Jump to content

(Another) Redirect Virus


Recommended Posts

Hello. I'm new here and thank you for your site. I know there are other threads dealing with Redirect Viruses, and I'll gladly try to follow the instructions found there if that is what I should do. But I thought that since every computer is (somewhat) unique, that I would need a unique solution to my problem.

Here's the story:

When using a search engine (google or yahoo) I get redirected to some bogus site/ad.

I had/have Norton Security Suite on my system (free from Comcast as a customer).

I have run the following scans:

A. Malwarebytes (always finds 8 infections, removes them, then after re-start they're back).

B. TDSSKiller

C. HIT Scan (from Internet Security)

D. Combofix

E. Super Antispyware

None of these have removed the virus.

After Startup, I ALWAYS get the following messages:

A. "IDVault.exe...encountered problem...needs shut down" and

B. "IDVaultSVC.exe...encountered problem...needs shut down"

After startup I OCCASIONALLY get these messages:

A. "(2).NET Framework updates encountered problem...needs shut down."

B. "PresentationFont Cache.exe...encountered problem...needs shut down."

Also, there is a mysterious "hidden" file on my desktop named: "fhrzopwdjc"

And, there are two Internet Explorer icons on my desktop (one with the little arrow in the white box, one without).

Thanks for any help and your valuable time.

Here is today's Malwarebytes log:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7041

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/7/2011 10:21:31 AM

mbam-log-2011-07-07 (10-21-31).txt

Scan type: Quick scan

Objects scanned: 169399

Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\localservice\application data\020000003c272da51356c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\020000003c272da51356o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\020000003c272da51356p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\020000003c272da51356s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\020000003c272da51356c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\020000003c272da51356o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\020000003c272da51356p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\020000003c272da51356s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

Here is today's DDS Report

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by USER at 14:28:08 on 2011-07-07

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3807.3229 [GMT -4:00]

.

AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Program Files\SFT\GuardedID\gidd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

C:\Program Files\iPod\bin\iPodService.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL

BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [NortonUpdateAgent] c:\documents and settings\all users\application data\norton\NUA.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226613743535

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 68.87.75.198 68.87.64.150

TCP: Interfaces\{530F2FE6-220A-4970-A806-0FBB27567FA3} : DhcpNameServer = 68.87.75.198 68.87.64.150

Notify: GIDLogonXP - GIDLogonXP.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\windows\system32\kerberos32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2011-5-6 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2011-5-6 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110701.001\BHDrvx86.sys [2011-7-7 810616]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2011-5-6 501888]

R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-5-5 25232]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2011-5-6 116784]

R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2011-5-6 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-10 105592]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110706.032\IDSXpx86.sys [2011-7-6 355256]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110707.003\NAVENG.SYS [2011-7-7 86008]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110707.003\NAVEX15.SYS [2011-7-7 1542392]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S2 gupdate1cc05d18d873e3a;Google Update Service (gupdate1cc05d18d873e3a);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]

S2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2011-6-14 60488]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-28 39984]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

.

=============== Created Last 30 ================

.

2011-06-30 13:12:23 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-06-29 14:51:38 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-29 13:21:30 -------- d-sha-r- C:\cmdcons

2011-06-29 13:19:48 98816 ----a-w- c:\windows\sed.exe

2011-06-29 13:19:48 518144 ----a-w- c:\windows\SWREG.exe

2011-06-29 13:19:48 256512 ----a-w- c:\windows\PEV.exe

2011-06-29 13:19:48 208896 ----a-w- c:\windows\MBR.exe

2011-06-29 13:08:38 -------- d-----w- c:\documents and settings\user\application data\Tific

2011-06-28 23:34:46 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes

2011-06-28 23:34:38 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-28 23:34:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-28 23:34:34 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-28 23:34:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-28 21:31:43 0 ---ha-w- c:\documents and settings\user\fhrzopwdjc.tmp

2011-06-27 21:17:33 172032 --sha-w- c:\windows\system32\kerberos32.dll

2011-06-14 12:19:54 -------- d-----w- c:\program files\common files\xing shared

.

==================== Find3M ====================

.

2011-06-22 12:35:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-14 12:18:22 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-06-14 12:18:22 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-05-05 16:54:04 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-05-05 16:54:04 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-01-27 18:10:00 513016 ----a-w- c:\program files\issetup.exe

2009-06-22 02:35:24 155255392 ----a-w- c:\program files\Open Office OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe

2009-04-24 12:42:20 9815040 ----a-w- c:\program files\openofficeorg31.msi

2002-03-11 09:06:30 1822520 ----a-w- c:\program files\instmsiw.exe

2002-03-11 08:45:04 1708856 ----a-w- c:\program files\instmsia.exe

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A656AB8]

3 CLASSPNP[0xF7647FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000064[0x8A644F18]

5 ACPI[0xF750E620] -> nt!IofCallDriver[0x804E13B9] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A658940]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

user != kernel MBR !!!

.

============= FINISH: 14:28:54.62 ===============

Link to post
Share on other sites

  • Replies 94
  • Created
  • Last Reply

Top Posters In This Topic

Hello Glinthi and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

D. Combofix

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.

It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

With that said, please do the following:

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

D-Fred Brown,

Thank you for your reply. Before I proceed to carry out your instructions, I want to tell you that it appears that my virus has been taken care of (removed), but I'm still skeptical. Here's how it might have (hopefully) got fixed. My Norton Security Suite ran an idle time scan today and caught two "high" risk rated viruses and zapped 'em. (These had never been found before). They were named: a.) "audiodev32.exe" and b.) "jscript32.exe." I then ran the Malwarebytes scan and it came up clean. I have tried many searches both from Google and Yahoo and I have not been redirected once.

Is it possible that Norton updated my virus definitions and I'm virus free?

Still have a few yellow flags:

1. On Norton Security Suite I am seemingly unable to turn on my "PC Tuneup" options.

2. Occassionally when I go to a web site a message pops up that states "the information I'm about to send is secure." (I just "x" it out).

3. Possibly related to 2. above, on my Norton history it keeps recording several "medium" threats: "Unauthorized Access Blocked (Open Process Token)"

4. At startup tonight I still got the "IDVault.exe...encountered problem...needs to shut down" message; as well as the "PresentationFontCache.exe...problem...shut down" message.

Shall I proceed as per your above instruction? Or something different? Thanks.

Link to post
Share on other sites

TDSSKiller found no infections. Here's the report:

2011/07/07 22:01:11.0843 0244 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21

2011/07/07 22:01:12.0625 0244 ================================================================================

2011/07/07 22:01:12.0625 0244 SystemInfo:

2011/07/07 22:01:12.0625 0244

2011/07/07 22:01:12.0625 0244 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/07 22:01:12.0625 0244 Product type: Workstation

2011/07/07 22:01:12.0625 0244 ComputerName: DEREK

2011/07/07 22:01:12.0625 0244 UserName: USER

2011/07/07 22:01:12.0625 0244 Windows directory: C:\WINDOWS

2011/07/07 22:01:12.0625 0244 System windows directory: C:\WINDOWS

2011/07/07 22:01:12.0625 0244 Processor architecture: Intel x86

2011/07/07 22:01:12.0625 0244 Number of processors: 2

2011/07/07 22:01:12.0625 0244 Page size: 0x1000

2011/07/07 22:01:12.0625 0244 Boot type: Normal boot

2011/07/07 22:01:12.0625 0244 ================================================================================

2011/07/07 22:01:19.0468 0244 Initialize success

2011/07/07 22:01:37.0218 3904 ================================================================================

2011/07/07 22:01:37.0218 3904 Scan started

2011/07/07 22:01:37.0218 3904 Mode: Manual;

2011/07/07 22:01:37.0218 3904 ================================================================================

2011/07/07 22:01:37.0718 3904 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/07 22:01:37.0765 3904 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/07 22:01:37.0875 3904 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys

2011/07/07 22:01:37.0921 3904 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/07 22:01:37.0968 3904 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/07 22:01:38.0265 3904 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/07 22:01:38.0296 3904 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/07 22:01:38.0375 3904 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/07 22:01:38.0437 3904 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/07 22:01:38.0500 3904 b57w2k (a9d0f6efc61d1ff69b55c495f85dd868) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/07/07 22:01:38.0562 3904 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/07 22:01:38.0703 3904 BHDrvx86 (ad73b4cd214de82d003fdadbaeab6410) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110701.001\BHDrvx86.sys

