 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

22:05:43.0843 2712 IpInIp - ok

22:05:43.0890 2712 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

22:05:44.0062 2712 IpNat - ok

22:05:44.0140 2712 IPSec (d4572221f148c59f215b9a5b4a1affdb) C:\WINDOWS\system32\DRIVERS\ipsec.sys

22:05:44.0171 2712 IPSec ( UnsignedFile.Multi.Generic ) - warning

22:05:44.0171 2712 IPSec - detected UnsignedFile.Multi.Generic (1)

22:05:44.0343 2712 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

22:05:44.0515 2712 IRENUM - ok

22:05:44.0562 2712 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

22:05:44.0734 2712 isapnp - ok

22:05:44.0875 2712 JavaQuickStarterService (77ac10db097dfd0cd3071465b644d0ab) C:\Program Files\Java\jre6\bin\jqs.exe

22:05:44.0921 2712 JavaQuickStarterService - ok

22:05:45.0140 2712 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

22:05:45.0312 2712 Kbdclass - ok

22:05:45.0343 2712 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

22:05:45.0500 2712 kbdhid - ok

22:05:45.0656 2712 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

22:05:45.0812 2712 kmixer - ok

22:05:46.0328 2712 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

22:05:46.0546 2712 KSecDD - ok

22:05:46.0781 2712 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

22:05:46.0843 2712 lanmanserver - ok

22:05:46.0937 2712 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

22:05:47.0046 2712 lanmanworkstation - ok

22:05:47.0265 2712 lbrtfdc - ok

22:05:47.0406 2712 LightScribeService (5d4b38a8d8525356798f5e560c3a3090) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

22:05:47.0421 2712 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

22:05:47.0421 2712 LightScribeService - detected UnsignedFile.Multi.Generic (1)

22:05:47.0625 2712 LiveUpdate (fb466faa799eace5075fc1de269f0066) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

22:05:48.0437 2712 LiveUpdate - ok

22:05:48.0875 2712 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

22:05:49.0093 2712 LmHosts - ok

22:05:49.0453 2712 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys

22:05:49.0500 2712 mbamchameleon - ok

22:05:49.0671 2712 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe

22:05:49.0765 2712 McrdSvc - ok

22:05:50.0031 2712 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

22:05:50.0093 2712 mdmxsdk - ok

22:05:50.0171 2712 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

22:05:50.0453 2712 Messenger - ok

22:05:50.0875 2712 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll

22:05:50.0953 2712 MHN ( UnsignedFile.Multi.Generic ) - warning

22:05:50.0953 2712 MHN - detected UnsignedFile.Multi.Generic (1)

22:05:51.0281 2712 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

22:05:51.0328 2712 MHNDRV ( UnsignedFile.Multi.Generic ) - warning

22:05:51.0328 2712 MHNDRV - detected UnsignedFile.Multi.Generic (1)

22:05:51.0468 2712 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

22:05:51.0687 2712 mnmdd - ok

22:05:52.0015 2712 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

22:05:52.0187 2712 mnmsrvc - ok

22:05:52.0468 2712 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

22:05:52.0718 2712 Modem - ok

22:05:53.0062 2712 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

22:05:53.0250 2712 Mouclass - ok

22:05:53.0640 2712 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

22:05:53.0906 2712 mouhid - ok

22:05:54.0218 2712 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

22:05:54.0406 2712 MountMgr - ok

22:05:54.0734 2712 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys

22:05:54.0984 2712 MQAC - ok

22:05:55.0281 2712 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

22:05:55.0562 2712 mraid35x - ok

22:05:55.0812 2712 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

22:05:55.0984 2712 MRxDAV - ok

22:05:56.0218 2712 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

22:05:56.0453 2712 MRxSmb - ok

22:05:56.0765 2712 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

22:05:57.0015 2712 MSDTC - ok

22:05:57.0125 2712 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

22:05:57.0296 2712 Msfs - ok

22:05:57.0562 2712 MSIServer - ok

22:05:57.0687 2712 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

22:05:57.0921 2712 MSKSSRV - ok

22:05:58.0234 2712 MSMQ (afb909b537aae1beae7bbdb6a36d40b0) C:\WINDOWS\system32\mqsvc.exe

22:05:58.0390 2712 MSMQ - ok

22:05:58.0687 2712 MSMQTriggers (7f955ff3b1bb93376ebe75d5accdc6db) C:\WINDOWS\system32\mqtgsvc.exe

22:05:58.0921 2712 MSMQTriggers - ok

22:05:59.0203 2712 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

22:05:59.0359 2712 MSPCLOCK - ok

22:05:59.0437 2712 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

22:05:59.0687 2712 MSPQM - ok

22:06:00.0078 2712 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

22:06:00.0234 2712 mssmbios - ok

22:06:00.0593 2712 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

22:06:00.0750 2712 Mup - ok

22:06:01.0046 2712 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

22:06:01.0406 2712 napagent - ok

22:06:01.0734 2712 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120413.002\naveng.sys

22:06:01.0750 2712 NAVENG - ok

22:06:01.0953 2712 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120413.002\navex15.sys

22:06:02.0062 2712 NAVEX15 - ok

22:06:02.0390 2712 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

22:06:02.0718 2712 NDIS - ok

22:06:02.0984 2712 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

22:06:03.0078 2712 NdisTapi - ok

22:06:03.0140 2712 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

22:06:03.0296 2712 Ndisuio - ok

22:06:03.0531 2712 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

22:06:03.0875 2712 NdisWan - ok

22:06:04.0187 2712 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

22:06:04.0281 2712 NDProxy - ok

22:06:04.0437 2712 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

22:06:04.0593 2712 NetBIOS - ok

22:06:05.0046 2712 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

22:06:05.0234 2712 NetBT - ok

22:06:05.0515 2712 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

22:06:05.0890 2712 NetDDE - ok

22:06:05.0890 2712 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

22:06:06.0031 2712 NetDDEdsdm - ok

22:06:06.0312 2712 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

22:06:06.0468 2712 Netlogon - ok

22:06:06.0671 2712 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

22:06:07.0000 2712 Netman - ok

22:06:07.0421 2712 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:06:07.0500 2712 NetTcpPortSharing - ok

22:06:08.0265 2712 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys

22:06:09.0187 2712 NETw3x32 - ok

22:06:09.0906 2712 NETw4x32 (9eb7001200bc53dad5bc531f0e58970e) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

22:06:11.0015 2712 NETw4x32 - ok

22:06:11.0406 2712 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

22:06:11.0640 2712 NIC1394 - ok

22:06:11.0953 2712 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

22:06:12.0078 2712 Nla - ok

22:06:12.0156 2712 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

22:06:12.0390 2712 Npfs - ok

22:06:12.0734 2712 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

22:06:13.0187 2712 Ntfs - ok

22:06:13.0375 2712 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

22:06:13.0500 2712 NtLmSsp - ok

22:06:13.0609 2712 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

22:06:13.0921 2712 NtmsSvc - ok

22:06:14.0250 2712 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

22:06:14.0421 2712 Null - ok

22:06:14.0593 2712 nvcap - ok

22:06:14.0875 2712 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

22:06:15.0125 2712 NwlnkFlt - ok

22:06:15.0296 2712 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

22:06:15.0468 2712 NwlnkFwd - ok

22:06:15.0796 2712 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

22:06:16.0078 2712 ohci1394 - ok

22:06:16.0265 2712 oracle%oracle_home_service%clientcache80 - ok

22:06:16.0421 2712 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:06:16.0484 2712 ose - ok

22:06:16.0671 2712 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

22:06:16.0953 2712 Parport - ok

22:06:17.0281 2712 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

22:06:17.0453 2712 PartMgr - ok

22:06:17.0859 2712 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

22:06:18.0093 2712 ParVdm - ok

22:06:18.0156 2712 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

22:06:18.0328 2712 PCI - ok

22:06:18.0562 2712 PCIDump - ok

22:06:18.0640 2712 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

22:06:18.0921 2712 PCIIde - ok

22:06:19.0265 2712 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

22:06:19.0468 2712 Pcmcia - ok

22:06:19.0781 2712 PDCOMP - ok

22:06:19.0828 2712 PDFRAME - ok

22:06:19.0843 2712 PDRELI - ok

22:06:19.0875 2712 PDRFRAME - ok

22:06:19.0937 2712 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

22:06:20.0265 2712 perc2 - ok

22:06:20.0625 2712 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

22:06:20.0796 2712 perc2hib - ok

22:06:21.0078 2712 pgpsdkservice - ok

22:06:21.0218 2712 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

22:06:21.0265 2712 PlugPlay - ok

22:06:21.0328 2712 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

22:06:21.0531 2712 PolicyAgent - ok

22:06:21.0875 2712 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

22:06:22.0328 2712 PptpMiniport - ok

22:06:22.0625 2712 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

22:06:22.0765 2712 ProtectedStorage - ok

22:06:22.0875 2712 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

22:06:23.0046 2712 PSched - ok

22:06:23.0171 2712 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

22:06:23.0359 2712 Ptilink - ok

22:06:23.0437 2712 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

22:06:23.0468 2712 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

22:06:23.0500 2712 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

22:06:23.0562 2712 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

22:06:23.0734 2712 ql1080 - ok

22:06:24.0156 2712 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

22:06:24.0406 2712 Ql10wnt - ok

22:06:24.0812 2712 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

22:06:25.0062 2712 ql12160 - ok

22:06:25.0593 2712 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

22:06:25.0796 2712 ql1240 - ok

22:06:26.0265 2712 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

22:06:26.0515 2712 ql1280 - ok

22:06:26.0796 2712 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

22:06:26.0953 2712 RasAcd - ok

22:06:27.0062 2712 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

22:06:27.0218 2712 RasAuto - ok

22:06:27.0546 2712 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

22:06:27.0734 2712 Rasl2tp - ok

22:06:27.0828 2712 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

22:06:27.0968 2712 RasMan - ok

22:06:28.0125 2712 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

22:06:28.0343 2712 RasPppoe - ok

22:06:28.0390 2712 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

22:06:28.0578 2712 Raspti - ok

22:06:28.0765 2712 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

22:06:28.0921 2712 Rdbss - ok

22:06:29.0015 2712 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

22:06:29.0171 2712 RDPCDD - ok

22:06:29.0234 2712 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

22:06:29.0437 2712 rdpdr - ok

22:06:29.0515 2712 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

22:06:29.0609 2712 RDPWD - ok

22:06:29.0781 2712 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

22:06:30.0031 2712 RDSessMgr - ok

22:06:30.0125 2712 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

22:06:30.0359 2712 redbook - ok

22:06:30.0578 2712 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

22:06:30.0765 2712 RemoteAccess - ok

22:06:30.0859 2712 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

22:06:31.0015 2712 RemoteRegistry - ok

22:06:31.0140 2712 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys

22:06:31.0187 2712 RMCAST - ok

22:06:31.0265 2712 rnadiagreceiver - ok

22:06:31.0281 2712 roxupnprenderer - ok

22:06:31.0343 2712 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

22:06:31.0515 2712 RpcLocator - ok

22:06:31.0593 2712 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

22:06:31.0656 2712 RpcSs - ok

22:06:31.0765 2712 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

22:06:32.0000 2712 RSVP - ok

22:06:32.0203 2712 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

22:06:32.0296 2712 rtl8139 - ok

22:06:32.0343 2712 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

22:06:32.0468 2712 SamSs - ok

22:06:32.0562 2712 SavRoam (fe8792122cdb2caf105f60ea228a3b46) C:\Program Files\Symantec AntiVirus\SavRoam.exe

22:06:32.0609 2712 SavRoam - ok

22:06:32.0671 2712 SAVRT (21ba125b956a513f85f6ab1dd603f917) C:\Program Files\Symantec AntiVirus\savrt.sys

22:06:32.0734 2712 SAVRT - ok

22:06:32.0796 2712 SAVRTPEL (0f8e1c05fc1298f8e7cea935429f66ff) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

22:06:32.0828 2712 SAVRTPEL - ok

22:06:33.0140 2712 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

22:06:33.0546 2712 SCardSvr - ok

22:06:33.0828 2712 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

22:06:33.0984 2712 Schedule - ok

22:06:34.0078 2712 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

22:06:34.0359 2712 sdbus - ok

22:06:34.0812 2712 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

22:06:35.0015 2712 Secdrv - ok

22:06:35.0234 2712 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

22:06:35.0406 2712 seclogon - ok

22:06:35.0812 2712 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

22:06:36.0000 2712 SENS - ok

22:06:36.0343 2712 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

22:06:36.0515 2712 Serial - ok

22:06:36.0906 2712 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

22:06:37.0203 2712 Sfloppy - ok

22:06:37.0531 2712 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

22:06:37.0718 2712 SharedAccess - ok

22:06:38.0000 2712 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

22:06:38.0062 2712 ShellHWDetection - ok

22:06:38.0125 2712 Simbad - ok

22:06:38.0250 2712 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

22:06:38.0531 2712 sisagp - ok

22:06:38.0687 2712 SNDSrvc (262c62aa7e74e7cdc0bd8926741b6a60) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

22:06:38.0734 2712 SNDSrvc - ok

22:06:39.0109 2712 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

22:06:39.0281 2712 Sparrow - ok

22:06:39.0500 2712 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

22:06:39.0640 2712 SPBBCDrv - ok

22:06:39.0937 2712 SPBBCSvc (ea07435c72a8534c3a8e02d87246e546) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

