Jump to content

My computer has something VERY wrong with it - Malware Removal HELP!


TMo

Recommended Posts

I have a Dell Inspiron 1011 that is running Windows XP Home Edition 2002 Service Pack 3. I have not been able to connect to a wireless router in months. The computer uses a Dell Wireless 1397 WLAN Minicard. Windows cannot "see" the router or hotspots.

In the past, I've had issues of the wireless connection turning on and off and it had to do with a conflict between Dell's Wireless WLAN Card Utility and the Windows Wireless Network Connection. After supposedly erradicating a virus I had on the computer, now I am unable to make a wireless connection to the internet. I've tried restarting the computer and wireless router many times. I've enabled and disabled the wireless card. I have made sure the Wireless Zero Configuration is running.

However, I know that that I have some sort of virus/malware on my computer. I have tried downloading AVG and it says there is no internet connection (but I am connected via cable). I tried updating Malwarebytes and it also does not let me saying there is no internet connection when, in fact, my internet connection is working (plugged in to cable, not wireless). Some internet sites redirect automatically somewhere else. I am pasting a copy of the Malwarebytes' Anti-Malware log file for a scan with an outdated database below as well as the DDS.txt log. I am attaching the Attach.txt log

I was unable to run the GMER Rootkit Scanner. The scan would start and a few minutes later would kick me out to a blue screen which says: "A problem has been detected and windows has been shut down to prevent damage to your computer. PFN_LIST_CORRUPT" Then it goes on to say if I had installed a new software/hardware (which I did not)...etc.... At the end it says Techinal Information: *** STOP: 0x0000004E (0x00000007, 0x00022EEC, 0x00000001, 0x00000000) Beginning dump of physical memory. Physical memory dump complete.

Desperate for help!!! Thank you.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/24/2011 1:49:12 PM

mbam-log-2011-09-24 (13-49-12).txt

Scan type: Full scan (C:\|)

Objects scanned: 231873

Time elapsed: 38 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 5

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CLASSES_ROOT\pezfile\shell\open\command\(default) (Rogue.MultipleAV) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.164.123,93.188.160.203) Good: () -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C151F1E6-EEB0-4F01-96B8-04A6C1E4E8C9}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.164.123,93.188.160.203) Good: () -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Cami at 2:09:32 on 2011-10-06

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.609 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\WSED\WSED.exe

C:\Program Files\Battery Meter\BTMeter.exe

C:\Program Files\CapsLKNotify\CapsLKNotify.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Cami\Local Settings\Application Data\Identities\IdentitiesUpdate\Identitiesupdt32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uWindow Title = Internet Explorer, optimized for Bing and MSN

uDefault_Page_URL = hxxp://www.msn.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: {15fde302-5908-4bcf-8ff9-04b85ce9ab96} - c:\documents and settings\cami\local settings\application data\ServicePTR.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [identities Update] c:\documents and settings\cami\local settings\application data\identities\identitiesupdate\Identitiesupdt32.exe

uRun: [intelUpdateNotifier] rundll32.exe "c:\documents and settings\all users\application data\IntelUpdateNotifier.dll",DllRegisterServer

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [WSED] c:\program files\wsed\WSED.exe

mRun: [bTMeter] c:\program files\battery meter\BTMeter.exe

mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [identities Update] c:\documents and settings\cami\local settings\application data\identities\identitiesupdate\Identitiesupdt32.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2010-5-10 14248]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-9-9 54760]

R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2010-5-7 148056]

R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2010-5-7 133472]

R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2010-5-7 271328]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-5-7 162816]

S2 gupdate;Servicio de actualización de Google (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 136176]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-5-7 1684736]

S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2010-5-23 29184]

S3 fsssvc;Servicio de Windows Live Protección infantil;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Google Update Servicio (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-22 39984]

S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]

.

=============== Created Last 30 ================

.

2011-09-24 17:54:43 0 ---ha-w- c:\documents and settings\cami\zmvcdmwojo.tmp

2011-09-24 17:52:56 98304 ----a-w- c:\documents and settings\all users\application data\IntelUpdateNotifier.dll

2011-09-24 17:52:52 265728 ----a-w- c:\documents and settings\cami\local settings\application data\ServicePTR.dll

2011-09-22 22:21:10 -------- d-----w- c:\documents and settings\cami\application data\Malwarebytes

2011-09-22 20:27:31 -------- d-----w- c:\program files\Elantech

2011-09-22 20:27:30 23040 -c--a-w- c:\windows\system32\dllcache\mouclass.sys

2011-09-22 20:27:30 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys

2011-09-22 20:26:59 83456 ----a-w- c:\windows\system32\drivers\ETD.sys

2011-09-22 20:23:04 -------- d-----w- c:\documents and settings\cami\local settings\application data\Adobe

2011-09-20 00:46:35 -------- d-----w- c:\program files\FYZip

2011-09-20 00:08:17 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2011-09-20 00:03:08 -------- d-----w- c:\documents and settings\all users\application data\MFAData

.

==================== Find3M ====================

.

.

============= FINISH: 2:10:20.06 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Thank you for the reply. I really appreciate your assistance.

As I had mentioned, even though I am connected to the internet via cable (can't get the wireless to work on the computer) I get a message which says it is not able to connect to host. hence, i cannot update MBAM. Any suggestions?

Attached is the Combofix log:

ComboFix 11-10-09.01 - Invitado 10/09/2011 21:31:19.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.563 [GMT -4:00]

Running from: c:\documents and settings\Invitado\Desktop\ComboFix.exe

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\IntelUpdateNotifier.dll

c:\documents and settings\Cami\Local Settings\Application Data\ServicePTR.dll

c:\documents and settings\Cami\zmvcdmwojo.tmp

c:\documents and settings\Invitado\zmvcdmwojo.tmp

.

.

((((((((((((((((((((((((( Files Created from 2011-09-10 to 2011-10-10 )))))))))))))))))))))))))))))))

.

.