2011/07/07 22:01:38.0937 3904 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/07 22:01:39.0046 3904 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys

2011/07/07 22:01:39.0187 3904 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/07 22:01:39.0234 3904 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/07 22:01:39.0281 3904 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/07 22:01:39.0343 3904 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

2011/07/07 22:01:39.0609 3904 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/07 22:01:39.0765 3904 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/07 22:01:39.0875 3904 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys

2011/07/07 22:01:39.0906 3904 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/07 22:01:39.0984 3904 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/07 22:01:40.0062 3904 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/07 22:01:40.0171 3904 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2011/07/07 22:01:40.0203 3904 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2011/07/07 22:01:40.0343 3904 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/07 22:01:40.0390 3904 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/07 22:01:40.0437 3904 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/07 22:01:40.0484 3904 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/07 22:01:40.0546 3904 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/07 22:01:40.0609 3904 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/07 22:01:40.0765 3904 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/07 22:01:40.0875 3904 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/07/07 22:01:40.0921 3904 GIDv2 (936ca0dc0acce06fe55de222ca5e56df) C:\WINDOWS\system32\drivers\GIDv2.sys

2011/07/07 22:01:40.0968 3904 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/07 22:01:41.0125 3904 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/07/07 22:01:41.0171 3904 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/07/07 22:01:41.0250 3904 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/07/07 22:01:41.0312 3904 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/07 22:01:41.0421 3904 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/07 22:01:41.0531 3904 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/07/07 22:01:41.0703 3904 IDSxpx86 (b9ba869eb7b66c5740e904a79f9245b4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110706.032\IDSxpx86.sys

2011/07/07 22:01:41.0828 3904 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/07 22:01:41.0937 3904 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/07 22:01:41.0984 3904 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/07 22:01:42.0046 3904 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/07 22:01:42.0093 3904 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/07 22:01:42.0140 3904 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/07 22:01:42.0203 3904 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/07 22:01:42.0250 3904 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/07 22:01:42.0296 3904 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/07 22:01:42.0312 3904 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/07 22:01:42.0359 3904 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/07 22:01:42.0406 3904 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/07 22:01:42.0531 3904 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/07 22:01:42.0578 3904 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/07 22:01:42.0640 3904 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/07 22:01:42.0703 3904 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/07 22:01:42.0765 3904 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/07 22:01:42.0859 3904 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/07 22:01:42.0953 3904 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/07 22:01:43.0000 3904 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/07 22:01:43.0046 3904 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/07 22:01:43.0109 3904 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/07 22:01:43.0156 3904 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/07 22:01:43.0203 3904 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/07 22:01:43.0328 3904 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110707.017\NAVENG.SYS

2011/07/07 22:01:43.0468 3904 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110707.017\NAVEX15.SYS

2011/07/07 22:01:43.0593 3904 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/07 22:01:43.0703 3904 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/07 22:01:43.0781 3904 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/07 22:01:43.0843 3904 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/07 22:01:43.0890 3904 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/07 22:01:43.0953 3904 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/07 22:01:44.0000 3904 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/07 22:01:44.0109 3904 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/07 22:01:44.0171 3904 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/07 22:01:44.0281 3904 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/07 22:01:44.0328 3904 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/07 22:01:44.0390 3904 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/07 22:01:44.0453 3904 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/07 22:01:44.0515 3904 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/07 22:01:44.0562 3904 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/07 22:01:44.0718 3904 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/07 22:01:44.0859 3904 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/07 22:01:44.0906 3904 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/07 22:01:45.0171 3904 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/07 22:01:45.0218 3904 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/07/07 22:01:45.0281 3904 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/07 22:01:45.0328 3904 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/07 22:01:45.0515 3904 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/07 22:01:45.0578 3904 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/07 22:01:45.0671 3904 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/07 22:01:45.0718 3904 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/07 22:01:45.0781 3904 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/07 22:01:45.0828 3904 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/07 22:01:45.0921 3904 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/07 22:01:45.0984 3904 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/07 22:01:46.0109 3904 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/07 22:01:46.0203 3904 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/07 22:01:46.0281 3904 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/07 22:01:46.0328 3904 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/07 22:01:46.0390 3904 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/07/07 22:01:46.0515 3904 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys

2011/07/07 22:01:46.0671 3904 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/07 22:01:46.0718 3904 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/07 22:01:46.0796 3904 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS

2011/07/07 22:01:46.0906 3904 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS

2011/07/07 22:01:47.0015 3904 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/07 22:01:47.0140 3904 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/07 22:01:47.0171 3904 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/07 22:01:47.0312 3904 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS

2011/07/07 22:01:47.0437 3904 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS

2011/07/07 22:01:47.0546 3904 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

2011/07/07 22:01:47.0640 3904 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS

2011/07/07 22:01:47.0781 3904 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS

2011/07/07 22:01:47.0921 3904 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/07 22:01:48.0000 3904 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/07 22:01:48.0093 3904 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/07 22:01:48.0156 3904 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/07 22:01:48.0187 3904 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/07 22:01:48.0390 3904 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/07 22:01:48.0484 3904 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/07 22:01:48.0609 3904 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/07/07 22:01:48.0687 3904 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/07/07 22:01:48.0750 3904 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/07 22:01:48.0812 3904 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/07 22:01:48.0859 3904 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/07/07 22:01:48.0921 3904 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/07 22:01:48.0984 3904 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/07 22:01:49.0031 3904 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/07 22:01:49.0078 3904 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/07 22:01:49.0156 3904 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/07 22:01:49.0234 3904 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/07 22:01:49.0328 3904 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/07 22:01:49.0421 3904 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/07/07 22:01:49.0500 3904 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/07 22:01:49.0578 3904 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/07 22:01:49.0625 3904 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/07/07 22:01:49.0734 3904 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR2

2011/07/07 22:01:49.0750 3904 Boot (0x1200) (deeb9c33afb0d9c9ba731c9007bb56a1) \Device\Harddisk0\DR0\Partition0

2011/07/07 22:01:49.0765 3904 Boot (0x1200) (088acfef7b1eb8bdfa25a3e6cf47e940) \Device\Harddisk1\DR2\Partition0

2011/07/07 22:01:49.0781 3904 ================================================================================

2011/07/07 22:01:49.0781 3904 Scan finished

2011/07/07 22:01:49.0781 3904 ================================================================================

2011/07/07 22:01:49.0796 2484 Detected object count: 0

2011/07/07 22:01:49.0796 2484 Actual detected object count: 0

Link to post
Share on other sites

ComboFix Log:

ComboFix 11-07-07.05 - USER 07/07/2011 22:15:48.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3807.3117 [GMT -4:00]

Running from: c:\documents and settings\USER\Desktop\ComboFix.exe

AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

.

((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 )))))))))))))))))))))))))))))))

.

.

2011-06-29 13:08 . 2011-06-29 13:08 -------- d-----w- c:\documents and settings\USER\Application Data\Tific

2011-06-28 23:34 . 2011-06-28 23:34 -------- d-----w- c:\documents and settings\USER\Application Data\Malwarebytes

2011-06-28 23:34 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-28 23:34 . 2011-06-28 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-28 23:34 . 2011-06-29 17:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-28 23:34 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-28 21:31 . 2011-06-28 21:31 0 ---ha-w- c:\documents and settings\USER\fhrzopwdjc.tmp

2011-06-27 21:17 . 2011-06-27 21:17 172032 --sha-w- c:\windows\system32\kerberos32.dll

2011-06-18 17:11 . 2011-06-18 17:12 -------- d-----w- c:\program files\Common Files\Adobe

2011-06-14 12:19 . 2011-06-14 12:19 -------- d-----w- c:\program files\Common Files\xing shared

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-22 12:35 . 2011-05-18 23:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-14 12:18 . 2009-06-05 20:36 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-06-14 12:18 . 2009-06-05 20:36 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-05-05 16:54 . 2011-05-05 16:54 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-05-05 16:54 . 2011-05-05 16:54 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-05-02 15:31 . 2008-11-13 21:04 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2004-08-04 05:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2004-08-04 05:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2006-03-03 22:33 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-08-04 05:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-08-04 05:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2004-08-04 05:00 385024 ------w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-04 05:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-01-27 18:10 . 2011-01-27 18:10 513016 ----a-w- c:\program files\issetup.exe