22:06:40.0234 2712 SPBBCSvc - ok

22:06:40.0593 2712 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

22:06:40.0828 2712 splitter - ok

22:06:41.0125 2712 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

22:06:41.0218 2712 Spooler - ok

22:06:41.0328 2712 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

22:06:41.0609 2712 sr - ok

22:06:41.0828 2712 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

22:06:42.0000 2712 srservice - ok

22:06:42.0218 2712 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

22:06:42.0343 2712 Srv - ok

22:06:42.0781 2712 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys

22:06:42.0812 2712 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning

22:06:42.0812 2712 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)

22:06:42.0921 2712 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

22:06:43.0187 2712 SSDPSRV - ok

22:06:43.0484 2712 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys

22:06:43.0515 2712 ssrtln ( UnsignedFile.Multi.Generic ) - warning

22:06:43.0515 2712 ssrtln - detected UnsignedFile.Multi.Generic (1)

22:06:43.0687 2712 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

22:06:44.0015 2712 stisvc - ok

22:06:44.0328 2712 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

22:06:44.0500 2712 swenum - ok

22:06:45.0000 2712 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

22:06:45.0250 2712 swmidi - ok

22:06:45.0515 2712 SwPrv - ok

22:06:46.0093 2712 Symantec AntiVirus (85ecc034b4dec0b3640c2d72509c03be) C:\Program Files\Symantec AntiVirus\Rtvscan.exe

22:06:46.0875 2712 Symantec AntiVirus - ok

22:06:47.0265 2712 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

22:06:47.0562 2712 symc810 - ok

22:06:47.0968 2712 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

22:06:48.0125 2712 symc8xx - ok

22:06:48.0343 2712 SymEvent (9c4737086dee2d302d5d2d69478f6611) C:\Program Files\Symantec\SYMEVENT.SYS

22:06:48.0453 2712 SymEvent - ok

22:06:48.0921 2712 SYMREDRV (c1bbd1d20acc5ecadca086228ad52bdd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

22:06:48.0953 2712 SYMREDRV - ok

22:06:49.0218 2712 SYMTDI (9bf7fddab95f8aabc361774dc844f755) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

22:06:49.0265 2712 SYMTDI - ok

22:06:49.0640 2712 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

22:06:49.0859 2712 sym_hi - ok

22:06:50.0281 2712 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

22:06:50.0453 2712 sym_u3 - ok

22:06:50.0890 2712 SynTP (0f332c0ba9b968ebc8cbb906416f8597) C:\WINDOWS\system32\DRIVERS\SynTP.sys

22:06:51.0109 2712 SynTP - ok

22:06:51.0578 2712 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

22:06:51.0828 2712 sysaudio - ok

22:06:52.0250 2712 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

22:06:52.0781 2712 SysmonLog - ok

22:06:53.0140 2712 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

22:06:53.0359 2712 TapiSrv - ok

22:06:53.0859 2712 tbhsd (0a396237c3c4164de12d7c26450bd69c) C:\WINDOWS\system32\drivers\tbhsd.sys

22:06:53.0890 2712 tbhsd - ok

22:06:54.0343 2712 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

22:06:54.0625 2712 Tcpip - ok

22:06:55.0203 2712 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

22:06:55.0453 2712 TDPIPE - ok

22:06:56.0265 2712 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

22:06:56.0515 2712 TDTCP - ok

22:06:56.0984 2712 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

22:06:57.0359 2712 TermDD - ok

22:06:57.0765 2712 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

22:06:57.0968 2712 TermService - ok

22:06:58.0703 2712 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys

22:06:58.0750 2712 tfsnboio ( UnsignedFile.Multi.Generic ) - warning

22:06:58.0750 2712 tfsnboio - detected UnsignedFile.Multi.Generic (1)

22:06:59.0171 2712 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys

22:06:59.0218 2712 tfsncofs ( UnsignedFile.Multi.Generic ) - warning

22:06:59.0218 2712 tfsncofs - detected UnsignedFile.Multi.Generic (1)

22:06:59.0687 2712 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys

22:06:59.0734 2712 tfsndrct ( UnsignedFile.Multi.Generic ) - warning

22:06:59.0734 2712 tfsndrct - detected UnsignedFile.Multi.Generic (1)

22:07:00.0171 2712 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys

22:07:00.0250 2712 tfsndres ( UnsignedFile.Multi.Generic ) - warning

22:07:00.0250 2712 tfsndres - detected UnsignedFile.Multi.Generic (1)

22:07:00.0890 2712 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys

22:07:00.0921 2712 tfsnifs ( UnsignedFile.Multi.Generic ) - warning

22:07:00.0921 2712 tfsnifs - detected UnsignedFile.Multi.Generic (1)

22:07:01.0390 2712 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys

22:07:01.0468 2712 tfsnopio ( UnsignedFile.Multi.Generic ) - warning

22:07:01.0468 2712 tfsnopio - detected UnsignedFile.Multi.Generic (1)

22:07:02.0093 2712 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys

22:07:02.0140 2712 tfsnpool ( UnsignedFile.Multi.Generic ) - warning

22:07:02.0140 2712 tfsnpool - detected UnsignedFile.Multi.Generic (1)

22:07:02.0343 2712 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys

22:07:02.0390 2712 tfsnudf ( UnsignedFile.Multi.Generic ) - warning

22:07:02.0390 2712 tfsnudf - detected UnsignedFile.Multi.Generic (1)

22:07:02.0656 2712 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys

22:07:02.0687 2712 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning

22:07:02.0687 2712 tfsnudfa - detected UnsignedFile.Multi.Generic (1)

22:07:03.0109 2712 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

22:07:03.0187 2712 Themes - ok

22:07:03.0546 2712 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\WINDOWS\system32\drivers\tifm21.sys

22:07:03.0796 2712 tifm21 - ok

22:07:04.0187 2712 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

22:07:04.0640 2712 TlntSvr - ok

22:07:05.0031 2712 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

22:07:05.0265 2712 TosIde - ok

22:07:05.0578 2712 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

22:07:05.0796 2712 TrkWks - ok

22:07:06.0328 2712 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

22:07:06.0609 2712 Udfs - ok

22:07:07.0109 2712 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

22:07:07.0359 2712 ultra - ok

22:07:07.0906 2712 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

22:07:08.0421 2712 Update - ok

22:07:08.0828 2712 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

22:07:09.0125 2712 upnphost - ok

22:07:09.0531 2712 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

22:07:09.0718 2712 UPS - ok

22:07:10.0218 2712 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

22:07:10.0406 2712 usbccgp - ok

22:07:10.0890 2712 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

22:07:11.0140 2712 usbehci - ok

22:07:11.0500 2712 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

22:07:11.0828 2712 usbhub - ok

22:07:12.0390 2712 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

22:07:12.0625 2712 usbprint - ok

22:07:13.0109 2712 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

22:07:13.0296 2712 usbscan - ok

22:07:13.0859 2712 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

22:07:14.0031 2712 USBSTOR - ok

22:07:14.0578 2712 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

22:07:14.0765 2712 usbuhci - ok

22:07:15.0156 2712 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys

22:07:15.0343 2712 USB_RNDIS_XP - ok

22:07:15.0921 2712 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

22:07:16.0093 2712 VgaSave - ok

22:07:16.0609 2712 vgqt - ok

22:07:17.0015 2712 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

22:07:17.0203 2712 viaagp - ok

22:07:18.0156 2712 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

22:07:18.0375 2712 ViaIde - ok

22:07:18.0859 2712 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

22:07:19.0046 2712 VolSnap - ok

22:07:19.0484 2712 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

22:07:19.0703 2712 VSS - ok

22:07:20.0156 2712 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

22:07:20.0500 2712 W32Time - ok

22:07:21.0390 2712 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys

22:07:22.0437 2712 w39n51 - ok

22:07:22.0906 2712 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

22:07:23.0156 2712 Wanarp - ok

22:07:23.0531 2712 WDICA - ok

22:07:24.0156 2712 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

22:07:24.0437 2712 wdmaud - ok

22:07:24.0937 2712 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

22:07:25.0218 2712 WebClient - ok

22:07:25.0765 2712 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

22:07:26.0187 2712 winachsf - ok

22:07:26.0656 2712 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

22:07:26.0906 2712 winmgmt - ok

22:07:27.0250 2712 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

22:07:27.0437 2712 WmdmPmSN - ok

22:07:27.0953 2712 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

22:07:28.0671 2712 Wmi - ok

22:07:29.0343 2712 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

22:07:29.0593 2712 WmiAcpi - ok

22:07:30.0187 2712 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

22:07:30.0437 2712 WmiApSrv - ok

22:07:30.0875 2712 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

22:07:32.0265 2712 WMPNetworkSvc - ok

22:07:33.0093 2712 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

22:07:33.0218 2712 WpdUsb - ok

22:07:33.0953 2712 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

22:07:34.0250 2712 wuauserv - ok

22:07:34.0859 2712 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

22:07:35.0140 2712 WudfPf - ok

22:07:35.0671 2712 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

22:07:35.0796 2712 WudfRd - ok

22:07:36.0328 2712 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

22:07:36.0406 2712 WudfSvc - ok

22:07:37.0031 2712 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

22:07:37.0546 2712 WZCSVC - ok

22:07:38.0109 2712 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

22:07:38.0531 2712 xmlprov - ok

22:07:38.0578 2712 MBR (0x1B8) (5ae5a393505cffd37fe98c4a7922908d) \Device\Harddisk0\DR0

22:07:41.0750 2712 \Device\Harddisk0\DR0 - ok

22:07:41.0796 2712 Boot (0x1200) (98a636ae3e4f342f3ff8dd1bc992beb5) \Device\Harddisk0\DR0\Partition0

22:07:41.0875 2712 \Device\Harddisk0\DR0\Partition0 - ok

22:07:41.0906 2712 Boot (0x1200) (339e06fc4e8fa3271ebe9ab4b803b5fa) \Device\Harddisk0\DR0\Partition1

22:07:41.0921 2712 \Device\Harddisk0\DR0\Partition1 - ok

22:07:41.0921 2712 ============================================================

22:07:41.0921 2712 Scan finished

22:07:41.0921 2712 ============================================================

22:07:42.0109 2700 Detected object count: 23

22:07:42.0109 2700 Actual detected object count: 23

22:09:10.0843 2700 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0843 2700 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0843 2700 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0843 2700 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0859 2700 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0859 2700 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0859 2700 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0859 2700 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0859 2700 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0859 2700 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0859 2700 hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0859 2700 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0859 2700 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0859 2700 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0875 2700 IPSec ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0875 2700 IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0875 2700 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0875 2700 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0875 2700 MHN ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0875 2700 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0875 2700 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0875 2700 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0875 2700 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0875 2700 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0875 2700 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0875 2700 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0875 2700 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0875 2700 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0890 2700 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0890 2700 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0890 2700 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0890 2700 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0890 2700 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0890 2700 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0906 2700 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0906 2700 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0906 2700 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0906 2700 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0921 2700 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0921 2700 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0921 2700 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0921 2700 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0921 2700 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0921 2700 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:09:10.0921 2700 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user

22:09:10.0921 2700 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Thanks for your information!

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites
BekkiT

BekkiT

Posted
  • Author
Posted

Just a head's up, I'm running this right now and it got a bit weird on me during the part where it checks for system restore console. I got the message:

16 bit MS-DOS subsystem

NTVDM has encountered a System error

The handle is invalid.

Choose "Close" to terminate the application.

I clicked close over ignore and apparently that was wrong and it interpreted it as me saying no to the EULA, so it didn't install the system restore console. So, we may need to go through this rigamarole again if that messed it up.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted
I clicked close over ignore and apparently that was wrong and it interpreted it as me saying no to the EULA, so it didn't install the system restore console.

Maybe you mean Recovery Console. You should install it. Please manually delete your ComboFix copy, reboot your system, download a new fresh copy and run ComboFix again.

Link to post
Share on other sites
BekkiT

BekkiT

Posted
  • Author
Posted

Ah, okay. It never gave me the EULA thing, and instead gave me that error message. If I get that message again, should I choose ignore instead then?

Well, here are the logs from the one I ran last night (it was already in progress when I posted that, so I figured it was better to just leave it be). It definitely found stuff. Right after it started running it gave me the message "You're infected with Rootkit.ZeroAccess in the TCP/IP stack. This is a particularly difficult infection." Also, I just noticed in the log here that it said my antivirus was still on, but I definitely disabled it, so I'm not sure what's up with that.

I'll reinstall ComboFix and run it again when I get home this evening.

ComboFix 12-04-18.02 - Bekki 04/18/2012 22:43:48.1.2 - x86

Running from: c:\documents and settings\Bekki\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\$NtUninstallKB29010$\3244022866

c:\windows\$NtUninstallKB29010$\3672091533\@

c:\windows\$NtUninstallKB29010$\3672091533\cfg.ini

c:\windows\$NtUninstallKB29010$\3672091533\Desktop.ini

c:\windows\$NtUninstallKB29010$\3672091533\L\pzofaiii

c:\windows\$NtUninstallKB29010$\3672091533\oemid

c:\windows\$NtUninstallKB29010$\3672091533\U\00000001.@

c:\windows\$NtUninstallKB29010$\3672091533\U\00000002.@

c:\windows\$NtUninstallKB29010$\3672091533\U\00000004.@

c:\windows\$NtUninstallKB29010$\3672091533\U\80000000.@

c:\windows\$NtUninstallKB29010$\3672091533\U\80000004.@

c:\windows\$NtUninstallKB29010$\3672091533\U\80000032.@

c:\windows\$NtUninstallKB29010$\3672091533\version

c:\windows\system32\atchksrv.dll

c:\windows\system32\dds_trash_log.cmd

c:\windows\system32\lxcr_device.dll

c:\windows\system32\mfcom.dll

c:\windows\system32\ssrtln.dll

D:\Autorun.inf

c:\windows\$NtUninstallKB29010$ . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))

.

.

