also @ TechSpot: Windows 8 Release Preview leaked, Microsoft may raise OEM prices

TechSpot

TechSpot News Products Downloads Forums

Collaborate in the cloud with Office, Exchange, SharePoint, and Lync.
Microsoft Office 365. Pay-as-you-go starting at $8/user/month. Begin your free trial now.

[Solved] Tidserv Activity Detected

Discussion in 'Virus and Malware Removal' started by PurpleCloud248, Jan 9, 2012.

Page 1 of 3

PurpleCloud248 Newcomer, in training

Hi,

I have some issues with my system recently. I keep getting Symantec pop up that says Tidserv Activity Detected and certain IP address is blocked from xxx time to yyy time. When I use internet, my sites keep getting redicted to some advertisement sites.
Besides, I also get window message that says "TCIP/ IP has stopped working".
Quite often, my system will shut off itself with blue screen that says dumping physical memory.
Please see below for the DDS. Please let me know if you need any additional information.

I really appreciate any kind of assistance you can provide. Thank you very much!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Cheewen Ng at 18:40:47 on 2012-01-07
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1580 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Cheewen Ng\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://search.searchcompletion.com/?si=10205&home=1
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://www.sonystyle.ca/vaio
uDefault_Search_URL = hxxp://search.searchcompletion.com/?si=10205&home=1
uSearch Bar = hxxp://search.searchcompletion.com/?si=10205&home=1
uInternet Settings,ProxyOverride = local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [googletalk] c:\users\cheewen ng\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [Google Update] "c:\users\cheewen ng\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Smad] "c:\users\cheewen ng\appdata\local\sanctionedmedia\smad\Smad.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Unattend0000000001{11F5AE89-8467-4F59-B203-FE9F4F0E4511}] %PROGRAMFILES%\Sony\First Experience\VAIOWelcome.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\speedfan.lnk - c:\program files\speedfan\speedfan.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 64.71.255.198
TCP: Interfaces\{CD724545-1010-4E83-A4B6-442088A955DE} : DhcpNameServer = 64.71.255.198
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cheewen ng\appdata\roaming\mozilla\firefox\profiles\uciu5qj0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.searchcompletion.com/?bs=1&si=10205&q=
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\cheewen ng\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\cheewen ng\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\cheewen ng\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-10-26 2477304]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-4-1 2271608]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2010-5-28 104960]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-5-28 17408]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-4-28 28464]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-10 106104]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2008-4-28 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2008-4-28 43904]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-4-28 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-4-28 818688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 