2011-10-07 05:00 . 2011-10-07 05:04 -------- d-----w- c:\program files\RegistryFix8

2011-09-24 18:10 . 2011-09-24 18:10 -------- d-----w- c:\documents and settings\Invitado\Application Data\Malwarebytes

2011-09-23 17:58 . 2011-09-23 17:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2011-09-22 20:27 . 2011-09-22 20:27 -------- d-----w- c:\program files\Elantech

2011-09-22 20:27 . 2008-04-14 04:09 23040 -c--a-w- c:\windows\system32\dllcache\mouclass.sys

2011-09-22 20:27 . 2008-04-14 04:09 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys

2011-09-22 20:26 . 2009-02-09 16:35 83456 ----a-w- c:\windows\system32\drivers\ETD.sys

2011-09-20 00:46 . 2011-09-20 00:46 -------- d-----w- c:\program files\FYZip

2011-09-20 00:08 . 2011-09-20 00:08 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-09-20 00:03 . 2011-09-20 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-09-19 23:26 . 2011-09-20 00:46 -------- d-----w- c:\documents and settings\Invitado\Local Settings\Application Data\AskToolbar

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-05-26 20:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-15 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-15 1434920]

"RTHDCPL"="RTHDCPL.EXE" [2009-03-15 17529856]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-15 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-15 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-15 137752]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-05-10 148888]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]

"WSED"="c:\program files\WSED\WSED.exe" [2009-05-27 247080]

"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2009-07-22 623984]

"CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-02-23 320808]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-01-23 416768]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"Identities Update"="c:\documents and settings\Cami\Local Settings\Application Data\Identities\IdentitiesUpdate\Identitiesupdt32.exe" [2011-09-24 90624]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 07:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-09-02 20:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-05-15 01:21 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [5/10/2010 6:23 PM 14248]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/22/2011 6:44 PM 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/22/2011 6:44 PM 22712]

R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [5/7/2010 5:50 PM 148056]

R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [5/7/2010 5:50 PM 133472]

R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [5/7/2010 5:50 PM 271328]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [5/7/2010 5:50 PM 162816]

S2 gupdate;Servicio de actualización de Google (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2010 9:21 PM 136176]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/7/2010 5:50 PM 1684736]

S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [5/23/2010 7:47 PM 29184]

S3 gupdatem;Google Update Servicio (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2010 9:21 PM 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/22/2011 6:44 PM 39984]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 4:33 PM 14336]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - IPFILTERDRIVER

*NewlyCreated* - MBAMPROTECTOR

*NewlyCreated* - MBAMSERVICE

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

2011-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc5d3ca8bdf406.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 01:21]

.

2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 01:21]

.

2011-10-10 c:\windows\Tasks\User_Feed_Synchronization-{2CBFC6CE-55ED-4CD4-BBC7-C36C2FF7857B}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.msn.com

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{0E70CCAE-644A-4013-B2B7-5DFDFC29BDE6} - c:\documents and settings\Cami\Local Settings\Application Data\ServicePTR.dll

BHO-{15FDE302-5908-4BCF-8FF9-04B85CE9AB96} - c:\documents and settings\Cami\Local Settings\Application Data\ServicePTR.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-09 21:43

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(856)

c:\windows\System32\BCMLogon.dll

.

Completion time: 2011-10-09 21:47:39

ComboFix-quarantined-files.txt 2011-10-10 01:47

.

Pre-Run: 144,974,032,896 bytes free

Post-Run: 145,104,523,264 bytes free

.

- - End Of File - - BDECE1CAE104206D2411575AB0330634

Link to post
Share on other sites

  • Staff

Hi,

Transfer any needed tools over from another computer.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Something happened (positive) after I ran Combofix and my computer automatically updates MBAM. Below is the log it generated. Also, I have posted the TDSKiller log:

21:11:47 Invitado MESSAGE Protection started successfully

21:12:09 Invitado MESSAGE IP Protection started successfully

21:20:29 Invitado DETECTION D:\setup.exe Rogue.Installer ALLOW

21:20:30 Invitado DETECTION D:\setup.exe Rogue.Installer ALLOW

21:49:17 Invitado DETECTION D:\setup.exe Rogue.Installer ALLOW

21:49:17 Invitado DETECTION D:\setup.exe Rogue.Installer ALLOW

22:01:28 Invitado MESSAGE IP Protection stopped

22:01:37 Invitado MESSAGE Database updated successfully

22:01:52 Invitado MESSAGE IP Protection started successfully

22:02:09 Invitado MESSAGE Scheduled update executed successfully

22:20:26 Invitado MESSAGE Protection started successfully

22:20:41 Invitado MESSAGE IP Protection started successfully

22:21:38 Invitado MESSAGE IP Protection stopped

22:21:53 Invitado MESSAGE Database updated successfully

22:22:08 Invitado MESSAGE IP Protection started successfully

22:29:23 Invitado MESSAGE Protection started successfully

22:36:12 Invitado MESSAGE Protection started successfully

22:36:21 Invitado MESSAGE IP Protection started successfully

23:27:23 Invitado MESSAGE Protection started successfully

23:27:33 Invitado MESSAGE IP Protection started successfully

23:30:43 Invitado DETECTION D:\setup.exe Rogue.Installer ALLOW

23:30:43 Invitado DETECTION D:\setup.exe Rogue.Installer ALLOW

23:34:24.0718 3004 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24

23:34:25.0375 3004 ============================================================

23:34:25.0375 3004 Current date / time: 2011/10/09 23:34:25.0375

23:34:25.0375 3004 SystemInfo:

23:34:25.0375 3004

23:34:25.0375 3004 OS Version: 5.1.2600 ServicePack: 3.0

23:34:25.0375 3004 Product type: Workstation

23:34:25.0375 3004 ComputerName: D25Z4MK1

23:34:25.0375 3004 UserName: Invitado

23:34:25.0375 3004 Windows directory: C:\WINDOWS

23:34:25.0375 3004 System windows directory: C:\WINDOWS

23:34:25.0375 3004 Processor architecture: Intel x86

23:34:25.0375 3004 Number of processors: 2

23:34:25.0375 3004 Page size: 0x1000

23:34:25.0375 3004 Boot type: Normal boot

23:34:25.0375 3004 ============================================================

23:34:27.0734 3004 Initialize success

23:34:38.0203 2880 ============================================================

23:34:38.0203 2880 Scan started

23:34:38.0203 2880 Mode: Manual;

