Solved Trojan problem

broni · 2012/03/31

Way to go!!
Good luck and stay safe

dave1234 · 2012/04/14

Broni,
Still infected/Re infected?. PC was fine,then said it recovered from a serious error. Am working from laptop, no programs work from PC.
Thanks
Dave

dave1234 · 2012/04/14

M Security Essentials is picking up a detected item

Exploit:Java/CVE-2012-0507.Q

It was deleted but keeps coming back.

broni · 2012/04/14

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

dave1234 · 2012/04/14

Infected PC is working now but slow...
Eset cannot run due to unexpected error
Malwarebytes picked up one Trojan and was deleted.

dave1234 · 2012/04/15

Eset

C:\Documents and Settings\David Peters\DoctorWeb\Quarantine\774de4b7-4cd91c78 Java/ClassLoader.Dummy.D trojan
C:\Documents and Settings\David Peters\DoctorWeb\Quarantine\7dc55cf4-2af858ed Java/ClassLoader.Dummy.D trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\32\c3478a0-5fbb2dd1 a variant of Win32/Kryptik.ADYQ trojan

broni · 2012/04/15

I'd like to see MBAM log.

Then....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes ".
Click the "Scan" button to start scan.
On completion of the scan click "Save log ", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Download Bootkit Remover to your desktop.

Unzip downloaded file to your Desktop.

Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

dave1234 · 2012/04/15

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.27.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
David Peters :: D124YR81 [administrator]

4/14/2012 6:15:41 PM
mbam-log-2012-04-14 (18-15-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230918
Time elapsed: 1 hour(s), 10 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: %APPDATA%\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

dave1234 · 2012/04/15

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.27.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
David Peters :: D124YR81 [administrator]

4/14/2012 6:15:41 PM
mbam-log-2012-04-14 (18-15-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230918
Time elapsed: 1 hour(s), 10 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: %APPDATA%\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-15 11:50:32
-----------------------------
11:50:32.937 OS Version: Windows 5.1.2600 Service Pack 3
11:50:32.937 Number of processors: 2 586 0x403
11:50:32.937 ComputerName: D124YR81 UserName:
11:50:36.218 Initialize success
11:52:11.765 AVAST engine defs: 12041501
11:52:25.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
11:52:25.593 Disk 0 Vendor: Maxtor_6L080M0 BANC1G10 Size: 76293MB BusType: 3
11:52:25.609 Device \Driver\atapi -> DriverStartIo 823ac2c6
11:52:25.625 Disk 0 MBR read successfully
11:52:25.640 Disk 0 MBR scan
11:52:25.796 Disk 0 MBR:Alureon-M [Rtk]
11:52:25.796 Disk 0 TDL4@MBR code has been found
11:52:25.812 Disk 0 MBR hidden
11:52:25.812 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:52:25.843 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 73171 MB offset 80325
11:52:25.890 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 149934645
11:52:25.890 Disk 0 MBR [TDL4] **ROOTKIT**
11:52:25.906 Disk 0 trace - called modules:
11:52:25.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x823ac49f]<<
11:52:25.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82dd2ab8]
11:52:25.953 3 CLASSPNP.SYS[f85a7fd7] -> nt!IofCallDriver -> [0x82cb2c88]
11:52:25.968 \Driver\atapi[0x82ce7300] -> IRP_MJ_CREATE -> 0x823ac49f
11:52:27.375 AVAST engine scan C:\WINDOWS
11:52:36.328 AVAST engine scan C:\WINDOWS\system32
11:55:10.875 AVAST engine scan C:\WINDOWS\system32\drivers
11:55:25.546 AVAST engine scan C:\Documents and Settings\David Peters
12:00:24.531 AVAST engine scan C:\Documents and Settings\All Users
12:01:23.437 Scan finished successfully
12:04:24.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\David Peters\Desktop\MBR.dat "
12:04:24.578 The log file has been saved successfully to "C:\Documents and Settings\David Peters\Desktop\4-15 MBR log.txt "

dave1234 · 2012/04/15

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.27.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
David Peters :: D124YR81 [administrator]

4/14/2012 6:15:41 PM
mbam-log-2012-04-14 (18-15-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230918
Time elapsed: 1 hour(s), 10 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: %APPDATA%\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

broni · 2012/04/15

It looks like you got reinfected.

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

dave1234 · 2012/04/15

TDSS ran and found one item. then cure and reboot. Searched for log in C but found none.

broni · 2012/04/15

Re-run it one more time.