2009-06-22 02:35 . 2009-06-22 01:46 155255392 ----a-w- c:\program files\Open Office OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe

2009-04-24 12:42 . 2009-04-24 12:42 9815040 ----a-w- c:\program files\openofficeorg31.msi

2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe

2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-06-29_13.28.36 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-08 00:56 . 2011-07-08 00:56 16384 c:\windows\Temp\Perflib_Perfdata_4f8.dat

+ 2011-07-08 00:58 . 2011-07-08 00:58 16384 c:\windows\Temp\Perflib_Perfdata_37c.dat

+ 2011-05-11 21:02 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll

+ 2011-06-30 13:04 . 2011-06-30 14:31 18788 c:\windows\system32\Restore\rstrlog.dat

+ 2001-08-23 12:00 . 2011-06-29 17:40 68578 c:\windows\system32\perfc009.dat

+ 2006-03-03 22:33 . 2011-04-25 16:11 66560 c:\windows\system32\mshtmled.dll

- 2006-03-03 22:33 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll

- 2007-08-13 22:54 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll

+ 2007-08-13 22:54 . 2011-04-25 16:11 55296 c:\windows\system32\msfeedsbs.dll

- 2004-08-04 05:00 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll

+ 2004-08-04 05:00 . 2011-04-25 16:11 25600 c:\windows\system32\jsproxy.dll

- 2011-01-27 16:55 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2011-01-27 16:55 . 2011-04-25 16:11 12800 c:\windows\system32\dllcache\xpshims.dll

- 2006-03-03 22:33 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2006-03-03 22:33 . 2011-04-25 16:11 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2011-01-27 15:38 . 2011-04-25 16:11 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2011-01-27 15:38 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2004-08-04 05:00 . 2011-04-25 16:11 43520 c:\windows\system32\dllcache\licmgr10.dll

- 2004-08-04 05:00 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2004-08-04 05:00 . 2011-04-25 16:11 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2004-08-04 05:00 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2011-06-29 17:34 . 2011-02-22 23:06 12800 c:\windows\ie8updates\KB2530548-IE8\xpshims.dll

+ 2011-06-29 17:34 . 2011-02-22 23:06 66560 c:\windows\ie8updates\KB2530548-IE8\mshtmled.dll

+ 2011-06-29 17:34 . 2011-02-22 23:06 55296 c:\windows\ie8updates\KB2530548-IE8\msfeedsbs.dll

+ 2011-06-29 17:34 . 2011-02-22 23:06 43520 c:\windows\ie8updates\KB2530548-IE8\licmgr10.dll

+ 2011-06-29 17:34 . 2011-02-22 23:06 25600 c:\windows\ie8updates\KB2530548-IE8\jsproxy.dll

+ 2011-06-29 17:47 . 2011-06-29 17:47 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll

+ 2011-06-29 23:48 . 2011-06-29 23:48 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\61c3b1e170de97a8d418b610bd9b0c77\System.Windows.Presentation.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a4173f12a0fea30f95bc56ab04f64cae\System.Web.DynamicData.Design.ni.dll

+ 2011-06-29 18:12 . 2011-06-29 18:12 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ab5802527ce15dbcc25e301dbbb4d666\System.ComponentModel.DataAnnotations.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\177a17af98d803ab79006d6785706462\System.AddIn.Contract.ni.dll

+ 2011-06-29 17:44 . 2011-06-29 17:44 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e9bb32c656a2f80b629f129d738c392b\PresentationFontCache.ni.exe

+ 2011-06-29 17:43 . 2011-06-29 17:43 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\d54d318ae1eb0667badea576d0534f9d\PresentationCFFRasterizer.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\87fe1d01b568b3bc9c750b7cf7802516\Microsoft.Vsa.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f5057c30d89ad8d99e38c946a68def9e\Microsoft.Build.Framework.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c40d3caad8bff3c52db7e7562286406a\dfsvc.ni.exe

+ 2011-06-29 18:10 . 2011-06-29 18:10 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2011-04-15 01:30 . 2011-04-15 01:30 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2004-08-04 05:00 . 2009-04-02 03:02 604160 c:\windows\system32\wmspdmod.dll

- 2004-08-04 05:00 . 2009-01-31 00:34 604160 c:\windows\system32\WMSPDMOD.dll

+ 2004-08-04 05:00 . 2009-07-14 03:43 286208 c:\windows\system32\wmpdxm.dll

+ 2001-08-23 12:00 . 2011-06-29 17:40 435682 c:\windows\system32\perfh009.dat

+ 2004-08-04 05:00 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll

- 2004-08-04 05:00 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll

- 2004-08-04 05:00 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll

+ 2004-08-04 05:00 . 2011-04-25 16:11 206848 c:\windows\system32\occache.dll

- 2006-03-03 22:33 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll

+ 2006-03-03 22:33 . 2011-04-25 16:11 611840 c:\windows\system32\mstime.dll

- 2007-08-13 22:54 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll

+ 2007-08-13 22:54 . 2011-04-25 16:11 602112 c:\windows\system32\msfeeds.dll

+ 2009-01-31 00:33 . 2010-03-30 16:24 317440 c:\windows\system32\mp4sdecd.dll

- 2009-01-31 00:33 . 2009-01-31 00:33 317440 c:\windows\system32\MP4SDECD.dll

- 2006-03-03 22:33 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll

+ 2006-03-03 22:33 . 2011-04-25 16:11 184320 c:\windows\system32\iepeers.dll

- 2004-08-04 05:00 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll

+ 2004-08-04 05:00 . 2011-04-25 16:11 387584 c:\windows\system32\iedkcs32.dll

+ 2004-08-04 05:00 . 2011-04-25 12:01 173568 c:\windows\system32\ie4uinit.exe

- 2004-08-04 05:00 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe

- 2004-08-04 05:00 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys

+ 2004-08-04 05:00 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys

- 2004-08-04 05:00 . 2009-01-31 00:34 604160 c:\windows\system32\dllcache\WMSPDMOD.dll

+ 2004-08-04 05:00 . 2009-04-02 03:02 604160 c:\windows\system32\dllcache\wmspdmod.dll

+ 2004-08-04 05:00 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll

+ 2006-03-03 22:33 . 2011-04-25 16:11 916480 c:\windows\system32\dllcache\wininet.dll

- 2006-03-03 22:33 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll

+ 2008-11-13 21:05 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll

+ 2008-12-05 06:54 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll

+ 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll

+ 2004-08-04 05:00 . 2011-04-25 16:11 206848 c:\windows\system32\dllcache\occache.dll

- 2004-08-04 05:00 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll

+ 2011-06-29 14:51 . 2011-04-21 13:37 105472 c:\windows\system32\dllcache\mup.sys

- 2006-03-03 22:33 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll

+ 2006-03-03 22:33 . 2011-04-25 16:11 611840 c:\windows\system32\dllcache\mstime.dll

+ 2011-01-27 15:38 . 2011-04-25 16:11 602112 c:\windows\system32\dllcache\msfeeds.dll

- 2011-01-27 15:38 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll

+ 2011-01-27 14:51 . 2011-04-29 16:19 456320 c:\windows\system32\dllcache\mrxsmb.sys

+ 2010-03-30 16:24 . 2010-03-30 16:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll

- 2010-01-29 15:01 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll

+ 2010-01-29 15:01 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll

+ 2011-01-27 16:55 . 2011-04-25 16:11 247808 c:\windows\system32\dllcache\ieproxy.dll

- 2011-01-27 16:55 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2006-03-03 22:33 . 2011-04-25 16:11 184320 c:\windows\system32\dllcache\iepeers.dll

- 2006-03-03 22:33 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2011-01-27 16:55 . 2011-04-25 16:11 743424 c:\windows\system32\dllcache\iedvtool.dll

- 2011-01-27 16:55 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll

- 2004-08-04 05:00 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2004-08-04 05:00 . 2011-04-25 16:11 387584 c:\windows\system32\dllcache\iedkcs32.dll