23:34:38.0203 2880 ============================================================

23:34:39.0328 2880 Abiosdsk - ok

23:34:39.0796 2880 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

23:34:39.0812 2880 abp480n5 - ok

23:34:40.0312 2880 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

23:34:40.0406 2880 ACPI - ok

23:34:40.0812 2880 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

23:34:40.0812 2880 ACPIEC - ok

23:34:41.0265 2880 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

23:34:41.0328 2880 adpu160m - ok

23:34:41.0812 2880 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

23:34:41.0906 2880 aec - ok

23:34:42.0390 2880 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

23:34:42.0484 2880 AFD - ok

23:34:42.0906 2880 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

23:34:42.0937 2880 agp440 - ok

23:34:43.0375 2880 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

23:34:43.0390 2880 agpCPQ - ok

23:34:43.0812 2880 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

23:34:43.0812 2880 Aha154x - ok

23:34:44.0250 2880 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

23:34:44.0281 2880 aic78u2 - ok

23:34:44.0703 2880 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

23:34:44.0734 2880 aic78xx - ok

23:34:45.0140 2880 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

23:34:45.0156 2880 AliIde - ok

23:34:45.0562 2880 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

23:34:45.0578 2880 alim1541 - ok

23:34:46.0812 2880 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys

23:34:47.0625 2880 Ambfilt - ok

23:34:48.0171 2880 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

23:34:48.0203 2880 amdagp - ok

23:34:48.0687 2880 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

23:34:48.0703 2880 amsint - ok

23:34:49.0125 2880 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

23:34:49.0140 2880 asc - ok

23:34:49.0546 2880 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

23:34:49.0562 2880 asc3350p - ok

23:34:49.0984 2880 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

23:34:50.0000 2880 asc3550 - ok

23:34:50.0421 2880 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

23:34:50.0421 2880 AsyncMac - ok

23:34:50.0906 2880 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

23:34:50.0906 2880 atapi - ok

23:34:51.0281 2880 Atdisk - ok

23:34:51.0765 2880 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

23:34:51.0796 2880 Atmarpc - ok

23:34:52.0312 2880 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

23:34:52.0312 2880 audstub - ok

23:34:53.0703 2880 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

23:34:54.0593 2880 BCM43XX - ok

23:34:55.0140 2880 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

23:34:55.0140 2880 Beep - ok

23:34:55.0281 2880 catchme - ok

23:34:55.0875 2880 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

23:34:55.0890 2880 cbidf - ok

23:34:56.0421 2880 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

23:34:56.0421 2880 cbidf2k - ok

23:34:56.0828 2880 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

23:34:56.0843 2880 CCDECODE - ok

23:34:57.0421 2880 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

23:34:57.0421 2880 cd20xrnt - ok

23:34:57.0921 2880 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

23:34:57.0937 2880 Cdaudio - ok

23:34:58.0359 2880 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

23:34:58.0406 2880 Cdfs - ok

23:34:58.0843 2880 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

23:34:58.0890 2880 Cdrom - ok

23:34:59.0265 2880 Changer - ok

23:34:59.0734 2880 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

23:34:59.0734 2880 CmBatt - ok

23:35:00.0312 2880 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

23:35:00.0328 2880 CmdIde - ok

23:35:00.0875 2880 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

23:35:00.0875 2880 Compbatt - ok

23:35:01.0359 2880 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

23:35:01.0375 2880 Cpqarray - ok

23:35:01.0953 2880 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

23:35:01.0984 2880 dac2w2k - ok

23:35:02.0500 2880 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

23:35:02.0500 2880 dac960nt - ok

23:35:03.0062 2880 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

23:35:03.0078 2880 Disk - ok

23:35:03.0765 2880 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

23:35:03.0921 2880 dmboot - ok

23:35:04.0515 2880 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

23:35:04.0593 2880 dmio - ok

23:35:05.0140 2880 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

23:35:05.0171 2880 dmload - ok

23:35:05.0906 2880 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

23:35:05.0953 2880 DMusic - ok

23:35:06.0484 2880 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

23:35:06.0500 2880 dpti2o - ok

23:35:07.0031 2880 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

23:35:07.0031 2880 drmkaud - ok

23:35:07.0468 2880 dsiarhwprog (f35b5d0cc142b87e687fc504baa69d82) C:\WINDOWS\system32\Drivers\dsiarhwprog.sys

23:35:07.0484 2880 dsiarhwprog - ok

23:35:08.0031 2880 EMSC (a6da3468ffafbdce403ef2973ff03865) C:\WINDOWS\system32\DRIVERS\EMSC.SYS

23:35:08.0031 2880 EMSC - ok

23:35:08.0671 2880 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

23:35:08.0671 2880 Fastfat - ok

23:35:09.0218 2880 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

23:35:09.0234 2880 Fdc - ok

23:35:09.0750 2880 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

23:35:09.0750 2880 Fips - ok

23:35:10.0156 2880 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

23:35:10.0171 2880 Flpydisk - ok

23:35:10.0687 2880 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

23:35:10.0750 2880 FltMgr - ok

23:35:11.0234 2880 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

23:35:11.0234 2880 fssfltr - ok

23:35:11.0656 2880 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

23:35:11.0671 2880 Fs_Rec - ok

23:35:12.0234 2880 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

23:35:12.0296 2880 Ftdisk - ok

23:35:12.0734 2880 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

23:35:12.0750 2880 GEARAspiWDM - ok

23:35:13.0187 2880 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

23:35:13.0203 2880 Gpc - ok

23:35:13.0875 2880 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

23:35:13.0875 2880 HDAudBus - ok

23:35:14.0406 2880 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

23:35:14.0421 2880 hidusb - ok

23:35:14.0984 2880 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

23:35:15.0000 2880 hpn - ok

23:35:15.0703 2880 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

23:35:15.0875 2880 HTTP - ok

23:35:16.0390 2880 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

23:35:16.0406 2880 i2omgmt - ok

23:35:16.0937 2880 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

23:35:16.0953 2880 i2omp - ok

23:35:17.0500 2880 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

23:35:17.0531 2880 i8042prt - ok

23:35:21.0828 2880 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

23:35:25.0656 2880 ialm - ok

23:35:26.0218 2880 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

23:35:26.0250 2880 Imapi - ok

23:35:26.0781 2880 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

23:35:26.0796 2880 ini910u - ok

23:35:30.0593 2880 IntcAzAudAddService (cb1113029fae50c685198eabd9885161) C:\WINDOWS\system32\drivers\RtkHDAud.sys

23:35:30.0656 2880 IntcAzAudAddService - ok

23:35:31.0187 2880 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

23:35:31.0187 2880 IntelIde - ok

23:35:31.0718 2880 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

23:35:31.0750 2880 intelppm - ok

23:35:32.0281 2880 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

23:35:32.0312 2880 Ip6Fw - ok

23:35:32.0843 2880 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

23:35:32.0843 2880 IpFilterDriver - ok

23:35:33.0375 2880 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

23:35:33.0390 2880 IpInIp - ok

23:35:33.0937 2880 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

23:35:34.0000 2880 IpNat - ok

23:35:34.0453 2880 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

23:35:34.0500 2880 IPSec - ok

23:35:34.0906 2880 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

23:35:34.0906 2880 IRENUM - ok

23:35:35.0343 2880 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

23:35:35.0375 2880 isapnp - ok

23:35:35.0812 2880 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

23:35:35.0828 2880 Kbdclass - ok

23:35:36.0328 2880 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

23:35:36.0328 2880 kbdhid - ok

23:35:36.0890 2880 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

23:35:36.0890 2880 kmixer - ok

23:35:37.0468 2880 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

23:35:37.0515 2880 KSecDD - ok

23:35:38.0093 2880 Ktp (c8f0e98b3dded253330cb864cf855665) C:\WINDOWS\system32\DRIVERS\ETD.sys