136176]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-28 1153368]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-10-26 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 136176]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2010-5-28 104288]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2010-5-28 350048]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2010-5-28 63328]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-4-28 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-4-28 87328]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-07 18:59:03 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-07 18:58:45 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-07 18:58:43 2043904 ----a-w- c:\windows\system32\win32k.sys
2012-01-07 18:58:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-01-07 18:58:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-07 18:58:37 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-07 18:58:35 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-01-07 18:57:20 707584 ----a-w- c:\program files\common files\system\wab32.dll
2012-01-07 17:10:24 -------- d-----w- c:\users\cheewen ng\appdata\local\{0D5EE393-01C1-47AC-A497-9562C6450903}
2012-01-07 17:09:11 -------- d-----w- c:\users\cheewen ng\appdata\local\{69FE61F8-0D01-4B03-90F4-AF22B725B35A}
2012-01-07 00:10:48 -------- d-----w- c:\users\cheewen ng\appdata\local\{0AF6863F-7980-4648-B213-831173D9EE2F}
2012-01-07 00:10:32 -------- d-----w- c:\users\cheewen ng\appdata\local\{845031FE-F467-480E-9035-1EF5864819D4}
2012-01-06 12:10:12 -------- d-----w- c:\users\cheewen ng\appdata\local\{84CF9663-2AD9-4272-A8F9-C6A95AA7C6B6}
2012-01-05 23:43:16 -------- d-----w- c:\users\cheewen ng\appdata\local\{C48979F8-6F4B-45F8-9E63-21C309CDCF49}
2012-01-05 23:43:14 -------- d-----w- c:\users\cheewen ng\appdata\local\{71575716-115F-42AC-826A-77B3C4262AD9}
2012-01-05 11:42:49 -------- d-----w- c:\users\cheewen ng\appdata\local\{4053C5A1-ED96-4B93-9977-CF03655DE575}
2012-01-05 11:41:47 -------- d-----w- c:\users\cheewen ng\appdata\local\{A2AD6664-B9CF-46F6-907A-39AAC2089BEF}
2012-01-04 17:55:39 -------- d-----w- c:\users\cheewen ng\appdata\local\{54D3D57E-8813-4183-8F24-8614CBE2808B}
2012-01-04 17:54:37 -------- d-----w- c:\users\cheewen ng\appdata\local\{461548B5-BB44-40CE-ACF3-3BCB285F7078}
2012-01-04 05:54:31 -------- d-----w- c:\users\cheewen ng\appdata\local\{E1DA432D-4237-4037-9780-F26B28C18517}
2012-01-04 05:54:18 -------- d-----w- c:\users\cheewen ng\appdata\local\{9B7F547E-F315-4211-8DF1-227EED4E8823}
2012-01-03 17:54:15 -------- d-----w- c:\users\cheewen ng\appdata\local\{08A35BC1-F428-447A-AD38-EFB11E3AFE73}
2012-01-03 05:46:04 -------- d-----w- c:\users\cheewen ng\appdata\local\{B369E690-D5E5-4006-8CDD-977609DEFEAC}
2012-01-03 05:45:51 -------- d-----w- c:\users\cheewen ng\appdata\local\{0DA45A11-E211-4DE5-89A2-1EE4C1FBE84D}
2012-01-02 17:45:31 -------- d-----w- c:\users\cheewen ng\appdata\local\{2BFA53A5-114A-4EA5-A382-F994202BBBAB}
2012-01-02 17:44:55 -------- d-----w- c:\users\cheewen ng\appdata\local\{72033EA5-FCF3-487B-B649-CC82A200C760}
2012-01-01 22:29:10 -------- d-----w- c:\users\cheewen ng\appdata\local\{78FC18D0-DEEB-4A60-94A3-F690C6B61E07}
2012-01-01 22:28:46 -------- d-----w- c:\users\cheewen ng\appdata\local\{693B6FB7-5502-4FF3-9EEA-24E1E7ED728F}
2011-12-31 17:41:38 -------- d-----w- c:\users\cheewen ng\appdata\local\{101DA094-D220-4B54-8078-BB73E5B01028}