dave1234 · 2012/04/15

14:22:43.0475 3024 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
14:22:43.0709 3024 ============================================================
14:22:43.0709 3024 Current date / time: 2012/04/15 14:22:43.0709
14:22:43.0709 3024 SystemInfo:
14:22:43.0709 3024
14:22:43.0709 3024 OS Version: 5.1.2600 ServicePack: 3.0
14:22:43.0709 3024 Product type: Workstation
14:22:43.0709 3024 ComputerName: D124YR81
14:22:43.0709 3024 UserName: David Peters
14:22:43.0709 3024 Windows directory: C:\WINDOWS
14:22:43.0709 3024 System windows directory: C:\WINDOWS
14:22:43.0709 3024 Processor architecture: Intel x86
14:22:43.0709 3024 Number of processors: 2
14:22:43.0709 3024 Page size: 0x1000
14:22:43.0709 3024 Boot type: Normal boot
14:22:43.0709 3024 ============================================================
14:22:46.0147 3024 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:22:46.0147 3024 \Device\Harddisk0\DR0:
14:22:46.0147 3024 MBR used
14:22:46.0147 3024 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8EE9870
14:22:46.0569 3024 Initialize success
14:22:46.0569 3024 ============================================================
14:22:49.0366 1092 ============================================================
14:22:49.0366 1092 Scan started
14:22:49.0366 1092 Mode: Manual;
14:22:49.0366 1092 ============================================================
14:22:50.0428 1092 Abiosdsk - ok
14:22:50.0491 1092 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:22:50.0491 1092 abp480n5 - ok
14:22:50.0569 1092 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:22:50.0647 1092 ACPI - ok
14:22:50.0881 1092 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:22:50.0881 1092 ACPIEC - ok
14:22:51.0084 1092 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:22:51.0084 1092 adpu160m - ok
14:22:51.0147 1092 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:22:51.0147 1092 aec - ok
14:22:51.0225 1092 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:22:51.0241 1092 AFD - ok
14:22:51.0319 1092 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:22:51.0334 1092 agp440 - ok
14:22:51.0413 1092 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:22:51.0413 1092 agpCPQ - ok
14:22:51.0459 1092 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:22:51.0459 1092 Aha154x - ok
14:22:51.0522 1092 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:22:51.0522 1092 aic78u2 - ok
14:22:51.0584 1092 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:22:51.0600 1092 aic78xx - ok
14:22:51.0678 1092 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:22:51.0678 1092 Alerter - ok
14:22:51.0741 1092 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:22:51.0741 1092 ALG - ok
14:22:51.0788 1092 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:22:51.0788 1092 AliIde - ok
14:22:51.0850 1092 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:22:51.0850 1092 alim1541 - ok
14:22:51.0928 1092 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:22:51.0928 1092 amdagp - ok
14:22:51.0991 1092 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:22:51.0991 1092 amsint - ok
14:22:52.0100 1092 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:22:52.0100 1092 Apple Mobile Device - ok
14:22:52.0178 1092 AppMgmt - ok
14:22:52.0225 1092 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:22:52.0225 1092 asc - ok
14:22:52.0303 1092 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:22:52.0303 1092 asc3350p - ok
14:22:52.0334 1092 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:22:52.0350 1092 asc3550 - ok
14:22:52.0444 1092 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:22:52.0475 1092 aspnet_state - ok
14:22:52.0538 1092 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:22:52.0538 1092 AsyncMac - ok
14:22:52.0600 1092 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:22:52.0600 1092 atapi - ok
14:22:52.0631 1092 Atdisk - ok
14:22:52.0709 1092 Ati HotKey Poller (281d26df656e53dab568214ee282ec46) C:\WINDOWS\system32\Ati2evxx.exe
14:22:52.0725 1092 Ati HotKey Poller - ok
14:22:52.0975 1092 ati2mtag (c2b6f2161abd498d2b453050ffc81812) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:22:53.0209 1092 ati2mtag - ok
14:22:53.0319 1092 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
14:22:53.0334 1092 AtiHdmiService - ok
14:22:53.0413 1092 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:22:53.0413 1092 Atmarpc - ok
14:22:53.0491 1092 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:22:53.0491 1092 AudioSrv - ok
14:22:53.0538 1092 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:22:53.0538 1092 audstub - ok
14:22:53.0631 1092 Autocomplete (6b2f566321d64b46822dee7a8cbe0f75) C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe
14:22:53.0631 1092 Autocomplete - ok
14:22:53.0663 1092 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:22:53.0663 1092 Beep - ok
14:22:53.0725 1092 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:22:53.0772 1092 BITS - ok
14:22:53.0819 1092 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:22:53.0834 1092 Bonjour Service - ok
14:22:53.0944 1092 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:22:53.0944 1092 Browser - ok
14:22:54.0116 1092 catchme - ok
14:22:54.0194 1092 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:22:54.0194 1092 cbidf - ok
14:22:54.0241 1092 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:22:54.0241 1092 cbidf2k - ok
14:22:54.0303 1092 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:22:54.0303 1092 cd20xrnt - ok
14:22:54.0350 1092 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:22:54.0350 1092 Cdaudio - ok
14:22:54.0397 1092 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:22:54.0397 1092 Cdfs - ok
14:22:54.0459 1092 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:22:54.0459 1092 Cdrom - ok
14:22:54.0538 1092 Changer - ok
14:22:54.0600 1092 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:22:54.0600 1092 CiSvc - ok
14:22:54.0678 1092 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:22:54.0678 1092 ClipSrv - ok
14:22:54.0788 1092 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:22:54.0850 1092 clr_optimization_v2.0.50727_32 - ok
14:22:54.0928 1092 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:22:54.0928 1092 CmdIde - ok
14:22:55.0022 1092 COMSysApp - ok
14:22:55.0100 1092 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:22:55.0100 1092 Cpqarray - ok
14:22:55.0225 1092 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:22:55.0225 1092 CryptSvc - ok
14:22:55.0288 1092 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
14:22:55.0303 1092 CVirtA - ok
14:22:55.0397 1092 CVPND (30443eef52f5fb043654859eaa8e5247) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
14:22:55.0428 1092 CVPND - ok
14:22:55.0491 1092 CVPNDRVA (cb90b2762b1a1d0b40496400c55b6ade) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
14:22:55.0491 1092 CVPNDRVA - ok
14:22:55.0569 1092 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:22:55.0584 1092 dac2w2k - ok
14:22:55.0694 1092 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:22:55.0694 1092 dac960nt - ok
14:22:55.0788 1092 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:22:55.0803 1092 DcomLaunch - ok
14:22:55.0866 1092 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:22:55.0866 1092 Dhcp - ok
14:22:55.0928 1092 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:22:55.0928 1092 Disk - ok
14:22:55.0959 1092 dmadmin - ok
14:22:56.0038 1092 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:22:56.0069 1092 dmboot - ok
14:22:56.0131 1092 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:22:56.0147 1092 dmio - ok
14:22:56.0209 1092 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:22:56.0209 1092 dmload - ok
14:22:56.0303 1092 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:22:56.0303 1092 dmserver - ok
14:22:56.0366 1092 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:22:56.0366 1092 DMusic - ok
14:22:56.0428 1092 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
14:22:56.0444 1092 DNE - ok
14:22:56.0506 1092 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:22:56.0506 1092 Dnscache - ok