23:35:38.0156 2880 Ktp - ok

23:35:38.0640 2880 lbrtfdc - ok

23:35:39.0078 2880 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

23:35:39.0078 2880 MBAMProtector - ok

23:35:39.0609 2880 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

23:35:39.0609 2880 mnmdd - ok

23:35:40.0109 2880 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

23:35:40.0140 2880 Modem - ok

23:35:41.0187 2880 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys

23:35:41.0781 2880 Monfilt - ok

23:35:42.0328 2880 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

23:35:42.0343 2880 Mouclass - ok

23:35:42.0843 2880 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

23:35:42.0859 2880 mouhid - ok

23:35:43.0359 2880 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

23:35:43.0375 2880 MountMgr - ok

23:35:43.0828 2880 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

23:35:43.0828 2880 mraid35x - ok

23:35:44.0359 2880 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

23:35:44.0484 2880 MRxDAV - ok

23:35:45.0250 2880 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

23:35:45.0546 2880 MRxSmb - ok

23:35:46.0078 2880 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

23:35:46.0093 2880 Msfs - ok

23:35:46.0640 2880 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

23:35:46.0640 2880 MSKSSRV - ok

23:35:47.0062 2880 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

23:35:47.0062 2880 MSPCLOCK - ok

23:35:47.0484 2880 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

23:35:47.0484 2880 MSPQM - ok

23:35:48.0000 2880 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

23:35:48.0015 2880 mssmbios - ok

23:35:48.0515 2880 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

23:35:48.0531 2880 MSTEE - ok

23:35:49.0015 2880 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

23:35:49.0078 2880 Mup - ok

23:35:49.0640 2880 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

23:35:49.0671 2880 NABTSFEC - ok

23:35:50.0296 2880 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

23:35:50.0390 2880 NDIS - ok

23:35:50.0921 2880 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

23:35:50.0937 2880 NdisIP - ok

23:35:51.0359 2880 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

23:35:51.0375 2880 NdisTapi - ok

23:35:51.0875 2880 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

23:35:51.0875 2880 Ndisuio - ok

23:35:52.0328 2880 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

23:35:52.0390 2880 NdisWan - ok

23:35:52.0828 2880 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

23:35:52.0843 2880 NDProxy - ok

23:35:53.0296 2880 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

23:35:53.0312 2880 NetBIOS - ok

23:35:53.0843 2880 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

23:35:53.0937 2880 NetBT - ok

23:35:54.0500 2880 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

23:35:54.0531 2880 Npfs - ok

23:35:55.0390 2880 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

23:35:55.0718 2880 Ntfs - ok

23:35:56.0140 2880 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

23:35:56.0140 2880 Null - ok

23:35:56.0640 2880 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

23:35:56.0640 2880 NwlnkFlt - ok

23:35:57.0140 2880 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

23:35:57.0171 2880 NwlnkFwd - ok

23:35:57.0687 2880 OA012Afx (ec528056b89d15755abb624e55949e44) C:\WINDOWS\system32\Drivers\OA012Afx.sys

23:35:57.0687 2880 OA012Afx - ok

23:35:58.0187 2880 OA012Ufd (9f4a5990f326f91f4d2fcdd869b15ff4) C:\WINDOWS\system32\DRIVERS\OA012Ufd.sys

23:35:58.0281 2880 OA012Ufd - ok

23:35:58.0859 2880 OA012Vid (e9a75e5816651ad4a4b5d98389060568) C:\WINDOWS\system32\DRIVERS\OA012Vid.sys

23:35:59.0031 2880 OA012Vid - ok

23:35:59.0484 2880 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

23:35:59.0531 2880 Parport - ok

23:36:00.0062 2880 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

23:36:00.0078 2880 PartMgr - ok

23:36:00.0593 2880 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

23:36:00.0593 2880 ParVdm - ok

23:36:01.0156 2880 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

23:36:01.0203 2880 PCI - ok

23:36:01.0687 2880 PCIDump - ok

23:36:02.0125 2880 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

23:36:02.0140 2880 PCIIde - ok

23:36:02.0734 2880 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

23:36:02.0796 2880 Pcmcia - ok

23:36:03.0265 2880 PDCOMP - ok

23:36:03.0656 2880 PDFRAME - ok

23:36:04.0031 2880 PDRELI - ok

23:36:04.0437 2880 PDRFRAME - ok

23:36:04.0906 2880 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

23:36:04.0921 2880 perc2 - ok

23:36:05.0406 2880 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

23:36:05.0406 2880 perc2hib - ok

23:36:05.0859 2880 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

23:36:05.0890 2880 PptpMiniport - ok

23:36:06.0328 2880 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

23:36:06.0375 2880 PSched - ok

23:36:06.0781 2880 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

23:36:06.0796 2880 Ptilink - ok

23:36:07.0203 2880 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

23:36:07.0218 2880 ql1080 - ok

23:36:07.0812 2880 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

23:36:07.0828 2880 Ql10wnt - ok

23:36:08.0343 2880 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

23:36:08.0359 2880 ql12160 - ok

23:36:08.0781 2880 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

23:36:08.0796 2880 ql1240 - ok

23:36:09.0218 2880 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

23:36:09.0250 2880 ql1280 - ok

23:36:09.0640 2880 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

23:36:09.0656 2880 RasAcd - ok

23:36:10.0078 2880 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

23:36:10.0109 2880 Rasl2tp - ok

23:36:10.0546 2880 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

23:36:10.0562 2880 RasPppoe - ok

23:36:10.0968 2880 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

23:36:10.0984 2880 Raspti - ok

23:36:11.0515 2880 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

23:36:11.0625 2880 Rdbss - ok

23:36:12.0140 2880 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

23:36:12.0140 2880 RDPCDD - ok

23:36:12.0812 2880 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

23:36:12.0906 2880 rdpdr - ok

23:36:13.0500 2880 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

23:36:13.0578 2880 RDPWD - ok

23:36:14.0125 2880 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

23:36:14.0156 2880 redbook - ok

23:36:14.0796 2880 RSUSBSTOR (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys

23:36:14.0812 2880 RSUSBSTOR - ok

23:36:15.0406 2880 RTLE8023xp (6e7470477d08f6e47e91016d6a1c5a5f) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

23:36:15.0484 2880 RTLE8023xp - ok

23:36:16.0015 2880 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

23:36:16.0031 2880 Secdrv - ok

23:36:16.0593 2880 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

23:36:16.0640 2880 Serial - ok

23:36:17.0187 2880 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

23:36:17.0187 2880 Sfloppy - ok

23:36:17.0687 2880 Simbad - ok

23:36:18.0140 2880 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

23:36:18.0156 2880 sisagp - ok

23:36:18.0687 2880 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

23:36:18.0687 2880 SLIP - ok

23:36:19.0250 2880 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

23:36:19.0265 2880 Sparrow - ok

23:36:19.0796 2880 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

23:36:19.0812 2880 splitter - ok

23:36:20.0296 2880 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

23:36:20.0343 2880 sr - ok

23:36:21.0078 2880 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

23:36:21.0093 2880 Srv - ok

23:36:21.0578 2880 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

23:36:21.0578 2880 streamip - ok

23:36:22.0062 2880 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

23:36:22.0062 2880 swenum - ok

23:36:22.0609 2880 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

23:36:22.0656 2880 swmidi - ok

23:36:23.0140 2880 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

23:36:23.0140 2880 symc810 - ok

23:36:23.0640 2880 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

23:36:23.0671 2880 symc8xx - ok

23:36:24.0171 2880 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

23:36:24.0187 2880 sym_hi - ok

23:36:24.0687 2880 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

23:36:24.0718 2880 sym_u3 - ok

23:36:25.0328 2880 SynTP (a10d781153bb23036b474ffedb448266) C:\WINDOWS\system32\DRIVERS\SynTP.sys