- 2004-08-04 05:00 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe

+ 2004-08-04 05:00 . 2011-04-25 12:01 173568 c:\windows\system32\dllcache\ie4uinit.exe

- 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys

+ 2008-06-20 11:40 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys

- 2011-01-18 08:39 . 2011-01-18 08:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2011-03-25 10:15 . 2011-03-25 10:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

- 2011-01-18 08:39 . 2011-01-18 08:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

+ 2011-03-25 10:15 . 2011-03-25 10:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

- 2011-01-18 08:39 . 2011-01-18 08:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2011-03-25 10:15 . 2011-03-25 10:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2011-06-29 17:29 . 2009-03-08 09:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll

+ 2011-06-29 17:29 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll

+ 2011-06-29 17:29 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe

+ 2011-06-29 17:34 . 2011-02-22 23:06 916480 c:\windows\ie8updates\KB2530548-IE8\wininet.dll

+ 2011-06-29 17:34 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2530548-IE8\spuninst\updspapi.dll

+ 2011-06-29 17:34 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2530548-IE8\spuninst\spuninst.exe

+ 2011-06-29 17:34 . 2011-02-22 23:06 206848 c:\windows\ie8updates\KB2530548-IE8\occache.dll

+ 2011-06-29 17:34 . 2011-02-22 23:06 611840 c:\windows\ie8updates\KB2530548-IE8\mstime.dll

+ 2011-06-29 17:34 . 2011-02-22 23:06 602112 c:\windows\ie8updates\KB2530548-IE8\msfeeds.dll

+ 2011-06-29 17:34 . 2011-02-22 23:06 247808 c:\windows\ie8updates\KB2530548-IE8\ieproxy.dll

+ 2011-06-29 17:34 . 2011-02-22 23:06 184320 c:\windows\ie8updates\KB2530548-IE8\iepeers.dll

+ 2011-06-29 17:34 . 2011-02-22 23:06 743424 c:\windows\ie8updates\KB2530548-IE8\iedvtool.dll

+ 2011-06-29 17:34 . 2011-02-22 23:06 387584 c:\windows\ie8updates\KB2530548-IE8\iedkcs32.dll

+ 2011-06-29 17:34 . 2011-02-18 11:49 173568 c:\windows\ie8updates\KB2530548-IE8\ie4uinit.exe

+ 2011-01-27 14:51 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\i386\mrxsmb.sys

+ 2011-06-29 18:11 . 2011-06-29 18:11 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\8ba27eaa0f7d987f92319c64aefd2e98\WsatConfig.ni.exe

+ 2011-06-29 17:47 . 2011-06-29 17:47 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\431d5dc1cfcc0c0530e813f370931670\WindowsFormsIntegration.ni.dll

+ 2011-06-29 17:47 . 2011-06-29 17:47 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\3740d6db28af31a6523a79fcdd71fbeb\UIAutomationTypes.ni.dll

+ 2011-06-29 17:47 . 2011-06-29 17:47 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\00dfe5563886a1f69c96b3acb839107b\UIAutomationClient.ni.dll

+ 2011-06-29 23:48 . 2011-06-29 23:48 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\80187a9cfed4fd0ec82746495be76764\System.Xml.Linq.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\58c421c537b1c3f3878458ad306b2a42\System.Web.Routing.ni.dll

+ 2011-06-29 23:48 . 2011-06-29 23:48 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\dc26fff00ce95d24fd190f38904bb2b3\System.Web.RegularExpressions.ni.dll

+ 2011-06-29 23:48 . 2011-06-29 23:48 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4e3dd4d7f9aeda74a2fcefee036e5070\System.Web.Extensions.Design.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4fb1c0c07f40248b463f2e33444b9477\System.Web.Entity.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\4dfcffc6e6d02bdcdc185d5527a8097e\System.Web.Entity.Design.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b921d1cffcd5e80ea14c51db967edd6\System.Web.DynamicData.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\702b506e56d3a7051aea7822cd915c7f\System.Web.Abstractions.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\e4bcb14e8e53c8dcaff3d2c20daf746e\System.Security.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\503ccbb50e9c06c2f0b02ad8c3f2d100\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\ac53723e41898bc0e8a591c2e4f6f39b\System.Net.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\4a3a674008d8102c1aa5b3fc18251ef7\System.Management.Instrumentation.ni.dll

+ 2011-06-29 18:10 . 2011-06-29 18:10 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7f5f5bfd5f8d6587c96870751a6eb44d\System.IO.Log.ni.dll

+ 2011-06-29 18:10 . 2011-06-29 18:10 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\de1bf796614ca11afd9fab95edb1b4e2\System.IdentityModel.Selectors.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.Wrapper.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.ni.dll

+ 2011-06-29 17:47 . 2011-06-29 17:47 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\1af8683e05c42eb32f46578fe5a8f83f\System.Drawing.Design.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\791a6643b70542b148d977ff42f2f2ef\System.DirectoryServices.Protocols.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\31759ad8be21735f0a369c37514c2efc\System.DirectoryServices.AccountManagement.ni.dll

+ 2011-06-29 18:12 . 2011-06-29 18:12 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\df507a4500e73fa4cfc13f65a1c9055e\System.Data.Services.Client.ni.dll

+ 2011-06-29 18:12 . 2011-06-29 18:12 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d1778fffc09d783bc90512b65d35be66\System.Data.Services.Design.ni.dll

+ 2011-06-29 18:12 . 2011-06-29 18:12 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\5a47a8bf16370c93b3c6a471e48cc67a\System.Data.Entity.Design.ni.dll

+ 2011-06-29 18:12 . 2011-06-29 18:12 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\50492d147392c238edc5a614beccb91b\System.Data.DataSetExtensions.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\fa21b6c9badcf916bb254b4b823c2463\System.Configuration.Install.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\77015cc1e6d9e7d20e63903777afd6df\System.AddIn.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6ca41c7917119c3a9de0bcdca525001d\SMSvcHost.ni.exe

+ 2011-06-29 18:11 . 2011-06-29 18:11 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8ff6d395f8861384bc9bfbe34cafb64e\SMDiagnostics.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\67dc00c24e551003f6dacb73fe9cf881\ServiceModelReg.ni.exe

+ 2011-06-29 17:45 . 2011-06-29 17:45 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e468e9265c844f74577530e4df71f120\PresentationFramework.Aero.ni.dll

+ 2011-06-29 17:45 . 2011-06-29 17:45 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\959709491c71caef88fb41b0eb159714\PresentationFramework.Classic.ni.dll

+ 2011-06-29 17:45 . 2011-06-29 17:45 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\807b62468c2893ee943dffff63a34d8d\PresentationFramework.Royale.ni.dll

+ 2011-06-29 17:45 . 2011-06-29 17:45 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6cf82f370413a2cd1e6bc54060334753\PresentationFramework.Luna.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\0add35a0fbe0c381c998b651c5979902\MSBuild.ni.exe

+ 2011-06-29 18:11 . 2011-06-29 18:11 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\667dc256d9eb3577f2514c89c5974aff\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d5561a4ad04c22f0eb5acf4736c7936e\Microsoft.Build.Utilities.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1a0623063225521aa43044314cc5e721\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\530f98922474a31636c34fa3db9a63ba\Microsoft.Build.Engine.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\7e75fca3ca1f36df8ac624190d9cd283\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\80bd17388778c90f301746ad88700758\CustomMarshalers.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\c0f5f3c318a92212bbe3b413eeb2b374\ComSvcConfig.ni.exe

+ 2011-06-29 18:10 . 2011-06-29 18:10 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\0524928cbd0a686db3960ef688d0d37e\AspNetMMCExt.ni.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2011-04-15 01:29 . 2011-04-15 01:29 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2004-08-04 05:00 . 2010-04-06 08:52 2462720 c:\windows\system32\WMVCore.dll

+ 2006-03-18 06:09 . 2011-04-25 16:11 1211904 c:\windows\system32\urlmon.dll

+ 2006-03-23 12:32 . 2011-05-30 22:19 5964800 c:\windows\system32\mshtml.dll

- 2007-08-13 22:34 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll

+ 2007-08-13 22:34 . 2011-04-25 16:11 1991680 c:\windows\system32\iertutil.dll

+ 2004-08-04 05:00 . 2010-04-06 08:52 2462720 c:\windows\system32\dllcache\WMVCore.dll