14:22:56.0569 1092 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:22:56.0584 1092 Dot3svc - ok
14:22:56.0647 1092 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:22:56.0647 1092 dpti2o - ok
14:22:56.0741 1092 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:22:56.0741 1092 drmkaud - ok
14:22:56.0866 1092 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
14:22:56.0866 1092 DSBrokerService - ok
14:22:56.0959 1092 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
14:22:56.0959 1092 DSproct - ok
14:22:57.0163 1092 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
14:22:57.0163 1092 dsunidrv - ok
14:22:57.0209 1092 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:22:57.0225 1092 E100B - ok
14:22:57.0303 1092 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:22:57.0303 1092 EapHost - ok
14:22:57.0350 1092 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:22:57.0366 1092 ERSvc - ok
14:22:57.0428 1092 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:22:57.0428 1092 Eventlog - ok
14:22:57.0506 1092 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:22:57.0506 1092 EventSystem - ok
14:22:57.0600 1092 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:22:57.0600 1092 Fastfat - ok
14:22:57.0678 1092 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:22:57.0694 1092 FastUserSwitchingCompatibility - ok
14:22:57.0803 1092 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
14:22:57.0819 1092 Fax - ok
14:22:57.0881 1092 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:22:57.0881 1092 Fdc - ok
14:22:57.0944 1092 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:22:57.0944 1092 Fips - ok
14:22:57.0991 1092 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:22:57.0991 1092 Flpydisk - ok
14:22:58.0131 1092 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:22:58.0147 1092 FltMgr - ok
14:22:58.0272 1092 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:22:58.0288 1092 FontCache3.0.0.0 - ok
14:22:58.0366 1092 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:22:58.0366 1092 Fs_Rec - ok
14:22:58.0413 1092 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:22:58.0413 1092 Ftdisk - ok
14:22:58.0553 1092 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:22:58.0553 1092 GEARAspiWDM - ok
14:22:58.0616 1092 getPlusHelper - ok
14:22:58.0803 1092 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:22:58.0803 1092 Gpc - ok
14:22:58.0850 1092 gupdate1c9c3951be7f6a0 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
14:22:58.0850 1092 gupdate1c9c3951be7f6a0 - ok
14:22:58.0928 1092 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
14:22:58.0928 1092 gupdatem - ok
14:22:59.0303 1092 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:22:59.0319 1092 HDAudBus - ok
14:22:59.0600 1092 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:22:59.0600 1092 helpsvc - ok
14:22:59.0788 1092 HidServ - ok
14:22:59.0991 1092 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:22:59.0991 1092 HidUsb - ok
14:23:00.0147 1092 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:23:00.0147 1092 hkmsvc - ok
14:23:00.0241 1092 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:23:00.0241 1092 hpn - ok
14:23:00.0319 1092 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:23:00.0334 1092 HTTP - ok
14:23:00.0428 1092 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:23:00.0428 1092 HTTPFilter - ok
14:23:00.0491 1092 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:23:00.0506 1092 i2omgmt - ok
14:23:00.0553 1092 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:23:00.0553 1092 i2omp - ok
14:23:00.0600 1092 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:23:00.0600 1092 i8042prt - ok
14:23:00.0678 1092 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:23:00.0709 1092 ialm - ok
14:23:00.0756 1092 iastor - ok
14:23:00.0881 1092 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:23:00.0881 1092 IDriverT - ok
14:23:01.0163 1092 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:23:01.0241 1092 idsvc - ok
14:23:01.0319 1092 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:23:01.0319 1092 Imapi - ok
14:23:01.0366 1092 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:23:01.0381 1092 ImapiService - ok
14:23:01.0444 1092 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:23:01.0444 1092 ini910u - ok
14:23:01.0506 1092 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:23:01.0522 1092 IntelIde - ok
14:23:01.0600 1092 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:23:01.0600 1092 intelppm - ok
14:23:01.0663 1092 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:23:01.0663 1092 Ip6Fw - ok
14:23:01.0772 1092 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:23:01.0772 1092 IpFilterDriver - ok
14:23:01.0850 1092 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:23:01.0850 1092 IpInIp - ok
14:23:01.0928 1092 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:23:01.0944 1092 IpNat - ok
14:23:02.0163 1092 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
14:23:02.0178 1092 iPod Service - ok
14:23:02.0225 1092 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:23:02.0241 1092 IPSec - ok
14:23:02.0288 1092 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:23:02.0288 1092 IRENUM - ok
14:23:02.0350 1092 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:23:02.0350 1092 isapnp - ok
14:23:02.0428 1092 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
14:23:02.0428 1092 JavaQuickStarterService - ok
14:23:02.0538 1092 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:23:02.0538 1092 Kbdclass - ok
14:23:02.0569 1092 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:23:02.0569 1092 kbdhid - ok
14:23:02.0616 1092 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:23:02.0631 1092 kmixer - ok
14:23:02.0678 1092 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:23:02.0678 1092 KSecDD - ok
14:23:02.0756 1092 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:23:02.0756 1092 lanmanserver - ok
14:23:02.0819 1092 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:23:02.0834 1092 lanmanworkstation - ok
14:23:02.0866 1092 Lbd - ok
14:23:02.0897 1092 lbrtfdc - ok
14:23:02.0959 1092 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:23:02.0959 1092 LmHosts - ok
14:23:03.0053 1092 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:23:03.0053 1092 Messenger - ok
14:23:03.0209 1092 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
123:03.0209 1092 mnmdd - ok
14:23:03.0272 1092 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
14:23:03.0272 1092 mnmsrvc - ok
14:23:03.0319 1092 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:23:03.0319 1092 Modem - ok
14:23:03.0366 1092 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:23:03.0366 1092 Mouclass - ok
14:23:03.0444 1092 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:23:03.0444 1092 mouhid - ok
14:23:03.0491 1092 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:23:03.0491 1092 MountMgr - ok
14:23:03.0538 1092 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
14:23:03.0553 1092 MpFilter - ok
14:23:03.0631 1092 MpKslc798391e - ok
14:23:03.0709 1092 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:23:03.0709 1092 mraid35x - ok
14:23:03.0756 1092 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:23:03.0756 1092 MRxDAV - ok
14:23:03.0819 1092 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:23:03.0834 1092 MRxSmb - ok
14:23:03.0928 1092 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:23:03.0928 1092 MSDTC - ok
14:23:03.0975 1092 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:23:03.0991 1092 Msfs - ok
14:23:04.0084 1092 MSIServer - ok
14:23:04.0194 1092 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:23:04.0194 1092 MSKSSRV - ok
14:23:04.0303 1092 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
14:23:04.0303 1092 MsMpSvc - ok
14:23:04.0366 1092 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:23:04.0366 1092 MSPCLOCK - ok
14:23:04.0444 1092 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:23:04.0444 1092 MSPQM - ok