23:36:25.0468 2880 SynTP - ok

23:36:25.0968 2880 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

23:36:26.0000 2880 sysaudio - ok

23:36:26.0734 2880 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

23:36:26.0968 2880 Tcpip - ok

23:36:27.0453 2880 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

23:36:27.0468 2880 TDPIPE - ok

23:36:28.0000 2880 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

23:36:28.0000 2880 TDTCP - ok

23:36:28.0515 2880 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

23:36:28.0546 2880 TermDD - ok

23:36:29.0062 2880 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

23:36:29.0078 2880 TosIde - ok

23:36:29.0609 2880 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

23:36:29.0640 2880 Udfs - ok

23:36:30.0171 2880 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

23:36:30.0187 2880 ultra - ok

23:36:30.0921 2880 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

23:36:31.0171 2880 Update - ok

23:36:31.0687 2880 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

23:36:31.0718 2880 usbccgp - ok

23:36:32.0234 2880 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

23:36:32.0250 2880 usbehci - ok

23:36:32.0750 2880 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

23:36:32.0796 2880 usbhub - ok

23:36:33.0296 2880 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

23:36:33.0312 2880 usbprint - ok

23:36:33.0781 2880 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

23:36:33.0796 2880 usbscan - ok

23:36:34.0265 2880 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

23:36:34.0265 2880 USBSTOR - ok

23:36:34.0734 2880 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

23:36:34.0750 2880 usbuhci - ok

23:36:35.0296 2880 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

23:36:35.0359 2880 usbvideo - ok

23:36:35.0859 2880 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

23:36:35.0875 2880 VgaSave - ok

23:36:36.0406 2880 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

23:36:36.0421 2880 viaagp - ok

23:36:36.0937 2880 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

23:36:36.0937 2880 ViaIde - ok

23:36:37.0468 2880 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

23:36:37.0500 2880 VolSnap - ok

23:36:38.0031 2880 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

23:36:38.0062 2880 Wanarp - ok

23:36:38.0890 2880 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

23:36:38.0906 2880 Wdf01000 - ok

23:36:39.0359 2880 WDICA - ok

23:36:39.0890 2880 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

23:36:39.0953 2880 wdmaud - ok

23:36:40.0484 2880 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

23:36:40.0500 2880 WmiAcpi - ok

23:36:41.0031 2880 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

23:36:41.0046 2880 WSTCODEC - ok

23:36:41.0125 2880 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

23:36:41.0156 2880 \Device\Harddisk0\DR0 - ok

23:36:41.0171 2880 Boot (0x1200) (e434d9ef91910d2720a9a95c29fb1fae) \Device\Harddisk0\DR0\Partition0

23:36:41.0171 2880 \Device\Harddisk0\DR0\Partition0 - ok

23:36:41.0171 2880 ============================================================

23:36:41.0171 2880 Scan finished

23:36:41.0171 2880 ============================================================

23:36:41.0203 3092 Detected object count: 0

23:36:41.0203 3092 Actual detected object count: 0

Link to post
Share on other sites

I ran MBAM again with the update and here is the log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7911

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/10/2011 1:29:53 AM

mbam-log-2011-10-10 (01-29-53).txt

Scan type: Quick scan

Objects scanned: 208940

Time elapsed: 29 minute(s), 49 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 1

Registry Keys Infected: 0

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

c:\documents and settings\Cami\local settings\application data\identities\identitiesupdate\identitiesupdt32.exe (Trojan.Agent) -> 2748 -> Unloaded process successfully.

Memory Modules Infected:

c:\documents and settings\Cami\local settings\application data\identities\identitiesupdate\identitiesupdt32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Identities Update (Trojan.Agent) -> Value: Identities Update -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Identities Update (Trojan.Agent) -> Value: Identities Update -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IntelUpdateNotifier (Trojan.SHarpro.PGen) -> Value: IntelUpdateNotifier -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Cami\local settings\application data\identities\identitiesupdate\identitiesupdt32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Cami\local settings\application data\identities\identitiesupdate\identitiesupdt32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Cami\local settings\Temp\A6F7.tmp (Trojan.Tracur.VGen) -> Quarantined and deleted successfully.

c:\documents and settings\Cami\local settings\Temp\thpm921895177245923317.tmp (Trojan.Tracur.VGen) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Thanks again....attached is the new Combofix log. It took me a while to get it started as my computer keeps on freezing and I have to do a hard shut down. Also, I run all of this from the "invited" and not the main user since the main user won't let me get to an Active Desktop.

ComboFix 11-10-11.05 - Invitado 10/12/2011 11:18:52.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.522 [GMT -4:00]

Running from: c:\documents and settings\Invitado\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))

.

.

2011-10-12 14:46 . 2011-10-12 14:47 -------- d-----w- c:\windows\LastGood

2011-10-12 14:27 . 2011-10-12 14:27 -------- d-----w- C:\5925a593e52b9be744e9

2011-10-12 14:12 . 2011-10-12 14:12 -------- d-----w- C:\ac61906fc74d5f200410b6b0bd

2011-10-10 03:18 . 2011-10-10 03:18 -------- d-----w- C:\found.000

2011-10-07 05:00 . 2011-10-07 05:04 -------- d-----w- c:\program files\RegistryFix8

2011-09-24 18:10 . 2011-09-24 18:10 -------- d-----w- c:\documents and settings\Invitado\Application Data\Malwarebytes

2011-09-23 17:58 . 2011-09-23 17:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2011-09-22 20:27 . 2011-09-22 20:27 -------- d-----w- c:\program files\Elantech

2011-09-22 20:27 . 2008-04-14 04:09 23040 -c--a-w- c:\windows\system32\dllcache\mouclass.sys

2011-09-22 20:27 . 2008-04-14 04:09 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys

2011-09-22 20:26 . 2009-02-09 16:35 83456 ----a-w- c:\windows\system32\drivers\ETD.sys

2011-09-20 00:46 . 2011-09-20 00:46 -------- d-----w- c:\program files\FYZip

2011-09-20 00:08 . 2011-09-20 00:08 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-09-20 00:03 . 2011-09-20 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-09-19 23:26 . 2011-09-20 00:46 -------- d-----w- c:\documents and settings\Invitado\Local Settings\Application Data\AskToolbar

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-31 21:00 . 2011-06-22 22:44 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-10_01.44.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-10-12 14:44 . 2011-10-12 14:44 16384 c:\windows\Temp\Perflib_Perfdata_7b8.dat

+ 2008-04-25 20:33 . 2011-10-12 15:09 80912 c:\windows\system32\perfc009.dat

- 2008-04-25 20:33 . 2011-10-06 17:49 80912 c:\windows\system32\perfc009.dat

+ 2011-10-12 15:34 . 2011-10-12 15:34 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\b4f847388ce15a52415140b51bb302cd\WindowsLiveWriter.ni.exe