2012-04-19 02:29 . 2012-04-19 02:31 -------- dc-h--w- c:\windows\ie8

2012-04-17 10:30 . 2012-04-17 10:30 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2012-04-17 10:30 . 2012-04-17 10:30 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2012-04-15 22:50 . 2012-04-17 09:37 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-04-15 11:34 . 2012-04-15 11:34 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2012-04-15 00:44 . 2012-04-15 00:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2012-04-14 23:14 . 2012-04-14 23:14 -------- d-----w- c:\documents and settings\Bekki\Local Settings\Application Data\{8D32E57F-8687-11E1-826D-B8AC6F996F26}

2012-04-14 23:13 . 2012-04-14 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F0E00014CA61F8F9249D151FC4E

2012-04-14 02:09 . 2012-04-14 02:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-13 07:41 . 2012-03-20 07:53 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{90763566-D4B3-41BF-BA9D-F81B4F980BE7}\mpengine.dll

2012-04-13 07:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-04-13 07:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 19:56 . 2009-04-11 03:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-29 14:10 . 2004-08-10 15:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-10 15:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-23 14:18 . 2009-10-02 21:01 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-03 09:22 . 2004-08-10 15:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2007-07-26 20:01 . 2008-04-20 00:47 114688 ----a-w- c:\program files\internet explorer\plugins\ChimeShim.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

.

.

.

[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys

[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[7] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

.

[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys

[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

[-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB912436$\ndis.sys

.

[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys

[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

.

[7] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

.

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys

[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys

[-] 2006-01-14 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys

[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2005-05-26 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[-] 2005-05-26 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys

[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

.

[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll

[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll

[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

.

[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe

[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

.

[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll

[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll

[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2004-08-10 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

.

[7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll

[7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll

[-] 2004-08-10 15:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll

.

[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll

[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll

[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

.

[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll

[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll

[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll

[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll

[-] 2005-04-29 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll

[-] 2005-04-29 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll

[-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\rpcss.dll

[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll

[-] 2004-08-10 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\rpcss.dll

.

[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe

[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe

[7] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe

[-] 2004-08-10 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

.

[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe

[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe

[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

[-] 2005-06-11 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2004-08-10 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

.

[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe

[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

.

[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe

[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[7] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe

.

[7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys

[-] 2008-04-13 19:19 . D4572221F148C59F215B9A5B4A1AFFDB . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys

[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys

.

[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll

[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll

[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[-] 2004-08-10 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[7] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2004-08-10 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

.

[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll

[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

.

[7] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll

[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll

[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

[7] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[7] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll

[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll

[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll

[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll

[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

[-] 2004-08-10 15:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

.

[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll

[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

.

[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll

[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll

[7] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll

[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll

[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll

[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll

[-] 2004-08-10 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

.

[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll

[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll

[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2004-08-10 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

.

[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll

[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

.

[7] 2012-03-01 . DCA84E94D0114502A51AAD4CF8A89EAA . 3616768 . . [7.00.6000.17109] . . c:\windows\ie8\mshtml.dll

[7] 2012-03-01 . DCA84E94D0114502A51AAD4CF8A89EAA . 3616768 . . [7.00.6000.17109] . . c:\windows\SoftwareDistribution\Download\b1344a8b9ac6e0d3d22c7b37d5554b70\sp3gdr\mshtml.dll

[7] 2012-03-01 . 235C7C94F2422748D3AC2E0C91EA7CDE . 3619328 . . [7.00.6000.21311] . . c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\mshtml.dll

[7] 2012-03-01 . 235C7C94F2422748D3AC2E0C91EA7CDE . 3619328 . . [7.00.6000.21311] . . c:\windows\SoftwareDistribution\Download\b1344a8b9ac6e0d3d22c7b37d5554b70\sp3qfe\mshtml.dll

[7] 2011-09-05 . 56A67300C652CDF66E575B707F8B9397 . 3615744 . . [7.00.6000.17104] . . c:\windows\ie7updates\KB2675157-IE7\mshtml.dll

[7] 2011-08-18 . 06B74A61A6D689DB2F8D2DA56194EDCF . 3617792 . . [7.00.6000.21306] . . c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\mshtml.dll

[7] 2010-06-24 . 0FB7E2774BD643C181D673426AF3F62A . 3603968 . . [7.00.6000.21283] . . c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\mshtml.dll

[7] 2010-06-24 . E716E9EBCFFFFE45264CE6A1FC135B4B . 3600896 . . [7.00.6000.17080] . . c:\windows\ie7updates\KB2586448-IE7\mshtml.dll

[7] 2010-03-11 . 94359CD5BB6AC1CC08088F4A4091FF1E . 3599872 . . [7.00.6000.17023] . . c:\windows\ie7updates\KB2183461-IE7\mshtml.dll

[7] 2010-03-11 . 9289EBB759293A1381AB0C326A115AEC . 3602944 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mshtml.dll

[7] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\mshtml.dll

[7] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll

[7] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll

[7] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll

[-] 2009-10-22 . CDA69BC1C23B0EA033B989F67CB722FF . 5939712 . . [8.00.6001.18852] . . c:\windows\SoftwareDistribution\Download\8f999a6add48b449a8ea8c09fb44cb0c\SP3GDR\mshtml.dll

[-] 2009-10-22 . A6CF28C6E0B6D10098AB601D85EE55E8 . 5943296 . . [8.00.6001.22942] . . c:\windows\SoftwareDistribution\Download\8f999a6add48b449a8ea8c09fb44cb0c\SP3QFE\mshtml.dll

[7] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll

[7] 2009-10-21 . E6453EE08B283419171889786D057A75 . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll

[7] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll

[7] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll

.

[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll

[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll

[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[7] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2004-08-10 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

.

[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll

[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll

[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll

[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[7] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

[7] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll

[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll

[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll

[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll

[-] 2004-08-10 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

.

[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll

[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll

[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

.

[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll

[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

.

[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll

[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

.

[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll

[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

.

[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe

[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe

[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

.

[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll

[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll

[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll

[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2004-08-10 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

.

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll

[-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

.

[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe

[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

.

[7] 2012-03-01 . 64180153EB892153B14FE5F56F68FA3A . 832512 . . [7.00.6000.17109] . . c:\windows\ie8\wininet.dll

[7] 2012-03-01 . 64180153EB892153B14FE5F56F68FA3A . 832512 . . [7.00.6000.17109] . . c:\windows\SoftwareDistribution\Download\b1344a8b9ac6e0d3d22c7b37d5554b70\sp3gdr\wininet.dll

[7] 2012-03-01 . 250D98BE880626148704345445EA272D . 841216 . . [7.00.6000.21311] . . c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\wininet.dll

[7] 2012-03-01 . 250D98BE880626148704345445EA272D . 841216 . . [7.00.6000.21311] . . c:\windows\SoftwareDistribution\Download\b1344a8b9ac6e0d3d22c7b37d5554b70\sp3qfe\wininet.dll

[7] 2011-08-17 . 3688E2BBE543CC753809E462C3553188 . 832512 . . [7.00.6000.17103] . . c:\windows\ie7updates\KB2675157-IE7\wininet.dll

[7] 2011-08-17 . 6E388A1A8AA9EF62E6252530549940C1 . 841216 . . [7.00.6000.21306] . . c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\wininet.dll

[7] 2010-06-24 . 2E5F7848F3FEECC1F3915A64C0AD0FA8 . 841216 . . [7.00.6000.21283] . . c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\wininet.dll

[7] 2010-06-24 . 473A87B1DD8941FFE9315CFE6A13B354 . 832512 . . [7.00.6000.17080] . . c:\windows\ie7updates\KB2586448-IE7\wininet.dll

[7] 2010-03-11 . B6AB2EB1DA4BB29079B84AC842520670 . 832512 . . [7.00.6000.17023] . . c:\windows\ie7updates\KB2183461-IE7\wininet.dll

[7] 2010-03-11 . 7F6A9D2F3CAA7780AAFD478BF3411462 . 841216 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\wininet.dll

[7] 2010-01-05 . 21E7890F1EC89BEF0AF7C08D730AE317 . 832512 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\wininet.dll

[7] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll

[7] 2009-10-29 . 7C599DEC022BEF6E3C9F4DB4FC164E8B . 832512 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\wininet.dll

[7] 2009-10-29 . CA5CB4F174592090FBECFEAD9B51BB90 . 841216 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll

[7] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll

[7] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976325-IE7\wininet.dll

[7] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll

[7] 2009-07-03 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806] . . c:\windows\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\SP3GDR\wininet.dll

[7] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll

[7] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\SP3QFE\wininet.dll

[7] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll

[7] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll

[7] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll

[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll

[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\wininet.dll

[7] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll

[7] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll

[7] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll

[7] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll

[7] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll

[7] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll

[7] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll

[7] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll

[7] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll

[7] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll

[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\SoftwareDistribution\Download\f4bbe93413da6448b38093eb5244141e\SP2GDR\wininet.dll

[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\SoftwareDistribution\Download\f4bbe93413da6448b38093eb5244141e\SP2QFE\wininet.dll

[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll

[7] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll

[7] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

.

[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll

[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

.

[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll

[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll

[-] 2004-08-10 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll

.

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

.

[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe

[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe

[-] 2004-08-10 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe

.

[7] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\SoftwareDistribution\Download\1dfa26aa7c55425acf0fd8a07e6aaee7\sp3gdr\ole32.dll

[7] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll

[7] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll

[7] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll

[7] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\SoftwareDistribution\Download\1dfa26aa7c55425acf0fd8a07e6aaee7\sp3qfe\ole32.dll

[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll

[7] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll

[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll

[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll

[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll

[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll

[-] 2005-04-29 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll

[-] 2005-04-29 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll

[-] 2005-01-14 . ABDEF60CED7C04AB35A415EFB6B96D81 . 1285120 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\ole32.dll

[-] 2005-01-14 . 2E752611C9A9AE1B6BFD0DA03CF7F17E . 1284608 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\ole32.dll

[-] 2004-08-10 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\ole32.dll

.

[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll

[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll

[7] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll

[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll

[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll

[-] 2004-08-10 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll

.

[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll

[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll

[7] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll

[7] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ReinstallBackups\0017\DriverFiles\i386\ksuser.dll

.

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

.

[7] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll

[7] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll

[7] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll

[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll

[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll

[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll

[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

[-] 2004-08-10 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

.

[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll

[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB888402$\srsvc.dll

.

[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe

[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

.

[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll

[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

.

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll

[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

.

[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll

[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

.

[7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys

[-] 2008-04-13 19:19 . D4572221F148C59F215B9A5B4A1AFFDB . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys

[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys

.

[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll

[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll

[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

.

[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll

[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll

[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

.

[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll

[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

.

[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll

[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll

[-] 2005-03-10 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

.

[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll

[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll

[-] 2004-08-10 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll

.

[7] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll

[7] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll

[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

.

[7] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

.

[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys

[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys

[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys

[7] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

.

[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys

[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

[7] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys

.

[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys

[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

.

[7] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll

[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll

[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll

[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll

[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll

[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll

[-] 2004-08-10 15:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

.

[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll

[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

.

[7] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

[7] 2005-08-04 10:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

[7] 2005-08-04 10:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[7] 2004-08-10 15:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

.

[7] 2011-10-25 . DB19FFF0C805664CB95062C027B11FE9 . 2069376 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe

[7] 2011-10-25 . DB19FFF0C805664CB95062C027B11FE9 . 2069376 . . [5.1.2600.6165] . . c:\windows\SoftwareDistribution\Download\bbdccbfd5870508d129e9b482b642cbf\sp3qfe\ntkrnlpa.exe

[7] 2011-10-25 . CE1A2FEDBD001ECDC5AD1975AFAD040A . 2069376 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[7] 2011-10-25 . CE1A2FEDBD001ECDC5AD1975AFAD040A . 2069376 . . [5.1.2600.6165] . . c:\windows\SoftwareDistribution\Download\bbdccbfd5870508d129e9b482b642cbf\sp3gdr\ntkrnlpa.exe

[7] 2011-10-25 . CE1A2FEDBD001ECDC5AD1975AFAD040A . 2069376 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2011-10-25 . 36CAC3C8C4C10F4E21BFEABBFE7ACFFC . 2027008 . . [5.1.2600.6165] . . c:\windows\system32\ntkrnlpa.exe

[7] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe

[7] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe

[7] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe

[7] 2010-04-27 . 49E936E1398D1A536E84CD5D068F0F09 . 2024448 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe

[7] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe

[7] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe

[7] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe

[7] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe

[7] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe

[7] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe

[7] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe

[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[7] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

[7] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe

.

[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll

[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll

[-] 2004-08-10 15:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

.

[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll

[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll

[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll

[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll

[-] 2004-08-10 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll

.

[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll

[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll

[-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll

.

[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll

[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll

[-] 2004-08-10 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll

.

[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll

[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll

[-] 2004-08-10 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll

.

[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll

[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll

[-] 2004-08-10 15:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll

.

[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll

[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll

[-] 2004-08-10 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll

.

[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll

[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

[-] 2004-08-10 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll

.