14:23:04.0538 1092 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:23:04.0538 1092 mssmbios - ok
14:23:04.0600 1092 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:23:04.0600 1092 Mup - ok
14:23:04.0663 1092 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:23:04.0678 1092 napagent - ok
14:23:04.0741 1092 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:23:04.0741 1092 NDIS - ok
14:23:04.0788 1092 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:23:04.0803 1092 NdisTapi - ok
14:23:04.0850 1092 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:23:04.0850 1092 Ndisuio - ok
14:23:04.0881 1092 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:23:04.0897 1092 NdisWan - ok
14:23:04.0928 1092 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:23:04.0928 1092 NDProxy - ok
14:23:04.0975 1092 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:23:04.0975 1092 NetBIOS - ok
14:23:05.0116 1092 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:23:05.0131 1092 NetBT - ok
14:23:05.0225 1092 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:23:05.0241 1092 NetDDE - ok
14:23:05.0241 1092 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:23:05.0241 1092 NetDDEdsdm - ok
14:23:05.0334 1092 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:23:05.0350 1092 Netlogon - ok
14:23:05.0397 1092 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:23:05.0413 1092 Netman - ok
14:23:05.0584 1092 NetSvc (9da26b773bd04b867a8e9f427cd048fc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
14:23:05.0584 1092 NetSvc - ok
14:23:05.0725 1092 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:23:05.0741 1092 NetTcpPortSharing - ok
14:23:05.0819 1092 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:23:05.0819 1092 Nla - ok
14:23:05.0928 1092 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:23:05.0928 1092 Npfs - ok
14:23:05.0975 1092 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:23:06.0022 1092 Ntfs - ok
14:23:06.0178 1092 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:23:06.0178 1092 NtLmSsp - ok
14:23:06.0256 1092 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:23:06.0272 1092 NtmsSvc - ok
14:23:06.0334 1092 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:23:06.0334 1092 Null - ok
14:23:06.0444 1092 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:23:06.0491 1092 nv - ok
14:23:06.0569 1092 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:23:06.0569 1092 NwlnkFlt - ok
14:23:06.0631 1092 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:23:06.0631 1092 NwlnkFwd - ok
14:23:06.0772 1092 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:23:06.0819 1092 Parport - ok
14:23:06.0897 1092 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:23:06.0897 1092 PartMgr - ok
14:23:06.0975 1092 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:23:06.0991 1092 ParVdm - ok
14:23:07.0147 1092 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:23:07.0147 1092 PCI - ok
14:23:07.0272 1092 PCIDump - ok
14:23:07.0334 1092 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:23:07.0334 1092 PCIIde - ok
14:23:07.0428 1092 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:23:07.0428 1092 Pcmcia - ok
14:23:07.0491 1092 PDCOMP - ok
14:23:07.0522 1092 PDFRAME - ok
14:23:07.0553 1092 PDRELI - ok
14:23:07.0584 1092 PDRFRAME - ok
14:23:07.0631 1092 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:23:07.0631 1092 perc2 - ok
14:23:07.0725 1092 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:23:07.0725 1092 perc2hib - ok
14:23:07.0803 1092 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:23:07.0803 1092 PlugPlay - ok
14:23:07.0866 1092 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:23:07.0866 1092 PolicyAgent - ok
14:23:07.0913 1092 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:23:07.0913 1092 PptpMiniport - ok
14:23:07.0944 1092 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:23:07.0959 1092 ProtectedStorage - ok
14:23:07.0991 1092 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:23:07.0991 1092 PSched - ok
14:23:08.0131 1092 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:23:08.0131 1092 Ptilink - ok
14:23:08.0178 1092 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:23:08.0194 1092 PxHelp20 - ok
14:23:08.0288 1092 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:23:08.0288 1092 ql1080 - ok
14:23:08.0366 1092 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:23:08.0366 1092 Ql10wnt - ok
14:23:08.0444 1092 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:23:08.0444 1092 ql12160 - ok
14:23:08.0491 1092 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:23:08.0506 1092 ql1240 - ok
14:23:08.0538 1092 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:23:08.0538 1092 ql1280 - ok
14:23:08.0663 1092 RampartSvc - ok
14:23:08.0709 1092 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:23:08.0709 1092 RasAcd - ok
14:23:08.0788 1092 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:23:08.0788 1092 RasAuto - ok
14:23:08.0850 1092 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:23:08.0850 1092 Rasl2tp - ok
14:23:08.0944 1092 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:23:08.0959 1092 RasMan - ok
14:23:08.0991 1092 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:23:08.0991 1092 RasPppoe - ok
14:23:09.0100 1092 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:23:09.0100 1092 Raspti - ok
14:23:09.0209 1092 rcvpn (bca39c96b11318cbc2797c4b842e22e4) C:\WINDOWS\system32\DRIVERS\rcvpn.sys
14:23:09.0209 1092 rcvpn - ok
14:23:09.0256 1092 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:23:09.0272 1092 Rdbss - ok
14:23:09.0319 1092 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:23:09.0334 1092 RDPCDD - ok
14:23:09.0397 1092 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:23:09.0413 1092 rdpdr - ok
14:23:09.0506 1092 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
14:23:09.0522 1092 RDPWD - ok
14:23:09.0600 1092 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:23:09.0616 1092 RDSessMgr - ok
14:23:09.0678 1092 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:23:09.0678 1092 redbook - ok
14:23:09.0756 1092 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:23:09.0756 1092 RemoteAccess - ok
14:23:09.0850 1092 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
14:23:09.0850 1092 RimUsb - ok
14:23:09.0897 1092 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
14:23:09.0897 1092 RimVSerPort - ok
14:23:09.0928 1092 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
14:23:09.0928 1092 ROOTMODEM - ok
14:23:10.0069 1092 Roxio UPnP Renderer 9 (f3395d205dec030dce54d4575774cfba) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
14:23:10.0069 1092 Roxio UPnP Renderer 9 - ok
14:23:10.0131 1092 Roxio Upnp Server 9 (95519cbef94773af7cd2b26029dceea7) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
14:23:10.0194 1092 Roxio Upnp Server 9 - ok
14:23:10.0272 1092 RoxLiveShare9 (b9ea6e59e526b10a2a09f5b9d729797d) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
14:23:10.0288 1092 RoxLiveShare9 - ok
14:23:10.0334 1092 RoxMediaDB9 (3daf385624abf3c3bbfb05cff2aca7d6) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
14:23:10.0366 1092 RoxMediaDB9 - ok
14:23:10.0413 1092 RoxWatch9 (8f366d03a7fda7527f76f01f695b0205) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
14:23:10.0428 1092 RoxWatch9 - ok
14:23:10.0538 1092 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
14:23:10.0538 1092 RpcLocator - ok
14:23:10.0616 1092 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
14:23:10.0631 1092 RpcSs - ok
14:23:10.0694 1092 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:23:10.0694 1092 RSVP - ok
14:23:10.0772 1092 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:23:10.0772 1092 SamSs - ok
14:23:10.0866 1092 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:23:10.0866 1092 SASDIFSV - ok
14:23:10.0897 1092 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
14:23:10.0897 1092 SASENUM - ok
14:23:10.0897 1092 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
14:23:10.0913 1092 SASKUTIL - ok