+ 2011-10-12 15:35 . 2011-10-12 15:35 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b2a658a95c00ce9e3522e522d3c0938c\WindowsLive.Writer.Api.ni.dll

+ 2011-10-12 15:20 . 2011-10-12 15:20 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\cdd82bed40b03dfaad7ce778b674654d\PresentationFontCache.ni.exe

+ 2011-10-12 15:16 . 2011-10-12 15:16 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\6d609c1837cb528623b4045e5ae13f6c\PresentationCFFRasterizer.ni.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2011-10-12 15:01 . 2011-10-12 15:01 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2011-10-12 15:00 . 2011-10-12 15:00 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2011-10-12 15:04 . 2011-10-12 15:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2011-10-12 15:01 . 2011-10-12 15:01 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2011-10-12 15:03 . 2011-10-12 15:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2011-10-12 15:03 . 2011-10-12 15:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2011-10-12 15:04 . 2011-10-12 15:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2011-10-12 15:03 . 2011-10-12 15:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2011-10-12 15:01 . 2011-10-12 15:01 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2011-10-12 15:01 . 2011-10-12 15:01 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2011-10-12 15:02 . 2011-10-12 15:02 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2011-10-12 15:02 . 2011-10-12 15:02 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2011-10-12 15:01 . 2011-10-12 15:01 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2011-10-12 15:01 . 2011-10-12 15:01 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2011-10-12 15:01 . 2011-10-12 15:01 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2011-10-12 15:04 . 2011-10-12 15:04 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2011-09-15 02:27 . 2011-09-15 02:27 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2011-10-12 15:01 . 2011-10-12 15:01 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2011-10-12 15:01 . 2011-10-12 15:01 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2011-10-12 15:03 . 2011-10-12 15:03 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2011-10-12 15:03 . 2011-10-12 15:03 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2008-04-25 20:33 . 2011-10-12 15:09 466128 c:\windows\system32\perfh009.dat

- 2008-04-25 20:33 . 2011-10-06 17:49 466128 c:\windows\system32\perfh009.dat

+ 2011-10-12 15:36 . 2011-10-12 15:36 626688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\695bb844ec56ce5ddb01916b4d4fd6dd\WindowsLiveLocal.WriterPlugin.ni.dll

+ 2011-10-12 15:35 . 2011-10-12 15:35 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ce8c420d4ca231e3a8ab26f3eb8cb2cd\WindowsLive.Writer.BlogClient.ni.dll

+ 2011-10-12 15:36 . 2011-10-12 15:36 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ccba989314684f85a0213a244acab6ce\WindowsLive.Writer.FileDestinations.ni.dll

+ 2011-10-12 15:35 . 2011-10-12 15:35 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c8821c408e332332461693a70feebbe8\WindowsLive.Writer.Interop.ni.dll

+ 2011-10-12 15:35 . 2011-10-12 15:35 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9e8dbba67433f44e8eb075df8ad17a61\WindowsLive.Writer.Mshtml.ni.dll

+ 2011-10-12 15:35 . 2011-10-12 15:35 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8b3219d1804a1f0b423c1e96a3127a64\WindowsLive.Writer.Controls.ni.dll

+ 2011-10-12 15:35 . 2011-10-12 15:35 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\84c414f65ac1d34a009caf98940ce043\WindowsLive.Writer.Passport.ni.dll

+ 2011-10-12 15:36 . 2011-10-12 15:36 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\70a6f530ece7509f57000a8dea57572a\WindowsLive.Writer.SpellChecker.ni.dll

+ 2011-10-12 15:35 . 2011-10-12 15:35 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\66829a07df4fe9113ae0a4457040883c\WindowsLive.Writer.Extensibility.ni.dll

+ 2011-10-12 15:36 . 2011-10-12 15:36 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6429367a4a10c05b21adcbd125632c5c\WindowsLive.Writer.Instrumentation.ni.dll

+ 2011-10-12 15:35 . 2011-10-12 15:35 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\36cb7f05e9fd6cd37ab5db2a7536535e\WindowsLive.Writer.BrowserControl.ni.dll

+ 2011-10-12 15:35 . 2011-10-12 15:35 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1420c94f143ab12c85995454afdd2f8b\WindowsLive.Writer.HtmlEditor.ni.dll

+ 2011-10-12 15:35 . 2011-10-12 15:35 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0c5f1a3e6525319d8b2960afd04a42d3\WindowsLive.Writer.HtmlParser.ni.dll

+ 2011-10-12 15:35 . 2011-10-12 15:35 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\03592dfdfee22e869f3990e01f32ef1a\WindowsLive.Writer.Localization.ni.dll

+ 2011-10-12 15:35 . 2011-10-12 15:35 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\4c50d9576a0910068fb0d0dcfc422462\WindowsLive.Client.ni.dll

+ 2011-10-12 15:28 . 2011-10-12 15:28 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\c4e757916eab2972dd400a2804448402\WindowsFormsIntegration.ni.dll

+ 2011-10-12 15:28 . 2011-10-12 15:28 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\67134212d1d81c09f268bba3b43f8e29\UIAutomationClient.ni.dll

+ 2011-10-12 15:26 . 2011-10-12 15:26 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\2ada518d9f96ef7f0594b025decda2eb\System.Web.RegularExpressions.ni.dll

+ 2011-10-12 15:23 . 2011-10-12 15:23 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\c1a814878c1c9c248d50de10c6e3cbe0\System.Transactions.ni.dll

+ 2011-10-12 15:26 . 2011-10-12 15:26 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c9fce59d7b8b4c23183169698e5f923a\System.ServiceProcess.ni.dll

+ 2011-10-12 15:16 . 2011-10-12 15:16 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\b063ad4b89b9d7e59155c990419fe4ae\System.Security.ni.dll

+ 2011-10-12 15:20 . 2011-10-12 15:20 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\059610eb18984b05197d49730697bb25\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2011-10-12 15:24 . 2011-10-12 15:24 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3d07241251b2f6fa87a4a9e8fd426f66\System.Runtime.Remoting.ni.dll

+ 2011-10-12 15:31 . 2011-10-12 15:31 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\09d8a4b0020ca88bfdc4570592e6f665\System.IO.Log.ni.dll

+ 2011-10-12 15:31 . 2011-10-12 15:31 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\f11321f5caf419d0c3fd664808a7694f\System.IdentityModel.Selectors.ni.dll

+ 2011-10-12 15:23 . 2011-10-12 15:23 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c27349976739080d1d7d2afe9e0ba934\System.EnterpriseServices.Wrapper.dll

+ 2011-10-12 15:23 . 2011-10-12 15:23 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c27349976739080d1d7d2afe9e0ba934\System.EnterpriseServices.ni.dll