+ 2006-03-18 06:09 . 2011-04-25 16:11 1211904 c:\windows\system32\dllcache\urlmon.dll

+ 2006-03-23 12:32 . 2011-05-30 22:19 5964800 c:\windows\system32\dllcache\mshtml.dll

+ 2011-01-27 15:38 . 2011-04-25 16:11 1991680 c:\windows\system32\dllcache\iertutil.dll

- 2011-01-27 15:38 . 2011-02-22 23:06 1991680 c:\windows\system32\dllcache\iertutil.dll

+ 2011-03-25 10:15 . 2011-03-25 10:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

- 2008-07-25 15:17 . 2008-07-25 15:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

- 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2011-01-18 08:39 . 2011-01-18 08:39 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2011-03-25 10:15 . 2011-03-25 10:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

- 2011-01-18 08:39 . 2011-01-18 08:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2011-03-25 10:15 . 2011-03-25 10:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2011-01-19 03:36 . 2011-01-19 03:36 2687488 c:\windows\Installer\7ac3f0.msp

+ 2011-06-29 17:34 . 2011-02-22 23:06 1210880 c:\windows\ie8updates\KB2530548-IE8\urlmon.dll

+ 2011-06-29 17:34 . 2011-02-22 23:06 5962240 c:\windows\ie8updates\KB2530548-IE8\mshtml.dll

+ 2011-06-29 17:34 . 2011-02-22 23:06 1991680 c:\windows\ie8updates\KB2530548-IE8\iertutil.dll

+ 2011-06-29 17:43 . 2011-06-29 17:43 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\11526c1635b97a7d49e25e72ed6e9662\WindowsBase.ni.dll

+ 2011-06-29 17:47 . 2011-06-29 17:47 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\901c3796073853746fecd8979c679494\UIAutomationClientsideProviders.ni.dll

+ 2011-06-29 17:43 . 2011-06-29 17:43 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll

+ 2011-06-29 17:47 . 2011-06-29 17:47 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll

+ 2011-06-29 23:48 . 2011-06-29 23:48 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\2877dda3e0f0faeba527b4bf1efe9cb5\System.WorkflowServices.ni.dll

+ 2011-06-29 23:48 . 2011-06-29 23:48 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d7cb3697989fe6fa3a08d2821d38aa5e\System.Workflow.Runtime.ni.dll

+ 2011-06-29 23:48 . 2011-06-29 23:48 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\2169feb8bd57d96e621fa26d9391d463\System.Workflow.Activities.ni.dll

+ 2011-06-29 23:48 . 2011-06-29 23:48 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f31f1579160d87470cba918f06276e0d\System.Web.Services.ni.dll

+ 2011-06-29 23:48 . 2011-06-29 23:48 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\bdad1c0f4eb846543b234353fd2b926f\System.Web.Mobile.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\647bfe6da40e8160b967c41424901dc8\System.Web.Extensions.ni.dll

+ 2011-06-29 17:47 . 2011-06-29 17:47 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2047e63293e067b351b8f0e038253f33\System.Speech.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ead07662976fb7094811461c568643d5\System.ServiceModel.Web.ni.dll

+ 2011-06-29 18:10 . 2011-06-29 18:10 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c889a45c82004537f1620dd3b211af66\System.Runtime.Serialization.ni.dll

+ 2011-06-29 17:47 . 2011-06-29 17:47 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\c64aa916251a45206a805ab6488b9255\System.Printing.ni.dll

+ 2011-06-29 18:10 . 2011-06-29 18:10 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a8039af85f459c19c041313f9fe0d7e8\System.IdentityModel.ni.dll

+ 2011-06-29 17:46 . 2011-06-29 17:46 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a59b17e6040e3f6286a2227dfdb17096\System.Drawing.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\55211bc8f4fcff47c05bfc3020d97148\System.DirectoryServices.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f9ff2fb342cd5102e2d95883b3433a5d\System.Deployment.ni.dll

+ 2011-06-29 17:46 . 2011-06-29 17:46 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef31ab37b0d7c3c1a6d72646966c8911\System.Data.SqlXml.ni.dll

+ 2011-06-29 18:12 . 2011-06-29 18:12 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f945e9c32c775bb604ab83d8933f1b2c\System.Data.Services.ni.dll

+ 2011-06-29 17:46 . 2011-06-29 17:46 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\283e9bf48e17bdb34acdc93bd5721be0\System.Data.Linq.ni.dll

+ 2011-06-29 18:12 . 2011-06-29 18:12 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\368c85cccea8a1206be5c849fd6614e3\System.Data.Entity.ni.dll

+ 2011-06-29 17:46 . 2011-06-29 17:46 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\bd2e04dfab2993479ae17ea3fa4f6222\System.Core.ni.dll

+ 2011-06-29 17:45 . 2011-06-29 17:45 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4f82a0a1b4405ef61dfa088d11161e35\ReachFramework.ni.dll

+ 2011-06-29 17:45 . 2011-06-29 17:45 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\148505f5b0307230de5d355f10d30a20\PresentationUI.ni.dll

+ 2011-06-29 17:43 . 2011-06-29 17:43 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\1fab86af683c04bdb0aaf65ce7fcd9e5\PresentationBuildTasks.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7292ca9d793cb71cf3d41ae663e7139b\Microsoft.VisualBasic.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\abaf7a180354ed5ec099fb69339b538a\Microsoft.Transactions.Bridge.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b41db9f2897f538203911026bb0abd5d\Microsoft.JScript.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a91940f9033c7910f3f64c061571cec9\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\5195a94327ccef45d202776e932e847b\Microsoft.Build.Tasks.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3efbca53acdd34586bd7f6f87e71ed62\Microsoft.Build.Engine.ni.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2011-04-15 01:29 . 2011-04-15 01:29 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2011-04-15 01:29 . 2011-04-15 01:29 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2011-04-15 01:30 . 2011-04-15 01:30 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2010-10-08 03:19 . 2011-04-15 01:30 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2011-06-29 17:40 . 2011-06-29 17:40 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2004-08-04 05:00 . 2010-08-26 03:36 10841088 c:\windows\system32\wmp.dll

+ 2009-06-22 03:33 . 2011-06-03 21:56 47716296 c:\windows\system32\MRT.exe

+ 2007-08-13 22:54 . 2011-04-26 14:11 11081728 c:\windows\system32\ieframe.dll

+ 2004-08-04 05:00 . 2010-08-26 03:36 10841088 c:\windows\system32\dllcache\wmp.dll

+ 2011-01-27 15:38 . 2011-04-26 14:11 11081728 c:\windows\system32\dllcache\ieframe.dll

+ 2011-03-28 07:27 . 2011-03-28 07:27 15456256 c:\windows\Installer\7ac3fd.msp

+ 2011-06-29 17:34 . 2011-02-22 23:06 11080704 c:\windows\ie8updates\KB2530548-IE8\ieframe.dll

+ 2011-06-29 17:47 . 2011-06-29 17:47 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\29d16d2f164fe2263539789ecd0d9d4f\System.Windows.Forms.ni.dll

+ 2011-06-29 18:13 . 2011-06-29 18:13 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1fb5d8788c9a9a7f44e2d0fa19c62729\System.Web.ni.dll

+ 2011-06-29 18:11 . 2011-06-29 18:11 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\23abc8e4b535b9cd9c5560266c655ac2\System.ServiceModel.ni.dll

+ 2011-06-29 17:46 . 2011-06-29 17:46 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\ee914f59ad8211e0b6734dccffd9986e\System.Design.ni.dll

+ 2011-06-29 17:45 . 2011-06-29 17:45 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\999df2b262da53356dda514512bb7bb8\PresentationFramework.ni.dll

+ 2011-06-29 17:44 . 2011-06-29 17:44 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\caafa254739e326b0cf55eed815b4333\PresentationCore.ni.dll

+ 2011-06-29 17:43 . 2011-06-29 17:43 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B84CDBE7-1B46-494B-A188-01D4C52DEB61}]

2011-06-02 19:07 99912 ----a-w- c:\program files\Constant Guard Protection Suite\NativeBHO.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NortonUpdateAgent"="c:\documents and settings\All Users\Application Data\Norton\NUA.exe" [2011-04-05 2692024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\System32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\System32\igfxpers.exe" [2005-09-20 114688]