14:23:11.0100 1092 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:23:11.0100 1092 SCardSvr - ok
14:23:11.0194 1092 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:23:11.0194 1092 Schedule - ok
14:23:11.0272 1092 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:23:11.0272 1092 Secdrv - ok
14:23:11.0319 1092 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:23:11.0334 1092 seclogon - ok
14:23:11.0366 1092 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:23:11.0366 1092 SENS - ok
14:23:11.0428 1092 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:23:11.0428 1092 serenum - ok
14:23:11.0506 1092 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:23:11.0522 1092 Serial - ok
14:23:11.0616 1092 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:23:11.0616 1092 Sfloppy - ok
14:23:11.0678 1092 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:23:11.0709 1092 SharedAccess - ok
14:23:11.0756 1092 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:23:11.0756 1092 ShellHWDetection - ok
14:23:11.0788 1092 Simbad - ok
14:23:11.0866 1092 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:23:11.0866 1092 sisagp - ok
14:23:11.0944 1092 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:23:11.0944 1092 Sparrow - ok
14:23:12.0006 1092 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:23:12.0006 1092 splitter - ok
14:23:12.0256 1092 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:23:12.0256 1092 Spooler - ok
14:23:12.0428 1092 sprtsvc_dellsupportcenter - ok
14:23:12.0631 1092 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:23:12.0663 1092 sr - ok
14:23:12.0866 1092 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:23:12.0881 1092 srservice - ok
14:23:12.0928 1092 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:23:12.0944 1092 Srv - ok
14:23:12.0991 1092 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:23:12.0991 1092 SSDPSRV - ok
14:23:13.0163 1092 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys
14:23:13.0178 1092 STHDA - ok
14:23:13.0225 1092 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:23:13.0225 1092 stisvc - ok
14:23:13.0334 1092 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:23:13.0334 1092 swenum - ok
14:23:13.0366 1092 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:23:13.0366 1092 swmidi - ok
14:23:13.0397 1092 SwPrv - ok
14:23:13.0475 1092 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:23:13.0475 1092 symc810 - ok
14:23:13.0538 1092 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:23:13.0538 1092 symc8xx - ok
14:23:13.0631 1092 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:23:13.0631 1092 sym_hi - ok
14:23:13.0663 1092 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:23:13.0678 1092 sym_u3 - ok
14:23:13.0709 1092 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:23:13.0709 1092 sysaudio - ok
14:23:13.0788 1092 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:23:13.0788 1092 SysmonLog - ok
14:23:13.0897 1092 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:23:13.0928 1092 TapiSrv - ok
14:23:13.0991 1092 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:23:14.0084 1092 Tcpip - ok
14:23:14.0178 1092 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:23:14.0178 1092 TDPIPE - ok
14:23:14.0241 1092 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:23:14.0241 1092 TDTCP - ok
14:23:14.0303 1092 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:23:14.0303 1092 TermDD - ok
14:23:14.0350 1092 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:23:14.0366 1092 TermService - ok
14:23:14.0428 1092 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:23:14.0428 1092 Themes - ok
14:23:14.0506 1092 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
14:23:14.0506 1092 TosIde - ok
14:23:14.0600 1092 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:23:14.0600 1092 TrkWks - ok
14:23:14.0663 1092 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:23:14.0663 1092 Udfs - ok
14:23:14.0741 1092 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:23:14.0741 1092 ultra - ok
14:23:14.0819 1092 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:23:14.0834 1092 Update - ok
14:23:14.0913 1092 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:23:14.0928 1092 upnphost - ok
14:23:14.0991 1092 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:23:15.0006 1092 UPS - ok
14:23:15.0178 1092 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:23:15.0178 1092 USBAAPL - ok
14:23:15.0350 1092 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:23:15.0350 1092 usbccgp - ok
14:23:15.0413 1092 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:23:15.0413 1092 usbehci - ok
14:23:15.0475 1092 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:23:15.0475 1092 usbhub - ok
14:23:15.0522 1092 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:23:15.0522 1092 usbprint - ok
14:23:15.0584 1092 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:23:15.0584 1092 usbscan - ok
14:23:15.0678 1092 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:23:15.0678 1092 USBSTOR - ok
14:23:15.0756 1092 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:23:15.0756 1092 usbuhci - ok
14:23:15.0803 1092 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:23:15.0803 1092 VgaSave - ok
14:23:15.0866 1092 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:23:15.0866 1092 viaagp - ok
14:23:15.0975 1092 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:23:15.0975 1092 ViaIde - ok
14:23:16.0038 1092 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:23:16.0038 1092 VolSnap - ok
14:23:16.0163 1092 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
14:23:16.0178 1092 vsdatant - ok
14:23:16.0272 1092 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:23:16.0288 1092 VSS - ok
14:23:16.0334 1092 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:23:16.0350 1092 w32time - ok
14:23:16.0428 1092 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:23:16.0428 1092 Wanarp - ok
14:23:16.0444 1092 wanatw - ok
14:23:16.0491 1092 WDICA - ok
14:23:16.0522 1092 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:23:16.0538 1092 wdmaud - ok
14:23:16.0584 1092 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:23:16.0600 1092 WebClient - ok
14:23:16.0709 1092 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:23:16.0725 1092 winmgmt - ok
14:23:16.0819 1092 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:23:16.0819 1092 WmdmPmSN - ok
14:23:16.0897 1092 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:23:16.0897 1092 WmiApSrv - ok
14:23:17.0163 1092 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:23:17.0225 1092 WMPNetworkSvc - ok
14:23:17.0303 1092 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:23:17.0303 1092 WpdUsb - ok
14:23:17.0366 1092 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:23:17.0366 1092 WS2IFSL - ok
14:23:17.0428 1092 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:23:17.0444 1092 wscsvc - ok
14:23:17.0475 1092 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:23:17.0491 1092 wuauserv - ok
14:23:17.0569 1092 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:23:17.0569 1092 WudfPf - ok
14:23:17.0647 1092 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:23:17.0647 1092 WudfRd - ok
14:23:17.0725 1092 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:23:17.0741 1092 WudfSvc - ok
14:23:17.0819 1092 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:23:17.0834 1092 WZCSVC - ok
14:23:17.0897 1092 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:23:17.0913 1092 xmlprov - ok
14:23:17.0928 1092 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
14:23:17.0975 1092 \Device\Harddisk0\DR0 - ok
14:23:18.0006 1092 Boot (0x1200) (5ce50ee8af3cc790b4a72be44f765f56) \Device\Harddisk0\DR0\Partition0
14:23:18.0006 1092 \Device\Harddisk0\DR0\Partition0 - ok
14:23:18.0006 1092 ============================================================
14:23:18.0006 1092 Scan finished
14:23:18.0006 1092 ============================================================
14:23:18.0022 3008 Detected object count: 0
14:23:18.0022 3008 Actual detected object count: 0