2011-12-31 17:41:23 -------- d-----w- c:\users\cheewen ng\appdata\local\{26CDCE8E-DD21-4EC4-BE50-85A79F38EE80}
2011-12-31 05:41:19 -------- d-----w- c:\users\cheewen ng\appdata\local\{436D550C-C863-4973-A9E3-B3449EEEF1BC}
2011-12-31 05:41:05 -------- d-----w- c:\users\cheewen ng\appdata\local\{82EE88EF-59EC-47B0-9B6E-47BFFC1E45A7}
2011-12-30 17:41:01 -------- d-----w- c:\users\cheewen ng\appdata\local\{059AC69D-AA63-4067-BB17-B966A1E78359}
2011-12-30 17:40:21 -------- d-----w- c:\users\cheewen ng\appdata\local\{F2AB1C8F-E1DF-4978-9E38-71E8B2F61378}
2011-12-30 05:08:35 -------- d-----w- c:\users\cheewen ng\appdata\local\{F524A9DD-9BEE-4A2B-B123-7AD4DF698637}
2011-12-30 05:08:21 -------- d-----w- c:\users\cheewen ng\appdata\local\{EA3B67AA-3193-4D6C-ACDA-6E1D31296EDD}
2011-12-29 17:08:15 -------- d-----w- c:\users\cheewen ng\appdata\local\{42B90EBC-E252-44D1-A980-E6B1E6AECCEB}
2011-12-29 17:07:33 -------- d-----w- c:\users\cheewen ng\appdata\local\{DA10987B-8C20-4BDF-898F-90C3ED43D46D}
2011-12-29 01:27:59 -------- d-----w- c:\users\cheewen ng\appdata\local\{083CF3D4-5831-4826-8798-574D7CC165DE}
2011-12-29 01:27:02 -------- d-----w- c:\users\cheewen ng\appdata\local\{BBE2C542-16B7-4679-8473-19438B806C82}
2011-12-28 07:28:49 -------- d-----w- c:\users\cheewen ng\appdata\local\{0FEDABB3-0FCF-42D3-9161-5B0382284A3B}
2011-12-28 07:28:36 -------- d-----w- c:\users\cheewen ng\appdata\local\{867F135B-D865-4E73-9A95-8AEC52ECFC86}
2011-12-27 19:28:14 -------- d-----w- c:\users\cheewen ng\appdata\local\{17C40065-194E-4294-9FAE-AB3AEC4DD869}
2011-12-27 19:27:37 -------- d-----w- c:\users\cheewen ng\appdata\local\{E350EC80-1971-44A5-B712-045D844A9455}
2011-12-27 04:51:34 -------- d-----w- c:\users\cheewen ng\appdata\local\{A81E9042-8E9C-4ADC-B604-6D6DC2BB4A26}
2011-12-27 04:50:51 -------- d-----w- c:\users\cheewen ng\appdata\local\{44F72B70-4006-4FB5-A0F4-774A72ABF984}
2011-12-26 14:50:14 -------- d-----w- c:\users\cheewen ng\appdata\local\{4D6ED0EC-21B8-4DAF-8D08-89693DAF8C46}
2011-12-26 14:49:44 -------- d-----w- c:\users\cheewen ng\appdata\local\{6F8A0799-07A0-48E8-B8FB-07871621D1F8}
2011-12-25 21:37:44 -------- d-----w- c:\users\cheewen ng\appdata\local\{5D7E4959-1708-48FA-9568-42147F4E7572}
2011-12-25 21:37:11 -------- d-----w- c:\users\cheewen ng\appdata\local\{1FE4F372-A6D3-48A6-9FD7-E97D953D7D91}
2011-12-25 09:37:06 -------- d-----w- c:\users\cheewen ng\appdata\local\{188D79E1-099C-4246-A0E5-E0B158244B22}
2011-12-25 09:36:53 -------- d-----w- c:\users\cheewen ng\appdata\local\{15008875-994D-4724-A7A4-2BA74F635DD2}
2011-12-25 03:47:46 -------- d-----w- c:\program files\TimeAdjuster
2011-12-25 03:32:20 -------- d-----w- c:\users\cheewen ng\appdata\local\AMP
2011-12-25 03:27:08 -------- d-----w- c:\program files\Complitly
2011-12-25 03:26:39 -------- d-----w- c:\program files\GustoSoft
2011-12-24 21:36:37 -------- d-----w- c:\users\cheewen ng\appdata\local\{CA4F87C6-7911-4B07-AAB3-691BE56FC7E8}
2011-12-24 21:36:03 -------- d-----w- c:\users\cheewen ng\appdata\local\{B30A299B-B1B9-44C3-BC47-F2FF2E5459C8}
2011-12-24 09:09:38 -------- d-----w- c:\users\cheewen ng\appdata\local\{0417387B-EF4D-4A90-89CD-9106D2209F9F}
2011-12-24 09:08:58 -------- d-----w- c:\users\cheewen ng\appdata\local\{D4FBD612-00FA-45BF-B285-6EB25FC53116}
2011-12-23 09:11:57 -------- d-----w- c:\users\cheewen ng\appdata\local\{C857398A-7975-4A5A-A4E6-06D3CB87D2F9}