"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-03-03 393992]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-14 273544]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2011-6-14 3231816]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GIDLogonXP]

2011-03-03 23:03 53528 ----a-w- c:\windows\system32\GIDLogonXP.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\kerberos32.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Desktop Application Director 8.LNK]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Corel Desktop Application Director 8.LNK

backup=c:\windows\pss\Corel Desktop Application Director 8.LNKCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^USER^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]

path=c:\documents and settings\USER\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk

backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]

2003-05-08 19:34 69632 ----a-w- c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2010-06-10 00:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-09-20 18:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-09-20 18:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2005-09-20 18:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

2001-07-03 14:11 57344 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]

2003-05-05 16:57 143360 ----a-w- c:\program files\Analog Devices\SoundMAX\SMTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-10-11 09:17 149280 ----a-w- c:\program files\java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [5/6/2011 8:42 AM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [5/6/2011 8:42 AM 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [7/7/2011 1:30 PM 810616]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [5/6/2011 8:42 AM 501888]

R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [5/5/2011 12:40 PM 25232]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [5/6/2011 8:42 AM 116784]

R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [5/6/2011 8:42 AM 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/10/2011 8:02 PM 105592]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110706.032\IDSXpx86.sys [7/6/2011 1:15 AM 355256]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S2 gupdate1cc05d18d873e3a;Google Update Service (gupdate1cc05d18d873e3a);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 10:48 PM 135664]

S2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [6/14/2011 3:24 PM 60488]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 10:48 PM 135664]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 85592534

*Deregistered* - 85592534

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]

2011-03-03 23:04 433416 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

.

2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 02:48]

.

2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 02:48]

.

2011-07-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-839522115-725345543-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-07-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-839522115-725345543-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-06-26 c:\windows\Tasks\Weekly Backup.job

- c:\windows\system32\ntbackup.exe [2004-08-04 00:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

TCP: DhcpNameServer = 68.87.75.198 68.87.64.150

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-07 22:21

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(684)

c:\windows\system32\GIDLogonXP.dll

c:\windows\system32\GIDHookLogon.dll

c:\windows\system32\GIDBIN1.dll

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(1096)

c:\windows\system32\WININET.dll

c:\windows\system32\GIDHook.dll

c:\windows\system32\GIDBIN1.dll

c:\windows\system32\EasyHook32.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-07-07 22:23:59

ComboFix-quarantined-files.txt 2011-07-08 02:23

ComboFix2.txt 2011-06-29 13:30

.

Pre-Run: 132,117,938,176 bytes free

Post-Run: 132,120,571,904 bytes free

.

- - End Of File - - 8E9BF22A5155B30CC9172FCF382B23D9

Link to post
Share on other sites

Security Check report below:

Results of screen317's Security Check version 0.99.17

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 17

Out of date Java installed!