[7] 2012-02-29 . 50BA6A230D743A4D33BFFA2FA1113055 . 634680 . . [7.00.6000.17109] . . c:\windows\ie8\iexplore.exe

[7] 2012-02-29 . 50BA6A230D743A4D33BFFA2FA1113055 . 634680 . . [7.00.6000.17109] . . c:\windows\SoftwareDistribution\Download\b1344a8b9ac6e0d3d22c7b37d5554b70\sp3gdr\iexplore.exe

[7] 2012-02-29 . DF642AABFDACE36E3B4329091A07DE87 . 634680 . . [7.00.6000.21311] . . c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\iexplore.exe

[7] 2012-02-29 . DF642AABFDACE36E3B4329091A07DE87 . 634680 . . [7.00.6000.21311] . . c:\windows\SoftwareDistribution\Download\b1344a8b9ac6e0d3d22c7b37d5554b70\sp3qfe\iexplore.exe

[7] 2011-08-17 . 6A1D755C68C10863C598C78A597FA7C3 . 634632 . . [7.00.6000.17103] . . c:\windows\ie7updates\KB2675157-IE7\iexplore.exe

[7] 2011-08-17 . CB0AFAF9E5C5FE70EC7087E71275DD33 . 634632 . . [7.00.6000.21306] . . c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\iexplore.exe

[7] 2010-06-17 . 203E897F843D56496E2CC101DFF6CE34 . 634656 . . [7.00.6000.17080] . . c:\windows\ie7updates\KB2586448-IE7\iexplore.exe

[7] 2010-06-17 . B0BC6DC9C9277250C5C8F7B7A48A02CC . 634648 . . [7.00.6000.21283] . . c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\iexplore.exe

[7] 2010-02-23 . B5116340B84824DDD0A641E36B126194 . 634648 . . [7.00.6000.17023] . . c:\windows\ie7updates\KB2183461-IE7\iexplore.exe

[7] 2010-02-23 . C8DDA4028065D5CE39CBE7A156B72AB9 . 634648 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iexplore.exe

[7] 2009-12-18 . 53C291F3B01EECECBD7FD358EA3ACC94 . 634648 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\iexplore.exe

[7] 2009-12-18 . D19E56D5930C37CF211867DF450C372A . 634632 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iexplore.exe

[7] 2009-10-28 . 80675329E0FD54F016C4F8A83C616349 . 634632 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iexplore.exe

[7] 2009-10-28 . 4F9B04D546C23A295F3F0AE015BE51DB . 634632 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\iexplore.exe

[7] 2009-08-27 . F232BA9F39BC0F722672C7E79E68EBEA . 634648 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976325-IE7\iexplore.exe

[7] 2009-08-27 . 332EC7562F3AA7364F2D4231C56DA986 . 634648 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iexplore.exe

[7] 2009-06-29 . 02E2754D3E566C11A4934825920C47DD . 634632 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe

[7] 2009-04-25 . 092A7F2B49A19ECCE5369D3CB2276148 . 636088 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB974455-IE7\iexplore.exe

[7] 2009-04-25 . C0503FD8D163652735C1EE900672A75C . 636088 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe

[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe

[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe

[7] 2009-02-28 . A251068640DDB69FD7805B57D89D7FF7 . 636072 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\iexplore.exe

[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe

[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe

[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe

[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe

[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe

[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe

[7] 2008-06-23 . 64E376A47763DAEABCDA14BD5B6EA286 . 625664 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe

[7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe

[-] 2008-04-22 . 197B7E4030CFBD8D2979D375E1787AA2 . 625664 . . [7.00.6000.20815] . . c:\windows\SoftwareDistribution\Download\f4bbe93413da6448b38093eb5244141e\SP2QFE\iexplore.exe

[-] 2008-04-22 . 232B22817B90AE0AFF2D189E3E3735AC . 625664 . . [7.00.6000.16674] . . c:\windows\SoftwareDistribution\Download\f4bbe93413da6448b38093eb5244141e\SP2GDR\iexplore.exe

[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe

[7] 2008-02-29 . 2D0E5592AB5A46C27DAF7CCAFF4F5B59 . 625664 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB953838-IE7\iexplore.exe

[7] 2008-02-22 . 6E0888626E0CAC79F57149814E22DB4D . 625664 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe

[7] 2007-12-06 . 2703D940A62B731AA220529DD7331A78 . 625664 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\iexplore.exe

[7] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe

[7] 2007-10-10 . E854D02E4231F704D9BE782A424E6D8B . 625152 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\iexplore.exe

[7] 2007-10-10 . 632BDE0179847234433CA50945442ACB . 625664 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe

[7] 2007-08-17 . 3AC2BC667DA0AF2C968E96E1630F5AB5 . 625152 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\iexplore.exe

[7] 2007-08-17 . 5577D0E3AC2F9F035ACD81B44AF5F511 . 625152 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe

[7] 2007-06-27 . BD8502DFD53FC24FB8D6929DC46B8C2C . 625152 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\iexplore.exe

[7] 2007-06-27 . 275CEE268B9E5D82474C43D5D249D111 . 625152 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\iexplore.exe

[7] 2007-02-28 . D321092F8529CDAE843D6E24E3CAC6CB . 625152 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\iexplore.exe

[7] 2007-02-21 . 683DDE71BCF03B501B912D20CB93B549 . 623616 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB937143-IE7\iexplore.exe

[7] 2007-01-08 . 93A6A4F5293AE19E3B37021AABCF0902 . 623616 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\iexplore.exe

[7] 2006-10-17 . 5334D4461AA92A7B008755FE6D13C5F2 . 622080 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\iexplore.exe

[-] 2004-08-10 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe

.

.

[7] 2011-10-25 . 3B663B9B193D7E1DE39A466020F1FD91 . 2148864 . . [5.1.2600.6165] . . c:\windows\system32\ntoskrnl.exe

[7] 2011-10-25 . F512C662874D7545E5BD8005E6800A44 . 2192768 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe

[7] 2011-10-25 . F512C662874D7545E5BD8005E6800A44 . 2192768 . . [5.1.2600.6165] . . c:\windows\SoftwareDistribution\Download\bbdccbfd5870508d129e9b482b642cbf\sp3qfe\ntoskrnl.exe

[7] 2011-10-25 . 892CDDFF7EF96951B9B0B50974070E47 . 2192768 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[7] 2011-10-25 . 892CDDFF7EF96951B9B0B50974070E47 . 2192768 . . [5.1.2600.6165] . . c:\windows\SoftwareDistribution\Download\bbdccbfd5870508d129e9b482b642cbf\sp3gdr\ntoskrnl.exe

[7] 2011-10-25 . 892CDDFF7EF96951B9B0B50974070E47 . 2192768 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe

[7] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe

[7] 2010-04-27 . 466A3E1239F4A9428797730E81A7A865 . 2146304 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe

[7] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe

[7] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe

[7] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe

[7] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe

[7] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe

[7] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe

[7] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[7] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe

[7] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[7] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe

[7] 2008-08-14 . F6F8245B3A2E9CA834DD318E7AE0C6D0 . 2145280 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[7] 2008-08-14 . 60794EA12961B7341AD54C731B50AE15 . 2142720 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[7] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2007-02-28 . E6679C3023B17D8B78946BC5DF53FA20 . 2137600 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe

[-] 2006-12-19 . 57B9D140E1EB8B0EA06DF927B63B0EEE . 2137600 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe

[-] 2005-10-12 . C5290E302241594B668A378D89FD903E . 2136064 . . [5.1.2600.2774] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe

[-] 2005-09-29 . 25C36DBC46E8EFF2A811769A60715AC5 . 2136064 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB909095$\ntoskrnl.exe

[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[7] 2004-08-04 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896256$\ntoskrnl.exe

.

[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll

[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB888402$\srsvc.dll

.

[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll

[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll

[-] 2004-08-10 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll

.

[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll

[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll

[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll

[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll

[-] 2004-08-10 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll

.

[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll

[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll

[-] 2004-08-10 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll

.

[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll

[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll

[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll

[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll

[-] 2004-08-10 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB920683$\rasadhlp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AIM"="c:\program files\AIM7\aim.exe" [2010-03-08 3972440]

"Steam"="c:\program files\Steam\Steam.exe" [2012-04-14 1242448]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]

"SansaDispatch"="c:\documents and settings\Bekki\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-01-27 79872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-03 61952]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]

"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-14 94208]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\Ruckus Player\\Ruckus.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\AIM7\\aim.exe"=

.

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/13/2012 8:58 PM 106104]

S0 anwe;anwe;c:\windows\system32\drivers\owjiyidt.sys --> c:\windows\system32\drivers\owjiyidt.sys [?]

S0 vgqt;vgqt;c:\windows\system32\drivers\prhjp.sys --> c:\windows\system32\drivers\prhjp.sys [?]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/15/2012 6:50 PM 32072]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 2:27 PM 169200]

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

Rasman

pgpsdkservice

oracleorahome92pagingserver

AR5416

netcfgsvr

mcstrm

aic116x

iisadmin

veteboot

ggsemc

cvintdrv

se59mgmt

R300

irmon

viairda

xnacc

ghostsec

license

fsaua

SiSRaid2

PciBus

stylexpservice

MA8032M

zmxpzip

s616mdfl

as32svc

rt2870

DfwWebAgent

nvcap

tosrfsnd

BUFADPT

rnadiagreceiver

isamsmt

rrrspy

motoswitchservice

PGPwded

roxupnprenderer

xusb21

wlancfg

oracle%oracle_home_service%clientcache80

efs

MREMPR5

cfosspeed

pdlndtdl

jukebox3

lckfldservice

AmdLLD

ozoneinstallerservice

lmab_device

KMW_USB

iaimtv4

upsmonservice

allegro

ithsgt

LoopBeMidi1

rootmodem

iam

bdfsdrv

se44mdm

USBModem

avgascln

roxwatch9

DSI_SiUSBXp_3_1

mysqlinventime

rxfilter

ypcservice

DellAMBrokerService

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

wscsvc

xmlprov

MHN

BITS

wuauserv

ShellHWDetection

helpsvc

WmdmPmSN

napagent

hkmsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]

2008-02-08 14:53 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

.

2010-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2012-04-14 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-10-06 03:11]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

FF - ProfilePath - c:\documents and settings\Bekki\Application Data\Mozilla\Firefox\Profiles\6s20yl0r.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Translate This!: {8D32E57F-8687-11E1-826D-B8AC6F996F26} - c:\documents and settings\Bekki\Local Settings\Application Data\{8D32E57F-8687-11E1-826D-B8AC6F996F26}

FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

SafeBoot-WinDefend

AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe

AddRemove-Smart Fortress 2012 - c:\documents and settings\All Users\Application Data\F4D55F0E00014CA61F8F9249D151FC4E\F4D55F0E00014CA61F8F9249D151FC4E.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-18 23:20

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????\??????(?@???????@

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SansaDispatch = c:\documents and settings\Bekki\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?=&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_conten

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1364)

c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\HP\Digital Imaging\bin\hpqimzone.exe

c:\windows\system32\msdtc.exe

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

c:\windows\eHome\ehmsas.exe

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

.

**************************************************************************

.

Completion time: 2012-04-18 23:40:17 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-19 03:40

.

Pre-Run: 61,513,994,240 bytes free

Post-Run: 62,970,580,992 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

.

- - End Of File - - 8885DF9648047ADA5FBA8091B14C3074

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Before you run ComboFix again, please delete your TDSSKiller copy, download a new fresh one and re-run it with instructions above. Next, post it in your next reply. This is my suggestion now, because there is a new TDSSKiller version, which could find something that older to pass.

Link to post
Share on other sites
BekkiT

BekkiT

Posted
  • Author
Posted

Okay here's my new TDSSKiller log. ComboFix is doing its thing at the moment, but I still couldn't get it to install recovery console. I'm going to try to follow the instructions to manually install it. I'll post the current ComboFix run's log once it finishes, and then new one once I get the console loaded properly.

Since ComboFix mentioned that the infection was in the TCP/IP stack, I'm wondering if this is why both it and Chameleon couldn't get connected.