broni · 2012/04/15

Good.

How are things?

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

dave1234 · 2012/04/15

Running good so far

wrong log....

broni · 2012/04/15

Good.

I actually asked for new Combofix log.

dave1234 · 2012/04/15

Sorry about that!

ComboFix 12-04-14.02 - David Peters 04/15/2012 15:15:52.10.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.199 [GMT -4:00]
Running from: E:\davepeters.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\David Peters\Local Settings\Application Data\Musicmatch\wrqjekzr.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 17:25 . 2012-04-15 17:25 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28B1806A-2CDB-4122-8458-577AA306098E}\offreg.dll
2012-04-15 17:14 . 2012-04-15 17:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-15 10:39 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28B1806A-2CDB-4122-8458-577AA306098E}\mpengine.dll
2012-04-14 16:38 . 2012-04-14 16:38 -------- d-sh--w- c:\documents and settings\NetworkService\UserData
2012-04-14 13:18 . 2012-04-14 15:52 -------- d-----w- C:\ComboFix
2012-03-27 11:41 . 2012-03-27 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2012-03-17 22:46 . 2012-03-17 22:46 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-17 22:46 . 2012-03-17 22:46 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 02:15 . 2011-11-01 09:16 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-01 11:01 . 2004-08-10 18:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-10 18:51 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-10 18:51 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-10 18:51 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2004-08-10 18:51 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-10-22 22:58 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-17 22:46 . 2011-05-24 00:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2004-08-04 11:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 -csh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-29_00.39.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-15 17:22 . 2012-04-15 17:22 16384 c:\windows\temp\Perflib_Perfdata_368.dat
+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe
- 2004-08-10 18:51 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe
+ 2004-08-10 18:51 . 2012-04-12 23:23 73004 c:\windows\system32\perfc009.dat
- 2004-08-10 18:51 . 2012-03-29 00:43 73004 c:\windows\system32\perfc009.dat
+ 2004-08-10 18:51 . 2012-03-01 11:01 66560 c:\windows\system32\mshtmled.dll
- 2004-08-10 18:51 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 08:31 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 08:31 . 2012-03-01 11:01 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-10 18:51 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-10 18:51 . 2012-03-01 11:01 25600 c:\windows\system32\jsproxy.dll
+ 2009-07-03 09:18 . 2012-03-01 11:01 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-07-03 09:18 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-03-08 08:31 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 08:31 . 2012-03-01 11:01 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-07-29 09:36 . 2012-03-01 11:01 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-07-29 09:36 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-03-08 08:34 . 2012-03-01 11:01 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2009-03-08 08:34 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2009-03-08 08:33 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 08:33 . 2012-03-01 11:01 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2012-04-12 07:07 . 2011-12-17 19:46 12800 c:\windows\ie8updates\KB2675157-IE8\xpshims.dll
+ 2012-04-12 07:07 . 2011-12-17 19:46 66560 c:\windows\ie8updates\KB2675157-IE8\mshtmled.dll
+ 2012-04-12 07:07 . 2011-12-17 19:46 55296 c:\windows\ie8updates\KB2675157-IE8\msfeedsbs.dll
+ 2012-04-12 07:07 . 2011-12-17 19:46 43520 c:\windows\ie8updates\KB2675157-IE8\licmgr10.dll
+ 2012-04-12 07:07 . 2011-12-17 19:46 25600 c:\windows\ie8updates\KB2675157-IE8\jsproxy.dll
+ 2012-04-12 12:54 . 2012-04-12 12:54 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_2b9d9265\System.Drawing.Design.dll
+ 2012-04-12 23:52 . 2012-04-12 23:52 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\36124bfc4baaa1c2063d699e77324080\System.Web.DynamicData.Design.ni.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-04-12 12:52 . 2012-04-12 12:52 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-04-12 12:52 . 2012-04-12 12:52 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-04-15 10:01 . 2012-04-15 10:18 1984 c:\windows\system32\d3d9caps.dat
- 2012-02-16 08:09 . 2012-02-16 08:09 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-04-12 12:52 . 2012-04-12 12:52 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-02-16 08:09 . 2012-02-16 08:09 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-10 18:51 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll
+ 2004-08-10 18:51 . 2012-03-01 11:01 105984 c:\windows\system32\url.dll
+ 2004-08-10 18:51 . 2012-04-12 23:23 445798 c:\windows\system32\perfh009.dat
- 2004-08-10 18:51 . 2012-03-29 00:43 445798 c:\windows\system32\perfh009.dat
+ 2004-08-10 18:51 . 2012-03-01 11:01 206848 c:\windows\system32\occache.dll
- 2004-08-10 18:51 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll
+ 2004-08-10 18:51 . 2012-03-01 11:01 611840 c:\windows\system32\mstime.dll
- 2004-08-10 18:51 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 08:32 . 2012-03-01 11:01 602112 c:\windows\system32\msfeeds.dll
- 2009-03-08 08:32 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll
+ 2004-08-10 18:51 . 2012-03-01 11:01 184320 c:\windows\system32\iepeers.dll
- 2004-08-10 18:51 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll
- 2004-08-10 18:51 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-10 18:51 . 2012-03-01 11:01 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-10 18:51 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 18:51 . 2012-02-29 12:17 174080 c:\windows\system32\ie4uinit.exe
+ 2009-12-24 06:59 . 2012-02-29 14:10 177664 c:\windows\system32\dllcache\wintrust.dll
- 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
- 2008-04-21 06:44 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-21 06:44 . 2012-03-01 11:01 916992 c:\windows\system32\dllcache\wininet.dll
- 2009-03-08 08:34 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll
+ 2009-03-08 08:34 . 2012-03-01 11:01 105984 c:\windows\system32\dllcache\url.dll
+ 2009-03-08 08:34 . 2012-03-01 11:01 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 08:34 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 08:32 . 2012-03-01 11:01 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-03-08 08:32 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-07-29 09:36 . 2011-12-17 19:46 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-07-29 09:36 . 2012-03-01 11:01 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2012-02-29 14:10 . 2012-02-29 14:10 148480 c:\windows\system32\dllcache\imagehlp.dll
- 2009-07-03 09:18 . 2011-12-17 19:46 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-07-03 09:18 . 2012-03-01 11:01 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-03-08 08:31 . 2012-03-01 11:01 184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-03-08 08:31 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-10 21:09 . 2011-12-17 19:46 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-10 21:09 . 2012-03-01 11:01 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2009-03-08 18:09 . 2012-03-01 11:01 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 18:09 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 08:32 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 08:32 . 2012-02-29 12:17 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2012-01-31 07:38 . 2012-01-31 07:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-01-27 21:35 . 2012-01-27 21:35 471040 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2012-02-03 03:56 . 2012-02-03 03:56 963584 c:\windows\Installer\9fc87f.msp
+ 2012-02-03 03:56 . 2012-02-03 03:56 963584 c:\windows\Installer\4c28f5a.msp
+ 2012-04-12 07:07 . 2011-12-17 19:46 916992 c:\windows\ie8updates\KB2675157-IE8\wininet.dll
+ 2012-04-12 07:07 . 2011-12-17 19:46 105984 c:\windows\ie8updates\KB2675157-IE8\url.dll
+ 2012-04-12 07:07 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2675157-IE8\spuninst\updspapi.dll
+ 2012-04-12 07:07 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2675157-IE8\spuninst\spuninst.exe
+ 2012-04-12 07:07 . 2011-12-17 19:46 206848 c:\windows\ie8updates\KB2675157-IE8\occache.dll
+ 2012-04-12 07:07 . 2011-12-17 19:46 611840 c:\windows\ie8updates\KB2675157-IE8\mstime.dll
+ 2012-04-12 07:07 . 2011-12-17 19:46 602112 c:\windows\ie8updates\KB2675157-IE8\msfeeds.dll
+ 2012-04-12 07:07 . 2011-12-17 19:46 247808 c:\windows\ie8updates\KB2675157-IE8\ieproxy.dll
+ 2012-04-12 07:07 . 2011-12-17 19:46 184320 c:\windows\ie8updates\KB2675157-IE8\iepeers.dll
+ 2012-04-12 07:07 . 2011-12-17 19:46 743424 c:\windows\ie8updates\KB2675157-IE8\iedvtool.dll
+ 2012-04-12 07:07 . 2011-12-17 19:46 387584 c:\windows\ie8updates\KB2675157-IE8\iedkcs32.dll
+ 2012-04-12 07:07 . 2011-12-16 12:23 174080 c:\windows\ie8updates\KB2675157-IE8\ie4uinit.exe
+ 2012-04-12 23:19 . 2012-04-12 23:19 843776 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_c944146d\System.Drawing.dll
+ 2012-04-12 23:19 . 2012-04-12 23:19 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_325ed619\System.Drawing.Design.dll
+ 2012-04-12 23:27 . 2012-04-12 23:27 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\5be064066858620a8aa628fca459a888\WindowsFormsIntegration.ni.dll
+ 2012-04-12 23:52 . 2012-04-12 23:52 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\1107b3a711bab40c83e2561ba2431d62\System.Web.Routing.ni.dll
+ 2012-04-12 23:52 . 2012-04-12 23:52 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d7c8c294920cfe79765215e242308d28\System.Web.Extensions.Design.ni.dll
+ 2012-04-12 23:52 . 2012-04-12 23:52 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\5176923a8264305118a299419e1c7bde\System.Web.Entity.ni.dll