Adobe Flash Player

Adobe Reader X (10.1.0)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

``````````End of Log````````````

Link to post
Share on other sites

Please do the following ;) :

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

File::

c:\documents and settings\USER\fhrzopwdjc.tmp

C:\Windows\System32\drivers\85592534.sys

Driver::

85592534

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Link to post
Share on other sites

Below is new ComboFix report.

After dragging the CFScript.txt into ComboFix it told me an updated version was available. I chose to get the updated version. Not sure if that messed up the Script file....

After the scan the following message repeatedly pops up and I can not get rid of it (and it's still here on my screen now): "IDVault.exe has encountered a problem...needs to close..., etc." This is my Constant Guard from Norton Security Suite. When I press "Don't Send" or "Send Error Report" it does not go away.

Plus, everytime I open IE, a window opens telling me that IE is not my default browser, and asks me if I want to make it my default browser. This was not happening before I got this virus, so I always click "NO." Is it OK to make it my default browser?

ComboFix 11-07-07.06 - USER 07/08/2011 7:54.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3807.3263 [GMT -4:00]

Running from: c:\documents and settings\USER\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt

AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

FILE ::

"c:\documents and settings\USER\fhrzopwdjc.tmp"

"c:\windows\System32\drivers\85592534.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\USER\fhrzopwdjc.tmp

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_85592534

.

.

((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 )))))))))))))))))))))))))))))))

.

.

2011-06-30 13:12 . 2011-06-30 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-06-29 14:51 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-29 13:08 . 2011-06-29 13:08 -------- d-----w- c:\documents and settings\USER\Application Data\Tific

2011-06-28 23:34 . 2011-06-28 23:34 -------- d-----w- c:\documents and settings\USER\Application Data\Malwarebytes

2011-06-28 23:34 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-28 23:34 . 2011-06-28 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-28 23:34 . 2011-06-29 17:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-28 23:34 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-27 21:17 . 2011-06-27 21:17 172032 --sha-w- c:\windows\system32\kerberos32.dll

2011-06-18 17:11 . 2011-06-18 17:12 -------- d-----w- c:\program files\Common Files\Adobe

2011-06-14 12:19 . 2011-06-14 12:19 -------- d-----w- c:\program files\Common Files\xing shared

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-22 12:35 . 2011-05-18 23:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-14 12:18 . 2009-06-05 20:36 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-06-14 12:18 . 2009-06-05 20:36 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-05-05 16:54 . 2011-05-05 16:54 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-05-05 16:54 . 2011-05-05 16:54 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-05-02 15:31 . 2008-11-13 21:04 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2004-08-04 05:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2004-08-04 05:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2006-03-03 22:33 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-08-04 05:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-08-04 05:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2004-08-04 05:00 385024 ------w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-04 05:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-01-27 18:10 . 2011-01-27 18:10 513016 ----a-w- c:\program files\issetup.exe

2009-06-22 02:35 . 2009-06-22 01:46 155255392 ----a-w- c:\program files\Open Office OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe

2009-04-24 12:42 . 2009-04-24 12:42 9815040 ----a-w- c:\program files\openofficeorg31.msi

2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe

2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe

.

.

((((((((((((((((((((((((((((( SnapShot_2011-07-08_02.21.45 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-08 12:04 . 2011-07-08 12:04 16384 c:\windows\Temp\Perflib_Perfdata_5b0.dat

+ 2011-07-08 12:03 . 2011-07-08 12:03 16384 c:\windows\Temp\Perflib_Perfdata_494.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B84CDBE7-1B46-494B-A188-01D4C52DEB61}]

2011-06-02 19:07 99912 ----a-w- c:\program files\Constant Guard Protection Suite\NativeBHO.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NortonUpdateAgent"="c:\documents and settings\All Users\Application Data\Norton\NUA.exe" [2011-04-05 2692024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\System32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\System32\igfxpers.exe" [2005-09-20 114688]

"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-03-03 393992]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-14 273544]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2011-6-14 3231816]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GIDLogonXP]

2011-03-03 23:03 53528 ----a-w- c:\windows\system32\GIDLogonXP.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\kerberos32.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Desktop Application Director 8.LNK]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Corel Desktop Application Director 8.LNK

backup=c:\windows\pss\Corel Desktop Application Director 8.LNKCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^USER^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]

path=c:\documents and settings\USER\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk

backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]

2003-05-08 19:34 69632 ----a-w- c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2010-06-10 00:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-09-20 18:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-09-20 18:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2005-09-20 18:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

2001-07-03 14:11 57344 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]

2003-05-05 16:57 143360 ----a-w- c:\program files\Analog Devices\SoundMAX\SMTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-10-11 09:17 149280 ----a-w- c:\program files\java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [5/6/2011 8:42 AM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [5/6/2011 8:42 AM 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [7/7/2011 1:30 PM 810616]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [5/6/2011 8:42 AM 501888]

R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [5/5/2011 12:40 PM 25232]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [5/6/2011 8:42 AM 116784]

R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [6/14/2011 3:24 PM 60488]

R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [5/6/2011 8:42 AM 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/10/2011 8:02 PM 105592]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110707.031\IDSXpx86.sys [7/8/2011 7:51 AM 355256]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S2 gupdate1cc05d18d873e3a;Google Update Service (gupdate1cc05d18d873e3a);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 10:48 PM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 10:48 PM 135664]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]

2011-03-03 23:04 433416 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

.

2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 02:48]

.

2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 02:48]

.

2011-07-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-839522115-725345543-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-07-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-839522115-725345543-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-06-26 c:\windows\Tasks\Weekly Backup.job

- c:\windows\system32\ntbackup.exe [2004-08-04 00:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

TCP: DhcpNameServer = 68.87.75.198 68.87.64.150

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-08 08:04

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(684)

c:\windows\system32\GIDLogonXP.dll

c:\windows\system32\GIDHookLogon.dll

c:\windows\system32\GIDBIN1.dll

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(632)

c:\windows\system32\WININET.dll

c:\windows\system32\GIDHook.dll

c:\windows\system32\GIDBIN1.dll

c:\windows\system32\EasyHook32.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\windows\system32\dwwin.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-07-08 08:08:36 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-08 12:08

ComboFix2.txt 2011-07-08 02:24

ComboFix3.txt 2011-06-29 13:30

.

Pre-Run: 132,123,222,016 bytes free

Post-Run: 132,025,806,848 bytes free

.

- - End Of File - - 8C62F6FCAFC61A795435F36A23ADE9FC

Link to post
Share on other sites

"AntiSpam OE Hook Launcher...encountered a problem...needs to close..." Clicked on "Don't Send" and it disappeared.

That is related to Norton. Judging by the other errors, you will need to reinstall it. I'll let you know when its safest to do so ;)

Plus, everytime I open IE, a window opens telling me that IE is not my default browser, and asks me if I want to make it my default browser. This was not happening before I got this virus, so I always click "NO." Is it OK to make it my default browser?

Its up to you :)

Let's run some more scans:

Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe

http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe

http://www.kernelmode.info/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

--------

Please do the following:

  • Please download aswMBR.exe from here and save it to your Desktop.
  • Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
  • This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

--------

Download Rootkit Unhooker and save it to your Desktop.

Close all open programs and browsers, then double-click RKUnhookerLE.exe to run it.

Vista/Windows 7 users right-click and select Run As Administrator.

  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • UNcheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait until the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it. Click Close
  • Copy the entire contents of the report and paste it in your next reply.
    Note: You may get the following warning---just ignore it, click OK and continue. Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?

--------

Please include the MBRCheck log, aswMBR log and MBR.dat Zip file, and RootkitUnhooker report in your next reply ;)

Link to post
Share on other sites

Below is the MBRCheck log.

After running this scan I was unable to log in to the Malwarebytes Forums web site (i.e., our session). I tried several times and each time it said I logged in successfully, but I was not logged in. I am currently logged in on my wife's lap top. As I type this, the aswMBR scan is taking place on my (infected) computer.

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000001d

Kernel Drivers (total 132):

0x804D7000 \WINDOWS\system32\ntoskrnl.exe

0x80700000 \WINDOWS\system32\hal.dll

0xF7987000 \WINDOWS\system32\KDCOM.DLL

0xF7897000 \WINDOWS\system32\BOOTVID.dll

0xF75A8000 ACPI.sys

0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF7597000 pci.sys

0xF75F7000 isapnp.sys

0xF7A4F000 pciide.sys

0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF7607000 MountMgr.sys

0xF74D8000 ftdisk.sys

0xF798B000 dmload.sys

0xF74B2000 dmio.sys

0xF770F000 PartMgr.sys

0xF7617000 VolSnap.sys

0xF749A000 atapi.sys

0xF7717000 cercsr6.sys

0xF7482000 \WINDOWS\System32\Drivers\SCSIPORT.SYS

0xF7627000 disk.sys

0xF7637000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

0xF7462000 fltmgr.sys

0xF740C000 SYMDS.SYS

0xF7885000 sr.sys

0xF7858000 SYMEFA.SYS

0xF7841000 KSecDD.sys

0xF7B52000 Ntfs.sys

0xF795A000 NDIS.sys