08:50:44.0812 2932 TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31

08:50:44.0812 2932 ============================================================

08:50:44.0812 2932 Current date / time: 2012/04/20 08:50:44.0812

08:50:44.0812 2932 SystemInfo:

08:50:44.0812 2932

08:50:44.0812 2932 OS Version: 5.1.2600 ServicePack: 3.0

08:50:44.0812 2932 Product type: Workstation

08:50:44.0812 2932 ComputerName: PC139818592325

08:50:44.0828 2932 UserName: Bekki

08:50:44.0828 2932 Windows directory: C:\WINDOWS

08:50:44.0828 2932 System windows directory: C:\WINDOWS

08:50:44.0828 2932 Processor architecture: Intel x86

08:50:44.0828 2932 Number of processors: 2

08:50:44.0828 2932 Page size: 0x1000

08:50:44.0828 2932 Boot type: Normal boot

08:50:44.0828 2932 ============================================================

08:50:47.0406 2932 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

08:50:47.0453 2932 \Device\Harddisk0\DR0:

08:50:47.0453 2932 MBR partitions:

08:50:47.0453 2932 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC1D6A2D

08:50:47.0453 2932 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0xC1D6AAB, BlocksNum 0x1BBB053

08:50:47.0562 2932 C: <-> \Device\Harddisk0\DR0\Partition0

08:50:47.0656 2932 D: <-> \Device\Harddisk0\DR0\Partition1

08:50:47.0656 2932 Initialize success

08:50:47.0656 2932 ============================================================

08:51:18.0296 1272 ============================================================

08:51:18.0296 1272 Scan started

08:51:18.0296 1272 Mode: Manual; SigCheck; TDLFS;

08:51:18.0296 1272 ============================================================

08:51:21.0062 1272 Abiosdsk - ok

08:51:21.0203 1272 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

08:51:27.0296 1272 abp480n5 - ok

08:51:27.0718 1272 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

08:51:27.0984 1272 ACPI - ok

08:51:28.0593 1272 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

08:51:28.0906 1272 ACPIEC - ok

08:51:29.0484 1272 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

08:51:29.0921 1272 adpu160m - ok

08:51:30.0250 1272 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

08:51:30.0421 1272 aec - ok

08:51:30.0796 1272 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

08:51:30.0937 1272 AFD - ok

08:51:31.0328 1272 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

08:51:31.0640 1272 agp440 - ok

08:51:32.0062 1272 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

08:51:32.0250 1272 agpCPQ - ok

08:51:32.0718 1272 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

08:51:32.0843 1272 Aha154x - ok

08:51:33.0265 1272 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

08:51:33.0437 1272 aic78u2 - ok

08:51:33.0734 1272 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

08:51:33.0921 1272 aic78xx - ok

08:51:34.0468 1272 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

08:51:34.0734 1272 Alerter - ok

08:51:35.0218 1272 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

08:51:37.0390 1272 ALG - ok

08:51:38.0312 1272 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

08:51:38.0609 1272 AliIde - ok

08:51:39.0312 1272 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

08:51:39.0609 1272 alim1541 - ok

08:51:40.0140 1272 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

08:51:40.0390 1272 amdagp - ok

08:51:40.0687 1272 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

08:51:40.0812 1272 amsint - ok

08:51:40.0859 1272 anwe - ok

08:51:41.0171 1272 Apple Mobile Device (1961cb10bb48eb4d97e37db6373e9e63) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

08:51:41.0296 1272 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning

08:51:41.0296 1272 Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)

08:51:41.0656 1272 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

08:51:41.0937 1272 AppMgmt - ok

08:51:42.0453 1272 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

08:51:42.0718 1272 Arp1394 - ok

08:51:43.0203 1272 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

08:51:43.0484 1272 asc - ok

08:51:43.0875 1272 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

08:51:43.0968 1272 asc3350p - ok

08:51:44.0359 1272 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

08:51:44.0656 1272 asc3550 - ok

08:51:44.0953 1272 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

08:51:45.0250 1272 aspnet_state - ok

08:51:45.0984 1272 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

08:51:46.0296 1272 AsyncMac - ok

08:51:46.0750 1272 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

08:51:47.0500 1272 atapi - ok

08:51:47.0859 1272 Atdisk - ok

08:51:47.0968 1272 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

08:51:48.0156 1272 Atmarpc - ok

08:51:48.0781 1272 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

08:51:48.0968 1272 AudioSrv - ok

08:51:49.0390 1272 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

08:51:49.0671 1272 audstub - ok

08:51:50.0093 1272 Automatic LiveUpdate Scheduler (7768ce75c5cbf0d8f441ce2bbd806b7f) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

08:51:50.0109 1272 Automatic LiveUpdate Scheduler - ok

08:51:50.0437 1272 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

08:51:50.0687 1272 Beep - ok

08:51:51.0390 1272 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

08:51:52.0781 1272 BITS - ok

08:51:52.0984 1272 Bonjour Service (cfd4c3352e29a8b729536648466e8df5) C:\Program Files\Bonjour\mDNSResponder.exe

08:51:53.0218 1272 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning

08:51:53.0218 1272 Bonjour Service - detected UnsignedFile.Multi.Generic (1)

08:51:53.0625 1272 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

08:51:53.0890 1272 Browser - ok

08:51:54.0250 1272 BTWUSB (7024e11dab9410b31a37547575249dd7) C:\WINDOWS\system32\Drivers\btwusb.sys

08:51:54.0296 1272 BTWUSB ( UnsignedFile.Multi.Generic ) - warning

08:51:54.0296 1272 BTWUSB - detected UnsignedFile.Multi.Generic (1)

08:51:54.0296 1272 catchme - ok

08:51:54.0406 1272 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

08:51:54.0671 1272 cbidf - ok

08:51:54.0984 1272 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

08:51:55.0125 1272 cbidf2k - ok

08:51:55.0468 1272 ccEvtMgr (c8e9f9c289eef55b97ee2c1d245b1af3) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

08:51:55.0562 1272 ccEvtMgr - ok

08:51:55.0765 1272 ccPwdSvc (5c09a042cab7de5a50a7b65f0980d279) C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

08:51:55.0953 1272 ccPwdSvc - ok

08:51:56.0203 1272 ccSetMgr (c70b0215de5cfc5681d536506edb42dd) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

08:51:56.0250 1272 ccSetMgr - ok

08:51:56.0671 1272 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

08:51:56.0843 1272 cd20xrnt - ok

08:51:57.0187 1272 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

08:51:57.0359 1272 Cdaudio - ok

08:51:57.0765 1272 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

08:51:57.0921 1272 Cdfs - ok

08:51:58.0437 1272 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

08:51:58.0984 1272 Cdrom - ok

08:51:59.0359 1272 Changer - ok

08:51:59.0796 1272 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

08:52:00.0000 1272 CiSvc - ok

08:52:00.0500 1272 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

08:52:00.0828 1272 ClipSrv - ok

08:52:01.0265 1272 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:52:01.0500 1272 clr_optimization_v2.0.50727_32 - ok

08:52:02.0265 1272 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

08:52:02.0578 1272 CmBatt - ok

08:52:03.0000 1272 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

08:52:03.0250 1272 CmdIde - ok

08:52:03.0765 1272 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

08:52:04.0046 1272 Compbatt - ok

08:52:04.0531 1272 COMSysApp - ok

08:52:04.0843 1272 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

08:52:05.0156 1272 Cpqarray - ok

08:52:05.0546 1272 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

08:52:05.0718 1272 CryptSvc - ok

08:52:06.0125 1272 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

08:52:06.0375 1272 dac2w2k - ok

08:52:06.0609 1272 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

08:52:06.0781 1272 dac960nt - ok

08:52:06.0953 1272 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

08:52:07.0171 1272 DcomLaunch - ok

08:52:07.0406 1272 DefWatch (1bcfdaff0e5ca8efa32295c94bc864e9) C:\Program Files\Symantec AntiVirus\DefWatch.exe

08:52:07.0421 1272 DefWatch - ok

08:52:07.0812 1272 DellAMBrokerService - ok

08:52:08.0015 1272 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

08:52:08.0265 1272 Dhcp - ok

08:52:08.0875 1272 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

08:52:09.0125 1272 Disk - ok

08:52:09.0390 1272 dmadmin - ok

08:52:09.0625 1272 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

08:52:10.0234 1272 dmboot - ok

08:52:10.0828 1272 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

08:52:11.0140 1272 dmio - ok

08:52:12.0109 1272 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

08:52:12.0453 1272 dmload - ok

08:52:13.0343 1272 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

08:52:13.0640 1272 dmserver - ok

08:52:13.0875 1272 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

08:52:14.0046 1272 DMusic - ok

08:52:14.0140 1272 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

08:52:14.0250 1272 Dnscache - ok

08:52:14.0531 1272 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

08:52:14.0734 1272 Dot3svc - ok

08:52:14.0828 1272 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

08:52:15.0015 1272 dpti2o - ok

08:52:15.0062 1272 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

08:52:15.0218 1272 drmkaud - ok

08:52:15.0453 1272 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys

08:52:15.0484 1272 drvmcdb ( UnsignedFile.Multi.Generic ) - warning

08:52:15.0484 1272 drvmcdb - detected UnsignedFile.Multi.Generic (1)

08:52:15.0578 1272 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys

08:52:15.0593 1272 drvnddm ( UnsignedFile.Multi.Generic ) - warning

08:52:15.0593 1272 drvnddm - detected UnsignedFile.Multi.Generic (1)

08:52:15.0656 1272 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys

08:52:15.0781 1272 E100B - ok

08:52:16.0046 1272 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys

08:52:16.0109 1272 eabfiltr - ok

08:52:16.0187 1272 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys

08:52:16.0234 1272 eabusb - ok

08:52:16.0453 1272 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

08:52:16.0625 1272 EapHost - ok

08:52:16.0921 1272 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

08:52:17.0062 1272 eeCtrl - ok

08:52:17.0421 1272 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe

08:52:17.0656 1272 ehRecvr - ok

08:52:17.0890 1272 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe

08:52:17.0953 1272 ehSched - ok

08:52:18.0234 1272 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

08:52:18.0265 1272 EraserUtilRebootDrv - ok

08:52:18.0546 1272 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

08:52:18.0796 1272 ERSvc - ok

08:52:19.0062 1272 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

08:52:19.0109 1272 Eventlog - ok

08:52:19.0281 1272 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

08:52:19.0359 1272 EventSystem - ok

08:52:19.0734 1272 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

08:52:20.0015 1272 Fastfat - ok

08:52:20.0546 1272 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

08:52:20.0906 1272 FastUserSwitchingCompatibility - ok

08:52:21.0437 1272 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

08:52:21.0609 1272 Fdc - ok

08:52:21.0921 1272 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

08:52:22.0093 1272 Fips - ok

08:52:22.0406 1272 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

08:52:22.0609 1272 FLEXnet Licensing Service - ok

08:52:23.0093 1272 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

08:52:23.0343 1272 Flpydisk - ok

08:52:23.0828 1272 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

08:52:24.0171 1272 FltMgr - ok

08:52:24.0562 1272 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

08:52:24.0625 1272 FontCache3.0.0.0 - ok

08:52:25.0000 1272 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

08:52:25.0312 1272 Fs_Rec - ok

08:52:25.0609 1272 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

08:52:25.0828 1272 Ftdisk - ok

08:52:25.0890 1272 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

08:52:25.0953 1272 GEARAspiWDM - ok

08:52:26.0421 1272 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

08:52:26.0734 1272 Gpc - ok

08:52:27.0015 1272 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys

08:52:27.0109 1272 HBtnKey - ok

08:52:27.0718 1272 HdAudAddService (34af2366ae5ba06626b023c81369039e) C:\WINDOWS\system32\drivers\CHDAud.sys

08:52:27.0968 1272 HdAudAddService - ok

08:52:28.0343 1272 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

08:52:28.0578 1272 HDAudBus - ok

08:52:28.0765 1272 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

08:52:28.0921 1272 helpsvc - ok

08:52:28.0984 1272 HidServ - ok

08:52:29.0093 1272 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

08:52:29.0343 1272 HidUsb - ok

08:52:29.0640 1272 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

08:52:29.0859 1272 hkmsvc - ok

08:52:30.0031 1272 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

08:52:30.0312 1272 hpn - ok

08:52:30.0515 1272 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

08:52:30.0531 1272 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning

08:52:30.0531 1272 hpqwmiex - detected UnsignedFile.Multi.Generic (1)

08:52:31.0046 1272 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

08:52:31.0328 1272 HSFHWAZL - ok

08:52:31.0843 1272 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

08:52:32.0343 1272 HSF_DPV - ok

08:52:32.0859 1272 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

08:52:33.0078 1272 HTTP - ok

08:52:33.0546 1272 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

08:52:33.0828 1272 HTTPFilter - ok

08:52:34.0312 1272 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

08:52:34.0562 1272 i2omgmt - ok

08:52:35.0046 1272 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

08:52:35.0328 1272 i2omp - ok

08:52:35.0796 1272 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

08:52:36.0078 1272 i8042prt - ok

08:52:36.0765 1272 ialm (85d42b7f0dd406adf5e3ec7659a279ec) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

08:52:37.0531 1272 ialm - ok

08:52:38.0078 1272 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

08:52:38.0421 1272 iaStor - ok

08:52:38.0562 1272 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

08:52:38.0765 1272 IDriverT ( UnsignedFile.Multi.Generic ) - warning

08:52:38.0765 1272 IDriverT - detected UnsignedFile.Multi.Generic (1)

08:52:39.0375 1272 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

08:52:39.0781 1272 idsvc - ok

08:52:40.0296 1272 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

08:52:40.0546 1272 Imapi - ok

08:52:40.0875 1272 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

08:52:41.0062 1272 ImapiService - ok

08:52:41.0359 1272 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

08:52:41.0640 1272 ini910u - ok

08:52:42.0046 1272 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

08:52:42.0234 1272 IntelIde - ok

08:52:42.0578 1272 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

08:52:42.0750 1272 intelppm - ok

08:52:43.0109 1272 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

08:52:43.0296 1272 Ip6Fw - ok

08:52:43.0750 1272 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

08:52:43.0953 1272 IpFilterDriver - ok

08:52:44.0500 1272 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

08:52:44.0781 1272 IpInIp - ok

08:52:45.0250 1272 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

08:52:45.0515 1272 IpNat - ok

08:52:45.0875 1272 IPSec (d4572221f148c59f215b9a5b4a1affdb) C:\WINDOWS\system32\DRIVERS\ipsec.sys

08:52:45.0921 1272 IPSec ( UnsignedFile.Multi.Generic ) - warning

08:52:45.0921 1272 IPSec - detected UnsignedFile.Multi.Generic (1)

08:52:45.0984 1272 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

08:52:46.0250 1272 IRENUM - ok

08:52:46.0609 1272 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

08:52:46.0812 1272 isapnp - ok

08:52:46.0984 1272 JavaQuickStarterService (77ac10db097dfd0cd3071465b644d0ab) C:\Program Files\Java\jre6\bin\jqs.exe

08:52:47.0031 1272 JavaQuickStarterService - ok

08:52:47.0343 1272 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

08:52:47.0500 1272 Kbdclass - ok

08:52:47.0671 1272 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

08:52:47.0812 1272 kbdhid - ok

08:52:47.0984 1272 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

08:52:48.0187 1272 kmixer - ok

08:52:48.0515 1272 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

08:52:48.0671 1272 KSecDD - ok

08:52:48.0968 1272 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

08:52:49.0062 1272 lanmanserver - ok

08:52:49.0156 1272 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

08:52:49.0281 1272 lanmanworkstation - ok

08:52:49.0484 1272 lbrtfdc - ok

08:52:49.0640 1272 LightScribeService (5d4b38a8d8525356798f5e560c3a3090) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