+ 2012-04-12 23:52 . 2012-04-12 23:52 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d746c0f0ed36226efb2e0115de42cdd6\System.Web.Entity.Design.ni.dll
+ 2012-04-12 23:52 . 2012-04-12 23:52 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\df5542604898c9ea3fda32c8619ae0e5\System.Web.DynamicData.ni.dll
+ 2012-04-12 23:52 . 2012-04-12 23:52 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\b9c8715157536097b489132574ad5c17\System.Web.Abstractions.ni.dll
+ 2012-04-12 23:52 . 2012-04-12 23:52 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll
+ 2012-04-12 23:25 . 2012-04-12 23:25 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\cc2cd3bc46c9c2b30e47281e404a3230\System.Drawing.Design.ni.dll
+ 2012-04-12 23:51 . 2012-04-12 23:51 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\8d6cd6a93f679608d52b6c874088b963\AspNetMMCExt.ni.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-04-12 12:52 . 2012-04-12 12:52 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-04-12 12:52 . 2012-04-12 12:52 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-12 12:52 . 2012-04-12 12:52 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-12 12:52 . 2012-04-12 12:52 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-12 12:52 . 2012-04-12 12:52 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-04-12 12:52 . 2012-04-12 12:52 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-12 12:52 . 2012-04-12 12:52 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-04-12 12:54 . 2012-04-12 12:54 471040 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2004-08-10 18:51 . 2012-03-01 11:01 1212416 c:\windows\system32\urlmon.dll
- 2004-08-10 18:51 . 2011-12-17 19:46 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-10 18:51 . 2012-03-01 11:01 5978624 c:\windows\system32\mshtml.dll
- 2009-03-08 08:32 . 2011-12-17 19:46 2000384 c:\windows\system32\iertutil.dll
+ 2009-03-08 08:32 . 2012-03-01 11:01 2000384 c:\windows\system32\iertutil.dll
+ 2008-06-26 08:15 . 2012-03-01 11:01 1212416 c:\windows\system32\dllcache\urlmon.dll
- 2008-06-26 08:15 . 2011-12-17 19:46 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-21 06:44 . 2012-03-01 11:01 5978624 c:\windows\system32\dllcache\mshtml.dll
+ 2009-07-03 09:18 . 2012-03-01 11:01 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2009-07-03 09:18 . 2011-12-17 19:46 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2012-01-31 08:46 . 2012-01-31 08:46 6385664 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656370\M2656370Uninstall.msp
+ 2012-01-31 00:46 . 2012-01-31 00:46 7069184 c:\windows\Installer\9fc887.msp
+ 2012-01-31 00:46 . 2012-01-31 00:46 7069184 c:\windows\Installer\4c28f5b.msp
+ 2012-04-12 07:07 . 2011-12-17 19:46 1212416 c:\windows\ie8updates\KB2675157-IE8\urlmon.dll
+ 2012-04-12 07:07 . 2011-12-17 19:46 5979136 c:\windows\ie8updates\KB2675157-IE8\mshtml.dll
+ 2012-04-12 07:07 . 2011-12-17 19:46 2000384 c:\windows\ie8updates\KB2675157-IE8\iertutil.dll
+ 2012-04-12 12:54 . 2012-04-12 12:54 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_eeeee6c5\System.Windows.Forms.dll
+ 2012-04-12 23:20 . 2012-04-12 23:20 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_4a913249\System.Windows.Forms.dll
+ 2012-04-12 23:22 . 2012-04-12 23:22 2248704 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_9185989b\System.Drawing.dll
+ 2012-04-12 23:19 . 2012-04-12 23:19 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_8e3d0750\System.Design.dll
+ 2012-04-12 23:22 . 2012-04-12 23:22 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_7f66fa0c\System.Design.dll
+ 2012-04-12 23:53 . 2012-04-12 23:53 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\d31d2eb0a862d3c1d3561be5f1570c3e\System.WorkflowServices.ni.dll
+ 2012-04-12 23:52 . 2012-04-12 23:52 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\53c2336db392bfa5484850780048e37a\System.Workflow.ComponentModel.ni.dll
+ 2012-04-12 23:52 . 2012-04-12 23:52 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\f243723cda77dd647b250dd9c42c35e2\System.Workflow.Activities.ni.dll
+ 2012-04-12 23:52 . 2012-04-12 23:52 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d1dacd5cb445b242b70bf7d606464293\System.Web.Mobile.ni.dll
+ 2012-04-12 23:52 . 2012-04-12 23:52 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6acbb8bb1a43fab0fdcf55bedd1fbcc3\System.Web.Extensions.ni.dll
+ 2012-04-12 23:25 . 2012-04-12 23:25 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\44d507a702c1623810e094adf751f687\System.Printing.ni.dll
+ 2012-04-12 23:25 . 2012-04-12 23:25 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
+ 2012-04-12 23:52 . 2012-04-12 23:52 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3d253a2235f7c03630003bc1fbaf34a3\System.Deployment.ni.dll
+ 2012-04-12 23:24 . 2012-04-12 23:24 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\c73e109dbac6b099786cc68fe36e3d0b\ReachFramework.ni.dll
+ 2012-04-12 23:23 . 2012-04-12 23:23 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\20d72aeac1109863b77532d37d3f4fa2\PresentationUI.ni.dll
+ 2012-04-12 23:52 . 2012-04-12 23:52 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c\Microsoft.VisualBasic.ni.dll
+ 2012-04-12 23:51 . 2012-04-12 23:51 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\876b7280cf4e81fd65b120f60d38a7d9\Microsoft.Build.Tasks.ni.dll
+ 2012-04-12 23:51 . 2012-04-12 23:51 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\64ba53308e90fa3837fe47977e2d37b6\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-04-12 12:52 . 2012-04-12 12:52 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-04-12 12:51 . 2012-04-12 12:51 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-02-16 08:09 . 2012-02-16 08:09 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-12 12:52 . 2012-04-12 12:52 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-12 12:52 . 2012-04-12 12:52 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-14 12:51 . 2012-02-16 08:09 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2005-11-16 11:18 . 2012-04-12 07:02 55154568 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2012-03-02 10:01 11082752 c:\windows\system32\ieframe.dll
+ 2009-07-03 09:18 . 2012-03-02 10:01 11082752 c:\windows\system32\dllcache\ieframe.dll
+ 2012-04-12 07:07 . 2011-12-18 19:46 11082240 c:\windows\ie8updates\KB2675157-IE8\ieframe.dll
+ 2012-04-12 23:26 . 2012-04-12 23:26 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
+ 2012-04-12 23:52 . 2012-04-12 23:52 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
+ 2012-04-12 23:25 . 2012-04-12 23:25 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\561138d8d199861578c197c4d24e3934\System.Design.ni.dll
+ 2012-04-12 23:20 . 2012-04-12 23:20 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\029d1d9e6495065aa4f38bcf2315ee8c\PresentationFramework.ni.dll
+ 2012-04-12 12:54 . 2012-04-12 12:54 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0a059ecfca6e421629a8298b03a7814c\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-06 180269]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico [2011-12-28 6144]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Share-to-Web Namespace Daemon "=c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
"MMTray "= "c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe "
"MimBoot "=c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe "
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe "
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
"DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe "
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe "
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\StubInstaller.exe "=
"c:\\Program Files\\AIM\\aim.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe "=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\ACS\\ACS\\ACS.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe "=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe "=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe "=
"c:\\Documents and Settings\\David Peters\\My Documents\\Downloads\\aswMBR(1).exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe "=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [1/11/2011 8:01 PM 24876]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 MpKslc798391e;MpKslc798391e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F0ABE2A-2C9D-440F-AB10-CCC7A1497050}\MpKslc798391e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F0ABE2A-2C9D-440F-AB10-CCC7A1497050}\MpKslc798391e.sys [?]
S2 gupdate1c9c3951be7f6a0;Google Update Service (gupdate1c9c3951be7f6a0);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 5:55 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 5:55 PM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 67529557
*NewlyCreated* - 74963929
*Deregistered* - 67529557
*Deregistered* - 74963929
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
iastor
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 21:55]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 21:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
DPF: {BB28FF6E-2BF3-4897-9931-7CDFFAF09670} - hxxp://192.168.2.125:81/cgi-bin/design/html_template/WebACS.cab
FF - ProfilePath - c:\documents and settings\David Peters\Application Data\Mozilla\Firefox\Profiles\xf6fq6m9.default\
FF - prefs.js: browser.startup.homepage - hxxps://webtop.webmail.optimum.net/cerulean/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Musicmatch - c:\documents and settings\David Peters\Local Settings\Application Data\Musicmatch\wrqjekzr.dll
HKU-Default-Run-dplaysvr - c:\documents and settings\David Peters\Application Data\dplaysvr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-15 15:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Musicmatch = Rundll32.exe "c:\documents and settings\David Peters\Local Settings\Application Data\Musicmatch\wrqjekzr.dll ",kdfjfslkdjfklfjsdlkfj?56789
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2832)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-15 15:32:39
ComboFix-quarantined-files.txt 2012-04-15 19:32
ComboFix2.txt 2012-03-29 00:48
ComboFix3.txt 2011-07-07 01:25
ComboFix4.txt 2011-04-19 22:00
.
Pre-Run: 52,445,560,832 bytes free
Post-Run: 52,702,875,648 bytes free
.
- - End Of File - - E27DBBA4F1F1CCA3679CD7EC1570366A