+ 2011-10-12 15:26 . 2011-10-12 15:26 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\45195079c4f299f82ead0996a8ca39d4\System.Drawing.Design.ni.dll

+ 2011-10-12 15:26 . 2011-10-12 15:26 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c447e45fa99945a78585d1aae2b9db69\System.DirectoryServices.Protocols.ni.dll

+ 2011-10-12 15:15 . 2011-10-12 15:15 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4ae21520b442d6f0b44cb625a0997b16\System.Configuration.ni.dll

+ 2011-10-12 15:26 . 2011-10-12 15:26 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\d89208d9de541b68e36a0f5896288633\System.Configuration.Install.ni.dll

+ 2011-10-12 15:27 . 2011-10-12 15:27 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\91492456ba3f9c67a944d5477bc38e32\PresentationFramework.Royale.ni.dll

+ 2011-10-12 15:27 . 2011-10-12 15:27 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6f2b961a916f9c77b06930710433f5e5\PresentationFramework.Luna.ni.dll

+ 2011-10-12 15:26 . 2011-10-12 15:26 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\062e66ebb0807f7a838d48d0301ac133\PresentationFramework.Aero.ni.dll

+ 2011-10-12 15:26 . 2011-10-12 15:26 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\03a6d8c699be7a92615635a05c4d8e4b\PresentationFramework.Classic.ni.dll

+ 2011-10-12 15:16 . 2011-10-12 15:16 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\51867e44d471879593014a78d3b1c911\Microsoft.Build.Utilities.ni.dll

+ 2011-10-12 15:30 . 2011-10-12 15:30 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\54cc586dcce60c9e452006223a167256\AspNetMMCExt.ni.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2011-10-12 15:01 . 2011-10-12 15:01 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2011-10-12 15:01 . 2011-10-12 15:01 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2011-10-12 15:02 . 2011-10-12 15:02 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2011-10-12 15:03 . 2011-10-12 15:03 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2011-10-12 15:03 . 2011-10-12 15:03 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2011-10-12 15:03 . 2011-10-12 15:03 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2011-10-12 15:03 . 2011-10-12 15:03 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2011-10-12 15:04 . 2011-10-12 15:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2011-10-12 15:03 . 2011-10-12 15:03 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2011-10-12 15:02 . 2011-10-12 15:02 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2011-10-12 15:01 . 2011-10-12 15:01 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2011-10-12 15:05 . 2011-10-12 15:05 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2011-10-12 15:05 . 2011-10-12 15:05 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2011-10-12 15:05 . 2011-10-12 15:05 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2011-10-12 15:04 . 2011-10-12 15:04 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2011-10-12 15:01 . 2011-10-12 15:01 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2011-10-12 15:02 . 2011-10-12 15:02 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2011-10-12 15:02 . 2011-10-12 15:02 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2011-10-12 15:02 . 2011-10-12 15:02 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2011-10-12 15:04 . 2011-10-12 15:04 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2011-10-12 15:03 . 2011-10-12 15:03 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2011-10-12 14:59 . 2011-10-12 14:59 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2011-10-12 15:03 . 2011-10-12 15:03 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2011-10-12 15:03 . 2011-10-12 15:03 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2011-10-12 15:03 . 2011-10-12 15:03 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2011-10-12 15:04 . 2011-10-12 15:04 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2010-03-23 10:32 . 2010-03-23 10:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2011-01-18 08:39 . 2011-01-18 08:39 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2011-01-19 03:36 . 2011-01-19 03:36 2687488 c:\windows\Installer\6710f.msp

+ 2011-01-19 03:36 . 2011-01-19 03:36 2687488 c:\windows\Installer\61f62.msp

+ 2011-10-12 15:35 . 2011-10-12 15:35 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d522ce15105ccd17d656a6c81596c8e6\WindowsLive.Writer.ApplicationFramework.ni.dll

+ 2011-10-12 15:35 . 2011-10-12 15:35 2018816 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b9e7775ea49a6cd0747ba2d55cba0ea7\WindowsLive.Writer.CoreServices.ni.dll

+ 2011-10-12 15:34 . 2011-10-12 15:34 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7d54072d687819dd0657d7f55a5e1b15\WindowsLive.Writer.PostEditor.ni.dll

+ 2011-10-12 15:16 . 2011-10-12 15:16 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\ecfaf4c8cf88e46336e0d9199f151170\WindowsBase.ni.dll

+ 2011-10-12 15:28 . 2011-10-12 15:28 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\fcee1878ef90b83e76b1d521d5324738\UIAutomationClientsideProviders.ni.dll

+ 2011-10-12 15:14 . 2011-10-12 15:14 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\2ee5fa84aab38d975299bdbcfe27c2be\System.ni.dll

+ 2011-10-12 15:15 . 2011-10-12 15:15 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\643260c8e42e404ba7d54896288c6953\System.Xml.ni.dll

+ 2011-10-12 15:25 . 2011-10-12 15:25 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ab3b554012d50261a63e957db845161d\System.Web.Services.ni.dll

+ 2011-10-12 15:28 . 2011-10-12 15:28 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\1b91be05598a0988497fb80149195a76\System.Speech.ni.dll

+ 2011-10-12 15:31 . 2011-10-12 15:31 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a08bf1a5270b03cbc9446ec598e88bd3\System.Runtime.Serialization.ni.dll

+ 2011-10-12 15:23 . 2011-10-12 15:23 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\4027d1fd14571993606764a2b4a95669\System.Printing.ni.dll

+ 2011-10-12 15:31 . 2011-10-12 15:31 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d9abb418168882316e62b7485bf85297\System.IdentityModel.ni.dll

+ 2011-10-12 15:18 . 2011-10-12 15:18 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e85ea7cc5a3f42188b54b82648c95e21\System.Drawing.ni.dll

+ 2011-10-12 15:23 . 2011-10-12 15:23 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\26281b0e0701165ef64dd790f98fcc9c\System.DirectoryServices.ni.dll

+ 2011-10-12 15:18 . 2011-10-12 15:18 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\87af438b2974e4f84eabba0515fb655e\System.Deployment.ni.dll

+ 2011-10-12 15:23 . 2011-10-12 15:23 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedc8c013c171a4d9df2f17a0d01d4d5\System.Data.ni.dll

+ 2011-10-12 15:15 . 2011-10-12 15:15 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\47d66f62e367ee3f1211e849b2235015\System.Data.SqlXml.ni.dll

+ 2011-10-12 15:26 . 2011-10-12 15:26 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\273ac710706efe9520fdbe73f415093a\System.Data.OracleClient.ni.dll

+ 2011-10-12 15:27 . 2011-10-12 15:27 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\50715fe45ed3d9d3cda872a545307ca7\System.Data.Linq.ni.dll

+ 2011-10-12 15:27 . 2011-10-12 15:27 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\cfff80e384d81c4bdef62ea9a2e5c906\System.Core.ni.dll

+ 2011-10-12 15:22 . 2011-10-12 15:22 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\26a591907b570547755c637ab2364ced\ReachFramework.ni.dll