08:52:49.0671 1272 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

08:52:49.0671 1272 LightScribeService - detected UnsignedFile.Multi.Generic (1)

08:52:49.0890 1272 LiveUpdate (fb466faa799eace5075fc1de269f0066) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

08:52:50.0250 1272 LiveUpdate - ok

08:52:50.0734 1272 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

08:52:51.0000 1272 LmHosts - ok

08:52:51.0359 1272 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys

08:52:51.0421 1272 mbamchameleon - ok

08:52:51.0515 1272 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe

08:52:51.0640 1272 McrdSvc - ok

08:52:51.0937 1272 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

08:52:51.0984 1272 mdmxsdk - ok

08:52:52.0031 1272 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

08:52:52.0296 1272 Messenger - ok

08:52:52.0546 1272 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll

08:52:52.0593 1272 MHN ( UnsignedFile.Multi.Generic ) - warning

08:52:52.0593 1272 MHN - detected UnsignedFile.Multi.Generic (1)

08:52:52.0703 1272 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

08:52:52.0734 1272 MHNDRV ( UnsignedFile.Multi.Generic ) - warning

08:52:52.0734 1272 MHNDRV - detected UnsignedFile.Multi.Generic (1)

08:52:52.0812 1272 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

08:52:52.0953 1272 mnmdd - ok

08:52:53.0218 1272 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

08:52:53.0390 1272 mnmsrvc - ok

08:52:53.0500 1272 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

08:52:53.0718 1272 Modem - ok

08:52:53.0875 1272 motoswitchservice - ok

08:52:53.0921 1272 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

08:52:54.0078 1272 Mouclass - ok

08:52:54.0203 1272 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

08:52:54.0468 1272 mouhid - ok

08:52:54.0703 1272 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

08:52:54.0875 1272 MountMgr - ok

08:52:55.0062 1272 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys

08:52:55.0281 1272 MQAC - ok

08:52:55.0484 1272 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

08:52:55.0718 1272 mraid35x - ok

08:52:56.0234 1272 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

08:52:56.0468 1272 MRxDAV - ok

08:52:56.0812 1272 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

08:52:57.0000 1272 MRxSmb - ok

08:52:57.0343 1272 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

08:52:57.0593 1272 MSDTC - ok

08:52:58.0015 1272 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

08:52:58.0187 1272 Msfs - ok

08:52:58.0531 1272 MSIServer - ok

08:52:58.0656 1272 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

08:52:58.0859 1272 MSKSSRV - ok

08:52:59.0140 1272 MSMQ (afb909b537aae1beae7bbdb6a36d40b0) C:\WINDOWS\system32\mqsvc.exe

08:52:59.0312 1272 MSMQ - ok

08:52:59.0390 1272 MSMQTriggers (7f955ff3b1bb93376ebe75d5accdc6db) C:\WINDOWS\system32\mqtgsvc.exe

08:52:59.0578 1272 MSMQTriggers - ok

08:52:59.0812 1272 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

08:52:59.0984 1272 MSPCLOCK - ok

08:53:00.0046 1272 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

08:53:00.0203 1272 MSPQM - ok

08:53:00.0234 1272 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

08:53:00.0406 1272 mssmbios - ok

08:53:00.0843 1272 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

08:53:00.0953 1272 Mup - ok

08:53:01.0359 1272 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

08:53:01.0640 1272 napagent - ok

08:53:02.0093 1272 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120413.002\naveng.sys

08:53:02.0140 1272 NAVENG - ok

08:53:02.0656 1272 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120413.002\navex15.sys

08:53:03.0421 1272 NAVEX15 - ok

08:53:03.0781 1272 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

08:53:04.0093 1272 NDIS - ok

08:53:04.0203 1272 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

08:53:04.0296 1272 NdisTapi - ok

08:53:04.0625 1272 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

08:53:04.0781 1272 Ndisuio - ok

08:53:05.0234 1272 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

08:53:05.0437 1272 NdisWan - ok

08:53:05.0593 1272 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

08:53:05.0640 1272 NDProxy - ok

08:53:05.0734 1272 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

08:53:05.0890 1272 NetBIOS - ok

08:53:05.0984 1272 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

08:53:06.0156 1272 NetBT - ok

08:53:06.0218 1272 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

08:53:06.0500 1272 NetDDE - ok

08:53:06.0500 1272 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

08:53:06.0656 1272 NetDDEdsdm - ok

08:53:06.0859 1272 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:53:07.0031 1272 Netlogon - ok

08:53:07.0093 1272 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

08:53:07.0281 1272 Netman - ok

08:53:07.0421 1272 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:53:07.0468 1272 NetTcpPortSharing - ok

08:53:07.0843 1272 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys

08:53:08.0093 1272 NETw3x32 - ok

08:53:08.0453 1272 NETw4x32 (9eb7001200bc53dad5bc531f0e58970e) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

08:53:08.0843 1272 NETw4x32 - ok

08:53:09.0156 1272 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

08:53:09.0312 1272 NIC1394 - ok

08:53:09.0375 1272 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

08:53:09.0421 1272 Nla - ok

08:53:09.0453 1272 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

08:53:09.0609 1272 Npfs - ok

08:53:09.0906 1272 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

08:53:10.0109 1272 Ntfs - ok

08:53:10.0187 1272 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:53:10.0343 1272 NtLmSsp - ok

08:53:10.0671 1272 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

08:53:10.0968 1272 NtmsSvc - ok

08:53:11.0296 1272 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

08:53:11.0546 1272 Null - ok

08:53:11.0843 1272 nvcap - ok

08:53:12.0031 1272 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

08:53:12.0328 1272 NwlnkFlt - ok

08:53:12.0671 1272 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

08:53:12.0843 1272 NwlnkFwd - ok

08:53:13.0250 1272 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

08:53:13.0531 1272 ohci1394 - ok

08:53:13.0953 1272 oracle%oracle_home_service%clientcache80 - ok

08:53:14.0140 1272 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:53:14.0203 1272 ose - ok

08:53:14.0671 1272 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

08:53:14.0937 1272 Parport - ok

08:53:15.0312 1272 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

08:53:15.0515 1272 PartMgr - ok

08:53:15.0953 1272 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

08:53:16.0156 1272 ParVdm - ok

08:53:16.0531 1272 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

08:53:16.0703 1272 PCI - ok

08:53:17.0015 1272 PCIDump - ok

08:53:17.0187 1272 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

08:53:17.0359 1272 PCIIde - ok

08:53:17.0734 1272 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

08:53:17.0921 1272 Pcmcia - ok

08:53:18.0312 1272 PDCOMP - ok

08:53:18.0390 1272 PDFRAME - ok

08:53:18.0468 1272 PDRELI - ok

08:53:18.0703 1272 PDRFRAME - ok

08:53:18.0828 1272 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

08:53:19.0031 1272 perc2 - ok

08:53:19.0375 1272 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

08:53:19.0546 1272 perc2hib - ok

08:53:19.0781 1272 pgpsdkservice - ok

08:53:19.0906 1272 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

08:53:19.0937 1272 PlugPlay - ok

08:53:20.0015 1272 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:53:20.0156 1272 PolicyAgent - ok

08:53:20.0515 1272 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

08:53:20.0781 1272 PptpMiniport - ok

08:53:21.0093 1272 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:53:21.0234 1272 ProtectedStorage - ok

08:53:21.0406 1272 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

08:53:21.0703 1272 PSched - ok

08:53:22.0109 1272 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

08:53:22.0296 1272 Ptilink - ok

08:53:22.0718 1272 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

08:53:22.0750 1272 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

08:53:22.0750 1272 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

08:53:22.0968 1272 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

08:53:23.0250 1272 ql1080 - ok

08:53:23.0656 1272 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

08:53:23.0859 1272 Ql10wnt - ok

08:53:24.0421 1272 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

08:53:24.0703 1272 ql12160 - ok

08:53:25.0281 1272 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

08:53:25.0562 1272 ql1240 - ok

08:53:26.0250 1272 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

08:53:26.0468 1272 ql1280 - ok

08:53:27.0265 1272 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

08:53:27.0531 1272 RasAcd - ok

08:53:27.0984 1272 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

08:53:28.0281 1272 RasAuto - ok

08:53:29.0000 1272 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

08:53:29.0296 1272 Rasl2tp - ok

08:53:29.0859 1272 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

08:53:30.0187 1272 RasMan - ok

08:53:30.0843 1272 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

08:53:31.0156 1272 RasPppoe - ok

08:53:31.0843 1272 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

08:53:32.0250 1272 Raspti - ok

08:53:33.0015 1272 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

08:53:33.0359 1272 Rdbss - ok

08:53:33.0984 1272 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

08:53:36.0156 1272 RDPCDD - ok

08:53:37.0234 1272 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

08:53:37.0656 1272 rdpdr - ok

08:53:38.0562 1272 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

08:53:38.0750 1272 RDPWD - ok

08:53:39.0343 1272 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

08:53:40.0500 1272 RDSessMgr - ok

08:53:41.0109 1272 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

08:53:41.0562 1272 redbook - ok

08:53:42.0234 1272 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

08:53:42.0468 1272 RemoteAccess - ok

08:53:43.0296 1272 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

08:53:43.0578 1272 RemoteRegistry - ok

08:53:44.0656 1272 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys

08:53:44.0781 1272 RMCAST - ok

08:53:45.0265 1272 rnadiagreceiver - ok

08:53:45.0843 1272 roxupnprenderer - ok

08:53:46.0484 1272 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

08:53:46.0890 1272 RpcLocator - ok

08:53:47.0859 1272 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

08:53:48.0093 1272 RpcSs - ok

08:53:48.0656 1272 rrrspy - ok

08:53:49.0296 1272 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

08:53:50.0078 1272 RSVP - ok

08:53:50.0687 1272 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

08:53:50.0937 1272 rtl8139 - ok

08:53:51.0468 1272 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:53:51.0671 1272 SamSs - ok

08:53:52.0000 1272 SavRoam (fe8792122cdb2caf105f60ea228a3b46) C:\Program Files\Symantec AntiVirus\SavRoam.exe

08:53:52.0437 1272 SavRoam - ok

08:53:52.0937 1272 SAVRT (21ba125b956a513f85f6ab1dd603f917) C:\Program Files\Symantec AntiVirus\savrt.sys

08:53:53.0218 1272 SAVRT - ok

08:53:53.0421 1272 SAVRTPEL (0f8e1c05fc1298f8e7cea935429f66ff) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

08:53:53.0500 1272 SAVRTPEL - ok

08:53:54.0218 1272 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

08:53:54.0859 1272 SCardSvr - ok

08:53:55.0437 1272 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

08:53:55.0687 1272 Schedule - ok

08:53:56.0187 1272 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

08:53:56.0484 1272 sdbus - ok

08:53:56.0953 1272 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

08:53:57.0234 1272 Secdrv - ok

08:53:57.0703 1272 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

08:53:57.0953 1272 seclogon - ok

08:53:58.0437 1272 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

08:53:58.0687 1272 SENS - ok

08:53:59.0281 1272 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

08:53:59.0609 1272 Serial - ok

08:54:00.0218 1272 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

08:54:00.0515 1272 Sfloppy - ok

08:54:01.0281 1272 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

08:54:01.0921 1272 SharedAccess - ok

08:54:02.0578 1272 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

08:54:02.0843 1272 ShellHWDetection - ok

08:54:03.0515 1272 Simbad - ok

08:54:04.0281 1272 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

08:54:05.0375 1272 sisagp - ok

08:54:05.0687 1272 SNDSrvc (262c62aa7e74e7cdc0bd8926741b6a60) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

08:54:06.0343 1272 SNDSrvc - ok

08:54:06.0968 1272 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

08:54:07.0328 1272 Sparrow - ok

08:54:07.0812 1272 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

08:54:08.0593 1272 SPBBCDrv - ok

08:54:09.0093 1272 SPBBCSvc (ea07435c72a8534c3a8e02d87246e546) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

08:54:10.0750 1272 SPBBCSvc - ok

08:54:11.0546 1272 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

08:54:11.0875 1272 splitter - ok

08:54:12.0500 1272 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

08:54:12.0671 1272 Spooler - ok

08:54:13.0531 1272 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

08:54:13.0890 1272 sr - ok

08:54:14.0609 1272 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

08:54:15.0015 1272 srservice - ok

08:54:16.0000 1272 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

08:54:16.0765 1272 Srv - ok

08:54:17.0437 1272 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys

08:54:17.0515 1272 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning

08:54:17.0515 1272 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)

08:54:18.0343 1272 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

08:54:18.0562 1272 SSDPSRV - ok

08:54:19.0265 1272 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys

08:54:19.0312 1272 ssrtln ( UnsignedFile.Multi.Generic ) - warning

08:54:19.0312 1272 ssrtln - detected UnsignedFile.Multi.Generic (1)

08:54:19.0906 1272 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

08:54:20.0312 1272 stisvc - ok

08:54:21.0218 1272 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

08:54:21.0515 1272 swenum - ok

08:54:22.0031 1272 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

08:54:22.0312 1272 swmidi - ok

08:54:22.0781 1272 SwPrv - ok

08:54:23.0578 1272 Symantec AntiVirus (85ecc034b4dec0b3640c2d72509c03be) C:\Program Files\Symantec AntiVirus\Rtvscan.exe