broni · 2012/04/15

That looks good.

Any current issues?

dave1234 · 2012/04/16

I apologize for the re infection. Thanks for your time. M Security Essentials is not stopping these. Should it be? Can you recommend the best anti virus?

Java Update was not able to install.

Thanks
Dave

Log in or Sign up

Solved Trojan problem

broni Moderator Malware Analyst

dave1234 Well-Known Member Thread Starter

dave1234 Well-Known Member Thread Starter

broni Moderator Malware Analyst

dave1234 Well-Known Member Thread Starter

dave1234 Well-Known Member Thread Starter

broni Moderator Malware Analyst

dave1234 Well-Known Member Thread Starter

dave1234 Well-Known Member Thread Starter

dave1234 Well-Known Member Thread Starter

broni Moderator Malware Analyst

dave1234 Well-Known Member Thread Starter

broni Moderator Malware Analyst

dave1234 Well-Known Member Thread Starter

broni Moderator Malware Analyst

dave1234 Well-Known Member Thread Starter

broni Moderator Malware Analyst

dave1234 Well-Known Member Thread Starter

broni Moderator Malware Analyst

dave1234 Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved Trojan problem

broni Moderator Malware Analyst

dave1234 Well-Known Member Thread Starter

dave1234 Well-Known Member Thread Starter

broni Moderator Malware Analyst

dave1234 Well-Known Member Thread Starter

dave1234 Well-Known Member Thread Starter

broni Moderator Malware Analyst

dave1234 Well-Known Member Thread Starter

dave1234 Well-Known Member Thread Starter

dave1234 Well-Known Member Thread Starter

broni Moderator Malware Analyst

dave1234 Well-Known Member Thread Starter

broni Moderator Malware Analyst

dave1234 Well-Known Member Thread Starter

broni Moderator Malware Analyst

dave1234 Well-Known Member Thread Starter

broni Moderator Malware Analyst

dave1234 Well-Known Member Thread Starter

broni Moderator Malware Analyst

dave1234 Well-Known Member Thread Starter

Share This Page

Useful Searches