+ 2011-10-12 15:22 . 2011-10-12 15:22 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\1cd1998e21b6204aa504df09d83d7bd8\PresentationUI.ni.dll

+ 2011-10-12 15:15 . 2011-10-12 15:15 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\30aaba801d27cbaa59219b2beeb907f9\PresentationBuildTasks.ni.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2011-10-12 15:05 . 2011-10-12 15:05 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2011-10-12 15:07 . 2011-10-12 15:07 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2011-10-12 15:00 . 2011-10-12 15:00 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2011-10-12 15:00 . 2011-10-12 15:01 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2011-10-12 14:59 . 2011-10-12 14:59 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2011-10-12 15:05 . 2011-10-12 15:05 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2011-10-12 15:04 . 2011-10-12 15:04 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

- 2011-09-15 02:27 . 2011-09-15 02:27 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2011-10-12 15:19 . 2011-10-12 15:19 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\83ef2e542d79fd83abbd68050b3e80e6\System.Windows.Forms.ni.dll

+ 2011-10-12 15:24 . 2011-10-12 15:24 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\0b1986585871675bda1162ff080d59fc\System.Web.ni.dll

+ 2011-10-12 15:33 . 2011-10-12 15:33 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\fe0c088643cbc5be6526f9939ede5e8b\System.ServiceModel.ni.dll

+ 2011-10-12 15:26 . 2011-10-12 15:26 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b311283bd26cbe231a92641f662d74a7\System.Design.ni.dll

+ 2011-10-12 15:21 . 2011-10-12 15:21 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\184afadfde1ea9b492fc060be965bd57\PresentationFramework.ni.dll

+ 2011-10-12 15:17 . 2011-10-12 15:17 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3f585263a03e3a8f944e0eefdeb88630\PresentationCore.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-05-26 20:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-15 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-15 1434920]

"RTHDCPL"="RTHDCPL.EXE" [2009-03-15 17529856]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-15 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-15 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-15 137752]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-05-10 148888]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]

"WSED"="c:\program files\WSED\WSED.exe" [2009-05-27 247080]

"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2009-07-22 623984]

"CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-02-23 320808]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-01-23 416768]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 07:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-09-02 20:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-05-15 01:21 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [5/10/2010 6:23 PM 14248]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/22/2011 6:44 PM 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/22/2011 6:44 PM 22216]

R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [5/7/2010 5:50 PM 148056]

R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [5/7/2010 5:50 PM 133472]

R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [5/7/2010 5:50 PM 271328]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [5/7/2010 5:50 PM 162816]

S2 gupdate;Servicio de actualización de Google (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2010 9:21 PM 136176]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/7/2010 5:50 PM 1684736]

S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [5/23/2010 7:47 PM 29184]

S3 gupdatem;Google Update Servicio (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2010 9:21 PM 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 4:33 PM 14336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc5d3ca8bdf406.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 01:21]

.

2011-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 01:21]

.

2011-10-12 c:\windows\Tasks\User_Feed_Synchronization-{2CBFC6CE-55ED-4CD4-BBC7-C36C2FF7857B}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.msn.com

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-12 11:36

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(852)

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'explorer.exe'(3880)

c:\windows\system32\WININET.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2011-10-12 11:40:02

ComboFix-quarantined-files.txt 2011-10-12 15:39

ComboFix2.txt 2011-10-10 01:47

.

Pre-Run: 144,768,614,400 bytes free

Post-Run: 144,641,433,600 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 416187154FB276427CC3320B99AA5979

Link to post
Share on other sites

  • Staff

Hi,

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

You can read more about Ask.com here

To remove it:

Click Start-->Control Panel-->Programs and Features

Click on the program name AskBarDis and/or Ask Toolbar to highlight it

From the menu at the top, select Uninstall or Remove.

Please reboot the computer.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

I had to run the ESET scanner twice. My computer froze (as it often does) when the first scan had identified 7 viruses at 74% of the scan. The second scan completed successfully. Here is the log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=fc9d3b9c9b5b4c4eb067698c123b99b8

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-10-15 02:33:02

# local_time=2011-10-14 10:33:02 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1536 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=69253

# found=7

# cleaned=7

# scan_time=7526

C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP55\A0042788.dll a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP55\A0042789.exe a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP57\A0059894.exe Win32/Adware.ErrorClean application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP57\A0059896.dll a variant of Win32/Kryptik.TGT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP57\A0059897.dll a variant of Win32/Kryptik.TGT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP61\A0071017.exe Win32/Adware.ErrorClean application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP61\A0071018.dll Win32/Adware.ErrorClean application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Here is the checkup log:

Results of screen317's Security Check version 0.99.24

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 13

Out of date Java installed!

Adobe Reader X (10.1.0) Adobe Reader Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Java™ 6 Update 13

Adobe Reader X (10.1.0)

Restart your computer.

Get the latest version of Java and Adobe Flash Player.

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

-screen317

Link to post
Share on other sites

I am still unable to run anything from my main user profile. It automatically goes into Active Desktop Recovery mode and when I click on Restore my Active Desktop it gives me a script error message line 65 char 1 "object doesn't support this action". So, in switching to guest user, I uninstalled/deleted what you indicated and got latest versions. I had to do a hard shutdown of my computer 5 times before I was able to run the Overdrive test because my computer kept on freezing.

Here is the URL for the results: http://www.pcpitstop.com/betapit/sec.asp?conid=24607865

Thank you.

Link to post
Share on other sites

  • Staff

Hi,

If you create a new profile, does everything run fine from there?

PCPitStop noted several things that you can do to improve the shape your computer is in.

Pay particular attention to these items:

• Delete Temporary Files:

Please download CCleaner and save it to your desktop.

  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Please do NOT run a scan yet!

Now, open CCleaner:

  • Click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.

    [*]Then, click the "Applications" tab:

    • CHECK everything there.

    [*]Next, click the "Options" button in the left pane, then click the "Advanced" button:

    • CHECK : "Only delete files in Windows Temp folders older than 48 hours".

    [*]Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.

    [*]When done, please exit CCleaner.

CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.

• Reduce System Restore space (Drive C):

Right click My Computer and click Properties. Select the System Restore tab, and move the slider to 3%. You're pretty much wasting disk space otherwise.

• Defragment Drive C:

Defragmenting is a must. It's one of the large reasons for system slowdowns. I use Defraggler to defragment. It is free to download and you can use it forever. I recommend installing it and defragmenting as soon as possible.

Also take the time to take a look at the other tips PCPitStop reported. I've just highlighted some of the more important ones.

Link to post
Share on other sites

I created a new profile and what I notice is that my computer keeps freezing. It happens ad hoc without really doing anything specific. I have to do a hard shutdown. The computer still does not connect to the wireless for some reason. It does run internet when plugged to the cable. The audio is distorted.

I ran CCleaner. I reduced the System Restore space to 3%. I ran Defraggler.

What else should I do? Thanks!!!

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.