08:54:25.0421 1272 Symantec AntiVirus - ok

08:54:26.0250 1272 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

08:54:26.0578 1272 symc810 - ok

08:54:27.0312 1272 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

08:54:27.0734 1272 symc8xx - ok

08:54:27.0953 1272 SymEvent (9c4737086dee2d302d5d2d69478f6611) C:\Program Files\Symantec\SYMEVENT.SYS

08:54:28.0250 1272 SymEvent - ok

08:54:29.0234 1272 SYMREDRV (c1bbd1d20acc5ecadca086228ad52bdd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

08:54:29.0296 1272 SYMREDRV - ok

08:54:29.0984 1272 SYMTDI (9bf7fddab95f8aabc361774dc844f755) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

08:54:30.0109 1272 SYMTDI - ok

08:54:30.0890 1272 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

08:54:31.0234 1272 sym_hi - ok

08:54:31.0890 1272 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

08:54:32.0234 1272 sym_u3 - ok

08:54:32.0921 1272 SynTP (0f332c0ba9b968ebc8cbb906416f8597) C:\WINDOWS\system32\DRIVERS\SynTP.sys

08:54:33.0468 1272 SynTP - ok

08:54:34.0312 1272 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

08:54:34.0625 1272 sysaudio - ok

08:54:35.0421 1272 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

08:54:35.0953 1272 SysmonLog - ok

08:54:36.0656 1272 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

08:54:36.0953 1272 TapiSrv - ok

08:54:37.0656 1272 tbhsd (0a396237c3c4164de12d7c26450bd69c) C:\WINDOWS\system32\drivers\tbhsd.sys

08:54:37.0765 1272 tbhsd - ok

08:54:38.0656 1272 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

08:54:39.0046 1272 Tcpip - ok

08:54:39.0828 1272 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

08:54:40.0093 1272 TDPIPE - ok

08:54:40.0750 1272 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

08:54:41.0062 1272 TDTCP - ok

08:54:41.0984 1272 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

08:54:42.0312 1272 TermDD - ok

08:54:42.0906 1272 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

08:54:43.0359 1272 TermService - ok

08:54:44.0046 1272 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys

08:54:44.0203 1272 tfsnboio ( UnsignedFile.Multi.Generic ) - warning

08:54:44.0203 1272 tfsnboio - detected UnsignedFile.Multi.Generic (1)

08:54:44.0843 1272 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys

08:54:44.0921 1272 tfsncofs ( UnsignedFile.Multi.Generic ) - warning

08:54:44.0921 1272 tfsncofs - detected UnsignedFile.Multi.Generic (1)

08:54:45.0625 1272 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys

08:54:45.0734 1272 tfsndrct ( UnsignedFile.Multi.Generic ) - warning

08:54:45.0734 1272 tfsndrct - detected UnsignedFile.Multi.Generic (1)

08:54:46.0453 1272 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys

08:54:46.0500 1272 tfsndres ( UnsignedFile.Multi.Generic ) - warning

08:54:46.0500 1272 tfsndres - detected UnsignedFile.Multi.Generic (1)

08:54:47.0234 1272 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys

08:54:47.0296 1272 tfsnifs ( UnsignedFile.Multi.Generic ) - warning

08:54:47.0296 1272 tfsnifs - detected UnsignedFile.Multi.Generic (1)

08:54:47.0953 1272 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys

08:54:48.0000 1272 tfsnopio ( UnsignedFile.Multi.Generic ) - warning

08:54:48.0000 1272 tfsnopio - detected UnsignedFile.Multi.Generic (1)

08:54:48.0687 1272 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys

08:54:48.0812 1272 tfsnpool ( UnsignedFile.Multi.Generic ) - warning

08:54:48.0812 1272 tfsnpool - detected UnsignedFile.Multi.Generic (1)

08:54:49.0531 1272 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys

08:54:49.0640 1272 tfsnudf ( UnsignedFile.Multi.Generic ) - warning

08:54:49.0640 1272 tfsnudf - detected UnsignedFile.Multi.Generic (1)

08:54:50.0203 1272 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys

08:54:50.0265 1272 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning

08:54:50.0265 1272 tfsnudfa - detected UnsignedFile.Multi.Generic (1)

08:54:51.0000 1272 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

08:54:51.0078 1272 Themes - ok

08:54:51.0828 1272 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\WINDOWS\system32\drivers\tifm21.sys

08:54:52.0281 1272 tifm21 - ok

08:54:52.0953 1272 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

08:54:53.0328 1272 TlntSvr - ok

08:54:54.0421 1272 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

08:54:55.0015 1272 TosIde - ok

08:54:55.0718 1272 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

08:54:56.0015 1272 TrkWks - ok

08:54:56.0781 1272 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

08:54:57.0078 1272 Udfs - ok

08:54:57.0734 1272 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

08:54:58.0015 1272 ultra - ok

08:54:58.0718 1272 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

08:54:59.0281 1272 Update - ok

08:55:00.0140 1272 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

08:55:00.0640 1272 upnphost - ok

08:55:01.0359 1272 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

08:55:01.0640 1272 UPS - ok

08:55:02.0250 1272 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

08:55:02.0578 1272 usbccgp - ok

08:55:03.0312 1272 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

08:55:03.0625 1272 usbehci - ok

08:55:04.0656 1272 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

08:55:04.0953 1272 usbhub - ok

08:55:05.0906 1272 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

08:55:06.0250 1272 usbprint - ok

08:55:07.0109 1272 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

08:55:07.0421 1272 usbscan - ok

08:55:08.0265 1272 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:55:08.0546 1272 USBSTOR - ok

08:55:09.0187 1272 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

08:55:09.0750 1272 usbuhci - ok

08:55:10.0531 1272 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys

08:55:10.0906 1272 USB_RNDIS_XP - ok

08:55:11.0765 1272 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

08:55:12.0046 1272 VgaSave - ok

08:55:12.0765 1272 vgqt - ok

08:55:13.0468 1272 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

08:55:13.0765 1272 viaagp - ok

08:55:14.0578 1272 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

08:55:14.0968 1272 ViaIde - ok

08:55:16.0140 1272 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

08:55:16.0453 1272 VolSnap - ok

08:55:17.0437 1272 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

08:55:17.0953 1272 VSS - ok

08:55:18.0656 1272 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

08:55:19.0000 1272 W32Time - ok

08:55:19.0859 1272 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys

08:55:21.0812 1272 w39n51 - ok

08:55:22.0625 1272 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

08:55:22.0937 1272 Wanarp - ok

08:55:23.0421 1272 WDICA - ok

08:55:23.0765 1272 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

08:55:24.0046 1272 wdmaud - ok

08:55:24.0796 1272 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

08:55:25.0062 1272 WebClient - ok

08:55:25.0968 1272 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

08:55:27.0546 1272 winachsf - ok

08:55:28.0343 1272 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

08:55:28.0703 1272 winmgmt - ok

08:55:29.0156 1272 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

08:55:29.0406 1272 WmdmPmSN - ok

08:55:29.0890 1272 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

08:55:30.0031 1272 Wmi - ok

08:55:30.0421 1272 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

08:55:30.0718 1272 WmiAcpi - ok

08:55:31.0156 1272 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

08:55:31.0453 1272 WmiApSrv - ok

08:55:31.0687 1272 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

08:55:31.0875 1272 WMPNetworkSvc - ok

08:55:32.0359 1272 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

08:55:32.0421 1272 WpdUsb - ok

08:55:32.0875 1272 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

08:55:33.0171 1272 WS2IFSL - ok

08:55:33.0656 1272 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

08:55:33.0937 1272 wscsvc - ok

08:55:34.0484 1272 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

08:55:34.0828 1272 wuauserv - ok

08:55:35.0218 1272 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

08:55:35.0343 1272 WudfPf - ok

08:55:35.0937 1272 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

08:55:36.0046 1272 WudfRd - ok

08:55:36.0437 1272 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

08:55:36.0500 1272 WudfSvc - ok

08:55:36.0625 1272 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

08:55:36.0906 1272 WZCSVC - ok

08:55:37.0265 1272 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

08:55:37.0468 1272 xmlprov - ok

08:55:37.0515 1272 MBR (0x1B8) (5ae5a393505cffd37fe98c4a7922908d) \Device\Harddisk0\DR0

08:55:38.0000 1272 \Device\Harddisk0\DR0 - ok

08:55:38.0031 1272 Boot (0x1200) (98a636ae3e4f342f3ff8dd1bc992beb5) \Device\Harddisk0\DR0\Partition0

08:55:38.0031 1272 \Device\Harddisk0\DR0\Partition0 - ok

08:55:38.0062 1272 Boot (0x1200) (3dd5b83fb3c88cd7da6ee73261fe42b1) \Device\Harddisk0\DR0\Partition1

08:55:38.0062 1272 \Device\Harddisk0\DR0\Partition1 - ok

08:55:38.0062 1272 ============================================================

08:55:38.0062 1272 Scan finished

08:55:38.0062 1272 ============================================================

08:55:38.0203 1096 Detected object count: 23

08:55:38.0203 1096 Actual detected object count: 23

08:55:48.0156 1096 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0171 1096 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0171 1096 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0171 1096 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0171 1096 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0171 1096 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0171 1096 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0171 1096 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0171 1096 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0171 1096 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0187 1096 hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0187 1096 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0187 1096 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0187 1096 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0187 1096 IPSec ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0187 1096 IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0187 1096 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0187 1096 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0187 1096 MHN ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0187 1096 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0203 1096 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0203 1096 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0203 1096 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0203 1096 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0203 1096 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0203 1096 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0203 1096 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0203 1096 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0218 1096 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0218 1096 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0218 1096 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0218 1096 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0218 1096 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0218 1096 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0218 1096 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0218 1096 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0234 1096 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0234 1096 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0234 1096 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0234 1096 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0234 1096 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0234 1096 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0234 1096 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0234 1096 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:55:48.0250 1096 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user

08:55:48.0250 1096 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites
BekkiT

BekkiT

Posted
  • Author
Posted

I figured as much when it gave me that message during the last run. Well, I'm on a different system. The Bleeping Computer page has instructions for a manual install of recovery console. I'm gonna download the thing on this terminal (I'm on my other computer which is clean), load it onto a flash drive and get it onto the laptop that way.

Link to post
Share on other sites
BekkiT

BekkiT

Posted
  • Author
Posted

Okay! I successfully installed the recovery console.

So, here's round one (pre-console install):

ComboFix 12-04-18.02 - Bekki 04/20/2012 9:15.2.2 - x86

Running from: c:\documents and settings\Bekki\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))

.

.

2012-04-19 02:29 . 2012-04-19 02:31 -------- dc-h--w- c:\windows\ie8

2012-04-17 10:30 . 2012-04-17 10:30 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2012-04-17 10:30 . 2012-04-17 10:30 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2012-04-15 22:50 . 2012-04-17 09:37 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-04-15 11:34 . 2012-04-15 11:34 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2012-04-15 00:44 . 2012-04-15 00:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2012-04-14 23:14 . 2012-04-14 23:14 -------- d-----w- c:\documents and settings\Bekki\Local Settings\Application Data\{8D32E57F-8687-11E1-826D-B8AC6F996F26}

2012-04-14 23:13 . 2012-04-14 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F0E00014CA61F8F9249D151FC4E

2012-04-14 02:09 . 2012-04-14 02:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-13 07:41 . 2012-03-20 07:53 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{90763566-D4B3-41BF-BA9D-F81B4F980BE7}\mpengine.dll

2012-04-13 07:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-04-13 07:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 19:56 . 2009-04-11 03:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-29 14:10 . 2004-08-10 15:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-10 15:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-23 14:18 . 2009-10-02 21:01 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-03 09:22 . 2004-08-10 15:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2007-07-26 20:01 . 2008-04-20 00:47 114688 ----a-w- c:\program files\internet explorer\plugins\ChimeShim.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\Steam\Steam.exe" [2012-04-14 1242448]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]

"SansaDispatch"="c:\documents and settings\Bekki\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-01-27 79872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-03 61952]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]

"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-14 94208]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\Ruckus Player\\Ruckus.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\AIM7\\aim.exe"=

.

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/13/2012 8:58 PM 106104]

S0 anwe;anwe;c:\windows\system32\drivers\owjiyidt.sys --> c:\windows\system32\drivers\owjiyidt.sys [?]

S0 vgqt;vgqt;c:\windows\system32\drivers\prhjp.sys --> c:\windows\system32\drivers\prhjp.sys [?]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/15/2012 6:50 PM 32072]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 2:27 PM 169200]

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

Rasman

pgpsdkservice

oracleorahome92pagingserver

AR5416

netcfgsvr

mcstrm

aic116x

iisadmin

veteboot

ggsemc

cvintdrv

se59mgmt

R300

irmon

viairda

xnacc

ghostsec

license

fsaua

SiSRaid2

PciBus

stylexpservice

MA8032M

zmxpzip

s616mdfl

as32svc

rt2870

DfwWebAgent

nvcap

tosrfsnd

BUFADPT

rnadiagreceiver

isamsmt

rrrspy

motoswitchservice

PGPwded

roxupnprenderer

xusb21

wlancfg

oracle%oracle_home_service%clientcache80

efs

MREMPR5

cfosspeed

pdlndtdl

jukebox3

lckfldservice

AmdLLD

ozoneinstallerservice

lmab_device

KMW_USB

iaimtv4

upsmonservice

allegro

ithsgt

LoopBeMidi1

rootmodem

iam

bdfsdrv

se44mdm

USBModem

avgascln

roxwatch9

DSI_SiUSBXp_3_1

mysqlinventime

rxfilter

ypcservice

DellAMBrokerService

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

wscsvc

xmlprov

MHN

BITS

wuauserv

ShellHWDetection

helpsvc

WmdmPmSN

napagent

hkmsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]

2008-02-08 14:53 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

.