0xF7647000 Combo-Fix.sys

0xF7827000 Mup.sys

0xB9E77000 \SystemRoot\System32\DRIVERS\ialmnt5.sys

0xB9E63000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS

0xF77D7000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xB9E3F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF77DF000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xB9E13000 \SystemRoot\System32\DRIVERS\b57xp32.sys

0xF7657000 \SystemRoot\System32\DRIVERS\i8042prt.sys

0xF77E7000 \SystemRoot\System32\DRIVERS\mouclass.sys

0xF77EF000 \SystemRoot\System32\Drivers\GIDv2.SYS

0xF77F7000 \SystemRoot\System32\DRIVERS\kbdclass.sys

0xB9DFF000 \SystemRoot\System32\DRIVERS\parport.sys

0xF7667000 \SystemRoot\system32\DRIVERS\serial.sys

0xBA7E0000 \SystemRoot\system32\DRIVERS\serenum.sys

0xF77FF000 \SystemRoot\system32\DRIVERS\fdc.sys

0xF7677000 \SystemRoot\system32\DRIVERS\imapi.sys

0xF7687000 \SystemRoot\System32\DRIVERS\cdrom.sys

0xF7697000 \SystemRoot\System32\DRIVERS\redbook.sys

0xB9DDC000 \SystemRoot\System32\DRIVERS\ks.sys

0xF7807000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0xB9D4E000 \SystemRoot\system32\drivers\smwdm.sys

0xB9D2A000 \SystemRoot\system32\drivers\portcls.sys

0xF76A7000 \SystemRoot\system32\drivers\drmk.sys

0xB9D12000 \SystemRoot\system32\drivers\aeaudio.sys

0xF76B7000 \SystemRoot\System32\DRIVERS\intelppm.sys

0xF7A70000 \SystemRoot\System32\DRIVERS\audstub.sys

0xF76C7000 \SystemRoot\System32\DRIVERS\rasl2tp.sys

0xBA7D8000 \SystemRoot\System32\DRIVERS\ndistapi.sys

0xB9CFB000 \SystemRoot\System32\DRIVERS\ndiswan.sys

0xF76D7000 \SystemRoot\System32\DRIVERS\raspppoe.sys

0xF76E7000 \SystemRoot\System32\DRIVERS\raspptp.sys

0xF780F000 \SystemRoot\System32\DRIVERS\TDI.SYS

0xB9CEA000 \SystemRoot\System32\DRIVERS\psched.sys

0xF76F7000 \SystemRoot\System32\DRIVERS\msgpc.sys

0xF7817000 \SystemRoot\System32\DRIVERS\ptilink.sys

0xF781F000 \SystemRoot\System32\DRIVERS\raspti.sys

0xB9C6A000 \SystemRoot\System32\DRIVERS\rdpdr.sys

0xF7587000 \SystemRoot\System32\DRIVERS\termdd.sys

0xF79C7000 \SystemRoot\System32\DRIVERS\swenum.sys

0xB9B6C000 \SystemRoot\System32\DRIVERS\update.sys

0xBA7BC000 \SystemRoot\System32\DRIVERS\mssmbios.sys

0xF7567000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF7557000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF79C9000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF773F000 \SystemRoot\System32\DRIVERS\flpydisk.sys

0xF79CB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xBA7A5000 \SystemRoot\System32\Drivers\Null.SYS

0xF79CD000 \SystemRoot\System32\Drivers\Beep.SYS

0xF774F000 \SystemRoot\System32\drivers\vga.sys

0xF79CF000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF79D1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF7757000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF775F000 \SystemRoot\System32\Drivers\Npfs.SYS

0xBA26D000 \SystemRoot\System32\DRIVERS\rasacd.sys

0xB181D000 \SystemRoot\System32\DRIVERS\ipsec.sys

0xB17C4000 \SystemRoot\System32\DRIVERS\tcpip.sys

0xB179E000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xB1747000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMTDI.SYS

0xB1722000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

0xB16C8000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110707.031\IDSxpx86.sys

0xF776F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xF7517000 \SystemRoot\System32\DRIVERS\wanarp.sys

0xB16A0000 \SystemRoot\System32\DRIVERS\netbt.sys

0xB167E000 \SystemRoot\System32\drivers\afd.sys

0xF7507000 \SystemRoot\System32\DRIVERS\netbios.sys

0xB165F000 \SystemRoot\system32\drivers\N360\0403000.005\Ironx86.SYS

0xBA68B000 \SystemRoot\system32\drivers\N360\0403000.005\SRTSPX.SYS

0xB1634000 \SystemRoot\System32\DRIVERS\rdbss.sys

0xB15C4000 \SystemRoot\System32\DRIVERS\mrxsmb.sys

0xBA67B000 \SystemRoot\System32\Drivers\Fips.SYS

0xB1566000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

0xB1548000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

0xB14C9000 \SystemRoot\system32\drivers\N360\0403000.005\ccHPx86.sys

0xB13FF000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110701.001\BHDrvx86.sys

0xBA65B000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xB131F000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF79DB000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xB1AD4000 \SystemRoot\System32\drivers\Dxapi.sys

0xF778F000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xBA319000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF020000 \SystemRoot\System32\ialmdnt5.dll

0xBF012000 \SystemRoot\System32\ialmrnt5.dll

0xBF042000 \SystemRoot\System32\ialmdev5.DLL

0xBF077000 \SystemRoot\System32\ialmdd5.DLL

0xBF159000 \SystemRoot\System32\ATMFD.DLL

0xB120B000 \SystemRoot\System32\DRIVERS\ndisuio.sys

0xB0F86000 \SystemRoot\system32\drivers\wdmaud.sys

0xB10DB000 \SystemRoot\system32\drivers\sysaudio.sys

0xB0C5B000 \SystemRoot\System32\DRIVERS\mrxdav.sys

0xB11B1000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xB0AEB000 \SystemRoot\System32\DRIVERS\srv.sys

0xB0212000 \SystemRoot\System32\Drivers\HTTP.sys

0xF7777000 \??\C:\ComboFix\catchme.sys

0xF7A07000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

0xAFCB8000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTSP.SYS

0xB1ADC000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0xAF8EB000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110708.001\NAVEX15.SYS

0xAF8D7000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110708.001\NAVENG.SYS

0xAFDD7000 \SystemRoot\system32\DRIVERS\usbprint.sys

0xAF8AC000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):

0 System Idle Process

4 System

596 C:\WINDOWS\system32\smss.exe

660 csrss.exe

684 C:\WINDOWS\system32\winlogon.exe

728 C:\WINDOWS\system32\services.exe

740 C:\WINDOWS\system32\lsass.exe

912 C:\WINDOWS\system32\svchost.exe

988 svchost.exe

1084 C:\WINDOWS\system32\svchost.exe

1148 svchost.exe

1280 svchost.exe

1404 C:\WINDOWS\system32\spoolsv.exe

1824 C:\Program Files\Google\Update\GoogleUpdate.exe

348 svchost.exe

408 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

440 C:\Program Files\Bonjour\mDNSResponder.exe

496 PresentationFontCache.exe

1052 C:\WINDOWS\system32\svchost.exe

1140 C:\WINDOWS\system32\svchost.exe

1172 C:\Program Files\java\jre6\bin\jqs.exe

1456 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe

1756 C:\WINDOWS\system32\svchost.exe

176 C:\WINDOWS\system32\svchost.exe

476 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

1248 C:\WINDOWS\system32\svchost.exe

2172 C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe

2520 C:\WINDOWS\system32\igfxtray.exe

2548 C:\WINDOWS\system32\hkcmd.exe

2568 C:\WINDOWS\system32\igfxpers.exe

2632 C:\Program Files\SFT\GuardedID\GIDD.exe

3188 C:\Program Files\iTunes\iTunesHelper.exe

3216 C:\Program Files\real\realplayer\Update\realsched.exe

3264 C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe

3488 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe

3104 C:\Program Files\iPod\bin\iPodService.exe

3708 alg.exe

632 C:\WINDOWS\explorer.exe

3604 C:\Program Files\Constant Guard Protection Suite\IDVault.exe

2420 C:\WINDOWS\system32\dwwin.exe

1076 C:\Documents and Settings\USER\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BB-56GUC0, Rev: 20.02H20

PhysicalDrive1 Model Number: WD3200AAK External, Rev: 1.65

Size Device Name MBR Status

--------------------------------------------

148 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

298 GB \\.\PhysicalDrive1 RE: Western Digital MBR code detected

SHA1: CCCF1B32EE08ECFB66B30883CFF6110F69219FEA

Done!

Link to post
Share on other sites

MBR.zipHere is the aswMBR scan log and MBR zip file.

During the scan my Norton found a virus named: "73190831-7aab8f29 (Trojan.Gen.2)" It quarantined it.

I still am unable to log in to our/this session on my computer. . . Still using wife's laptop.

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software

Run date: 2011-07-08 12:46:05

-----------------------------

12:46:05.390 OS Version: Windows 5.1.2600 Service Pack 3

12:46:05.390 Number of processors: 2 586 0x401

12:46:05.406 ComputerName: DEREK UserName: USER

12:46:06.109 Initialize success

12:47:29.531 AVAST engine defs: 11070800

12:47:38.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

12:47:38.656 Disk 0 Vendor: Size: 0MB BusType: 0

12:47:38.656 Disk 1 \Device\Harddisk1\DR2 -> \Device\0000006b

12:47:38.656 Disk 1 Vendor: Size: 0MB BusType: 0

12:47:40.656 Disk 0 MBR read successfully

12:47:40.656 Disk 0 MBR scan

12:47:40.656 Disk 0 Windows XP default MBR code

12:47:40.656 Disk 0 MBR hidden

12:47:40.656 Disk 0 scanning C:\WINDOWS\system32\drivers

12:47:56.750 Service scanning

12:47:57.625 Disk 0 trace - called modules:

12:47:57.640 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

12:47:57.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5fb030]

12:47:57.640 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000063[0x8a658338]

12:47:57.640 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a603940]

12:47:58.093 AVAST engine scan C:\WINDOWS

13:24:18.828 File: C:\WINDOWS\system32\kerberos32.dll **INFECTED** Win32:Malware-gen

13:30:08.281 AVAST engine scan C:\Documents and Settings\USER

13:35:35.953 AVAST engine scan C:\Documents and Settings\All Users

13:42:39.859 Scan finished successfully

13:44:59.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\USER\Desktop\MBR.dat"

13:44:59.468 The log file has been saved successfully to "C:\Documents and Settings\USER\Desktop\aswMBR.txt"

Link to post
Share on other sites

OK. I deleted my cookies and was able to log in. After double clicking on RKUnhooker, it's hung up on the "Please wait few seconds... Initializing@"

Wait a little more and see it resumes. If it doesn't resume scanning, terminate it through Task Manager, then try again. Let me know if it crashes a second time ;)

Link to post
Share on other sites

OK. After I started the process of scanning (with RKUnhooker) a window popped up that said it was scanning and looking for directories, C drive, etc. and to stop scan I could hit "cancel." Behind that window was a larger window with white lines. It appeared nothing was happening for quite a while, but I checked my Task Manager, though nothing showed up on "Applications" it showed a process working labelled (I think) "98232c6d.exe" This went on for like 15 minutes.

Then my Norton itentified two "High" risk viruses: 1.) "a0046155.exe (Trojan.Gen), quarantined" and 2.) "98232c6d.exe detected by SONAR, Restart Required." (I've never heard of SONAR before).

Now Norton wants me to Restart.

Did Norton mistaken the RKUnhooker scan as a virus? If so, should I deactivate Norton and rescan the RKUnhooker?

Link to post
Share on other sites

Did Norton mistaken the RKUnhooker scan as a virus? If so, should I deactivate Norton and rescan the RKUnhooker?

There's a good chance that was the case. Go ahead and disable Norton and try again. You could also try running it in Safe Mode ;)

Link to post
Share on other sites

I am (seemingly) currently unable to deactivate my Norton. When I right-click on the Norton icon on the bottom right corner, the option to "Disable Antivirus Auto-Protect" is faded or inoperative. (I can still disable the Smart Firewall). I'm hesitant to restart the computer because Norton said it needed to restart to deal with the "98232c6d.exe" file which it thinks is a virus. I'm afraid I won't be able to run RKUnhooker after a restart.

I told Norton to "Remind me in 12 hours" about the 98232c6d.exe file/"virus".

Should I restart? Restart in Safe Mode? Disable the Smart Firewall and try the RKUnhooker scan again?

Link to post
Share on other sites

On Normal Mode start up all of the icons were present and normal size. The usual "IDVault encountered problem" window popped up. I was able to disable Norton. I started RKUnhooker and there were already results apparently from the first (botched?)time I ran it (283 lines worth). Should I try to scan it again? Or should I just send you the current (possibly less accurate?) report?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.