2010-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2012-04-14 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-10-06 03:11]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

FF - ProfilePath - c:\documents and settings\Bekki\Application Data\Mozilla\Firefox\Profiles\6s20yl0r.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Translate This!: {8D32E57F-8687-11E1-826D-B8AC6F996F26} - c:\documents and settings\Bekki\Local Settings\Application Data\{8D32E57F-8687-11E1-826D-B8AC6F996F26}

FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-20 09:37

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????\??????(?@???????@

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SansaDispatch = c:\documents and settings\Bekki\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?=&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_conten

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-04-20 09:41:29

ComboFix-quarantined-files.txt 2012-04-20 13:41

ComboFix2.txt 2012-04-19 03:40

.

Pre-Run: 62,871,293,952 bytes free

Post-Run: 62,866,214,912 bytes free

.

- - End Of File - - 4E947034EA55D451F8C56EDA8C47B30B

And here's round 2 (post-install):

ComboFix 12-04-18.02 - Bekki 04/20/2012 10:16:25.3.2 - x86

Running from: c:\documents and settings\Bekki\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Bekki\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

.

((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))

.

.

2012-04-19 02:29 . 2012-04-19 02:31 -------- dc-h--w- c:\windows\ie8

2012-04-17 10:30 . 2012-04-17 10:30 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2012-04-17 10:30 . 2012-04-17 10:30 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2012-04-15 22:50 . 2012-04-17 09:37 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-04-15 11:34 . 2012-04-15 11:34 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2012-04-15 00:44 . 2012-04-15 00:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2012-04-14 23:14 . 2012-04-14 23:14 -------- d-----w- c:\documents and settings\Bekki\Local Settings\Application Data\{8D32E57F-8687-11E1-826D-B8AC6F996F26}

2012-04-14 23:13 . 2012-04-14 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F0E00014CA61F8F9249D151FC4E

2012-04-14 02:09 . 2012-04-14 02:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-13 07:41 . 2012-03-20 07:53 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{90763566-D4B3-41BF-BA9D-F81B4F980BE7}\mpengine.dll

2012-04-13 07:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-04-13 07:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 19:56 . 2009-04-11 03:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-29 14:10 . 2004-08-10 15:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-10 15:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-23 14:18 . 2009-10-02 21:01 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-03 09:22 . 2004-08-10 15:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2007-07-26 20:01 . 2008-04-20 00:47 114688 ----a-w- c:\program files\internet explorer\plugins\ChimeShim.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-19_03.15.52 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-04-20 14:15 . 2012-04-20 14:15 16384 c:\windows\temp\Perflib_Perfdata_7d8.dat

+ 2012-04-20 12:51 . 2012-04-20 12:51 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

- 2012-04-14 07:10 . 2012-04-14 07:10 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2011-11-01 17:34 . 2011-11-01 17:34 1552384 c:\windows\Installer\504f0.msp

+ 2011-07-27 08:44 . 2011-07-27 08:44 1791824 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PPCNV.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\Steam\Steam.exe" [2012-04-14 1242448]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]

"SansaDispatch"="c:\documents and settings\Bekki\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-01-27 79872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-03 61952]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]

"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-14 94208]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\Ruckus Player\\Ruckus.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\AIM7\\aim.exe"=

.

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/13/2012 8:58 PM 106104]

S0 anwe;anwe;c:\windows\system32\drivers\owjiyidt.sys --> c:\windows\system32\drivers\owjiyidt.sys [?]

S0 vgqt;vgqt;c:\windows\system32\drivers\prhjp.sys --> c:\windows\system32\drivers\prhjp.sys [?]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/15/2012 6:50 PM 32072]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 2:27 PM 169200]

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

Rasman

pgpsdkservice

oracleorahome92pagingserver

AR5416

netcfgsvr

mcstrm

aic116x

iisadmin

veteboot

ggsemc

cvintdrv

se59mgmt

R300

irmon

viairda

xnacc

ghostsec

license

fsaua

SiSRaid2

PciBus

stylexpservice

MA8032M

zmxpzip

s616mdfl

as32svc

rt2870

DfwWebAgent

nvcap

tosrfsnd

BUFADPT

rnadiagreceiver

isamsmt

rrrspy

motoswitchservice

PGPwded

roxupnprenderer

xusb21

wlancfg

oracle%oracle_home_service%clientcache80

efs

MREMPR5

cfosspeed

pdlndtdl

jukebox3

lckfldservice

AmdLLD

ozoneinstallerservice

lmab_device

KMW_USB

iaimtv4

upsmonservice

allegro

ithsgt

LoopBeMidi1

rootmodem

iam

bdfsdrv

se44mdm

USBModem

avgascln

roxwatch9

DSI_SiUSBXp_3_1

mysqlinventime

rxfilter

ypcservice

DellAMBrokerService

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

wscsvc

xmlprov

MHN

BITS

wuauserv

ShellHWDetection

helpsvc

WmdmPmSN

napagent

hkmsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]

2008-02-08 14:53 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

.

2010-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2012-04-14 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-10-06 03:11]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

FF - ProfilePath - c:\documents and settings\Bekki\Application Data\Mozilla\Firefox\Profiles\6s20yl0r.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Translate This!: {8D32E57F-8687-11E1-826D-B8AC6F996F26} - c:\documents and settings\Bekki\Local Settings\Application Data\{8D32E57F-8687-11E1-826D-B8AC6F996F26}

FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-20 10:37

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????\??????(?@???????@

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SansaDispatch = c:\documents and settings\Bekki\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?=&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_conten

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-04-20 10:41:44

ComboFix-quarantined-files.txt 2012-04-20 14:41

ComboFix2.txt 2012-04-20 13:41

ComboFix3.txt 2012-04-19 03:40

.

Pre-Run: 62,851,375,104 bytes free

Post-Run: 62,841,774,080 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 8F0513DDF71C37EE0CE22827E5AE987A

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Open notepad and copy and paste next present in the quotebox below in it (don't forget to copy and paste REGEDIT4):

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=hex(7):36,74,6f,34,00,41,70,70,4d,67,6d,74,00,41,75,64,69,6f,53,72,\
  76,00,42,72,6f,77,73,65,72,00,43,72,79,70,74,53,76,63,00,44,4d,53,65,72,76,\
  65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,76,65,6e,74,53,79,73,74,65,6d,\
  00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,\
  62,69,6c,69,74,79,00,48,69,64,53,65,72,76,00,49,61,73,00,49,70,72,69,70,00,\
  49,72,6d,6f,6e,00,4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,4c,61,6e,6d,61,6e,\
  57,6f,72,6b,73,74,61,74,69,6f,6e,00,4d,65,73,73,65,6e,67,65,72,00,4e,65,74,\
  6d,61,6e,00,4e,6c,61,00,4e,74,6d,73,73,76,63,00,4e,57,43,57,6f,72,6b,73,74,\
  61,74,69,6f,6e,00,4e,77,73,61,70,61,67,65,6e,74,00,52,61,73,61,75,74,6f,00,\
  52,61,73,6d,61,6e,00,52,65,6d,6f,74,65,61,63,63,65,73,73,00,53,63,68,65,64,\
  75,6c,65,00,53,65,63,6c,6f,67,6f,6e,00,53,45,4e,53,00,53,68,61,72,65,64,61,\
  63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,54,\
  68,65,6d,65,73,00,54,72,6b,57,6b,73,00,57,33,32,54,69,6d,65,00,57,5a,43,53,\
  56,43,00,57,6d,69,00,57,6d,64,6d,50,6d,53,70,00,77,69,6e,6d,67,6d,74,00,77,\
  73,63,73,76,63,00,78,6d,6c,70,72,6f,76,00,6e,61,70,61,67,65,6e,74,00,68,6b,\
  6d,73,76,63,00,42,49,54,53,00,77,75,61,75,73,65,72,76,00,53,68,65,6c,6c,48,\
  57,44,65,74,65,63,74,69,6f,6e,00,68,65,6c,70,73,76,63,00,00

Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this: reg.gif

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Finally, reboot your PC.

Next, manually delete your ComboFix, download a new fresh copy and run it again. Post the log file in your next reply.

Link to post
Share on other sites
BekkiT

BekkiT

Posted
  • Author
Posted

Okay, I did the Fix.Reg thing with no problem, and ran a fresh install of ComboFix. Here is my log:

ComboFix 12-04-22.02 - Bekki 04/22/2012 23:45:14.4.2 - x86

Running from: c:\documents and settings\Bekki\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Bekki\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\urttemp

c:\windows\system32\urttemp\fusion.dll

c:\windows\system32\urttemp\mscoree.dll

c:\windows\system32\urttemp\mscoree.dll.local

c:\windows\system32\urttemp\mscorsn.dll

c:\windows\system32\urttemp\mscorwks.dll

c:\windows\system32\urttemp\msvcr71.dll

c:\windows\system32\urttemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))

.

.

2012-04-17 10:30 . 2012-04-17 10:30 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2012-04-17 10:30 . 2012-04-17 10:30 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2012-04-15 22:50 . 2012-04-17 09:37 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-04-15 11:34 . 2012-04-15 11:34 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2012-04-15 00:44 . 2012-04-15 00:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2012-04-14 23:14 . 2012-04-14 23:14 -------- d-----w- c:\documents and settings\Bekki\Local Settings\Application Data\{8D32E57F-8687-11E1-826D-B8AC6F996F26}

2012-04-14 23:13 . 2012-04-14 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F0E00014CA61F8F9249D151FC4E

2012-04-14 02:09 . 2012-04-14 02:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-13 07:41 . 2012-03-20 07:53 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{90763566-D4B3-41BF-BA9D-F81B4F980BE7}\mpengine.dll

2012-04-13 07:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-04-13 07:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 19:56 . 2009-04-11 03:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-29 14:10 . 2004-08-10 15:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-10 15:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-23 14:18 . 2009-10-02 21:01 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-03 09:22 . 2004-08-10 15:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2007-07-26 20:01 . 2008-04-20 00:47 114688 ----a-w- c:\program files\internet explorer\plugins\ChimeShim.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\Steam\Steam.exe" [2012-04-14 1242448]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]

"SansaDispatch"="c:\documents and settings\Bekki\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-01-27 79872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-03 61952]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]

"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-14 94208]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\Ruckus Player\\Ruckus.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\AIM7\\aim.exe"=

.

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/13/2012 8:58 PM 106104]

S0 anwe;anwe;c:\windows\system32\drivers\owjiyidt.sys --> c:\windows\system32\drivers\owjiyidt.sys [?]

S0 vgqt;vgqt;c:\windows\system32\drivers\prhjp.sys --> c:\windows\system32\drivers\prhjp.sys [?]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/15/2012 6:50 PM 32072]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 2:27 PM 169200]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]

2008-02-08 14:53 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

.

2010-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2012-04-14 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-10-06 03:11]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

FF - ProfilePath - c:\documents and settings\Bekki\Application Data\Mozilla\Firefox\Profiles\6s20yl0r.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Translate This!: {8D32E57F-8687-11E1-826D-B8AC6F996F26} - c:\documents and settings\Bekki\Local Settings\Application Data\{8D32E57F-8687-11E1-826D-B8AC6F996F26}

FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-23 00:07

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????\??????(?@???????@

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SansaDispatch = c:\documents and settings\Bekki\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?=&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_conten

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-04-23 00:11:58

ComboFix-quarantined-files.txt 2012-04-23 04:11

ComboFix2.txt 2012-04-20 14:41

.

Pre-Run: 64,294,129,664 bytes free

Post-Run: 64,286,289,920 bytes free

.

- - End Of File - - DDA63BC064C92470641385425AD8A6CB

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Very good! :)

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites
BekkiT

BekkiT

Posted
  • Author
Posted

Hey, sorry for the slow reply, but I just cannot get either scan working. I just can't get any of the programs online, even though my wireless network is connected. I made sure ComboFix was unistalled, I did a "repair wireless networks", I tried to get internet explorer to connect and have it diagnose what was wrong. When I tried the repair networks it said something was wrong with the configuration of the wireless device and couldn't repair it, but on a restart it was telling me it was connected again. Internet Explorer's diagnose connection problems attempted to return to the default settings for how programs connect to the internet, but that did not work.

Let me know what ideas you have.

Sorry again for the delay.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Link to post
Share on other sites
BekkiT

BekkiT

Posted
  • Author
Posted

Here's the FSS log. Just a head's up, I will be out of town for a few days so I likely won't be responding after about 3 PM today. Just wanted to let you know so the thread doesn't get locked for inactivity or something.

Farbar Service Scanner Version: 30-04-2012 01

Ran by Bekki (administrator) on 04-05-2012 at 10:49:09

Running from "C:\Documents and Settings\Bekki\Desktop"

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is OK.

The ImagePath of Dnscache service is OK.

The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:

The start type of Tcpip service is OK.

The ImagePath of Tcpip service is OK.

Connection Status:

==============

Localhost is blocked.

There is no connection to network.

Attempt to access Google IP returned error: Other errors

Attempt to access Yahoo IP returned error: Other errors

Windows Firewall:

=============

sharedaccess Service is not running. Checking service configuration:

The start type of sharedaccess service is OK.

The ImagePath of sharedaccess service is OK.

The ServiceDll of sharedaccess service is OK.

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys

[2004-08-10 11:00] - [2008-04-13 15:19] - 0075264 ____A () D4572221F148C59F215B9A5B4A1AFFDB

ATTENTION!=====> C:\WINDOWS\system32\Drivers\ipsec.sys IS INFECTED AND SHOULD BE REPLACED.

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(8) Tcpip(3)

0x080000000400000001000000020000000300000008000000050000000600000007000000

IpSec Tag value is correct.

**** End of log ****

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.