2011-12-23 09:11:43 -------- d-----w- c:\users\cheewen ng\appdata\local\{0744B40D-F6EF-4C7B-A388-8EFC230485B4}
2011-12-22 21:11:38 -------- d-----w- c:\users\cheewen ng\appdata\local\{2A3879FC-05ED-4AD7-B7D8-0FEF5CE63EC7}
2011-12-22 21:10:49 -------- d-----w- c:\users\cheewen ng\appdata\local\{FC342886-341F-4243-8C12-286198D24097}
2011-12-22 07:11:37 -------- d-----w- c:\users\cheewen ng\appdata\local\{60C67C2A-F0F3-4DAB-AE70-B9DC16AC8968}
2011-12-22 07:11:23 -------- d-----w- c:\users\cheewen ng\appdata\local\{26437C20-2E8A-47A9-893E-71F6C96F297E}
2011-12-21 19:11:11 -------- d-----w- c:\users\cheewen ng\appdata\local\{2A4CC08B-D16A-443C-BA9E-5D8D27862AE6}
2011-12-21 19:10:51 -------- d-----w- c:\users\cheewen ng\appdata\local\{B87C7790-CAF3-4840-A853-E4955B9BE5FD}
2011-12-21 07:10:46 -------- d-----w- c:\users\cheewen ng\appdata\local\{26E1294A-1A1B-47EC-9937-2D9CC2C753DE}
2011-12-21 07:10:29 -------- d-----w- c:\users\cheewen ng\appdata\local\{2BE36F9C-E131-4A81-836D-1DE397BE0F10}
2011-12-20 19:10:14 -------- d-----w- c:\users\cheewen ng\appdata\local\{E79AE93D-8FCF-47BB-A55E-1454ABEA9880}
2011-12-20 19:09:51 -------- d-----w- c:\users\cheewen ng\appdata\local\{CB021A9D-0ECF-46D4-B271-41A0A2772272}
2011-12-20 07:09:45 -------- d-----w- c:\users\cheewen ng\appdata\local\{BE4D9377-7463-48C4-B53E-9303EC06FFAF}
2011-12-20 07:09:30 -------- d-----w- c:\users\cheewen ng\appdata\local\{C648B3BB-AC7B-4FD7-8154-2E9F60B48200}
2011-12-19 19:09:19 -------- d-----w- c:\users\cheewen ng\appdata\local\{934A221E-8265-4FB2-878F-3FFC50017BDB}
2011-12-19 19:08:25 -------- d-----w- c:\users\cheewen ng\appdata\local\{1F761599-7E07-4F8B-847A-66605C54825C}
2011-12-19 01:54:29 -------- d-----w- c:\users\cheewen ng\appdata\local\{4088260E-7349-4FDF-92A6-3375BBAFDD03}
2011-12-19 01:53:35 -------- d-----w- c:\users\cheewen ng\appdata\local\{E5853D6D-3C51-411F-B4A6-9420A091B2A0}
2011-12-17 21:37:58 -------- d-----w- c:\users\cheewen ng\appdata\local\{DCCEA3FC-7CA1-42BA-AB85-612FED6DA1C6}
2011-12-17 21:36:53 -------- d-----w- c:\users\cheewen ng\appdata\local\{DE7D501B-C7E7-4292-A3F3-B4A4F6847DF0}
2011-12-17 00:02:19 -------- d-----w- c:\users\cheewen ng\appdata\local\{9C6C8A44-AAE7-426A-9775-09779F7F954E}
2011-12-17 00:01:55 -------- d-----w- c:\users\cheewen ng\appdata\local\{29D55B43-1A55-4DB6-B179-B863F9219E71}
2011-12-16 08:46:14 -------- d-----w- c:\users\cheewen ng\appdata\local\{77B60E0D-490C-4902-B047-8535B63DCBB6}
2011-12-15 20:45:36 -------- d-----w- c:\users\cheewen ng\appdata\local\{A532D0C9-6E31-45FB-A7AC-E542C56013DD}
2011-12-15 08:45:01 -------- d-----w- c:\users\cheewen ng\appdata\local\{E24C1B85-EBC1-4D7B-8613-17245D15CD7A}
2011-12-15 02:16:29 -------- d-----w- c:\program files\common files\HP
2011-12-14 20:44:26 -------- d-----w- c:\users\cheewen ng\appdata\local\{B11D483D-478C-47A6-8D8E-BDF923F78B93}
2011-12-14 08:43:50 -------- d-----w- c:\users\cheewen ng\appdata\local\{66F86D8A-2C40-4C15-9D8C-F89A99B49C1D}
2011-12-14 08:43:27 -------- d-----w- c:\users\cheewen ng\appdata\local\{032E14EE-88E4-45E6-85D7-935B10D74A2C}
2011-12-13 20:43:02 -------- d-----w- c:\users\cheewen ng\appdata\local\{402DD186-638C-4A5B-8FE8-2A2FBB233117}
2011-12-13 20:42:40 -------- d-----w- c:\users\cheewen ng\appdata\local\{D1555FB8-7DAD-46E8-A882-4C124BD0D37C}
2011-12-13 08:42:27 -------- d-----w- c:\users\cheewen ng\appdata\local\{DEEBA95D-CBE2-4CCA-B363-EF43FBC07F95}
2011-12-13 08:42:04 -------- d-----w- c:\users\cheewen ng\appdata\local\{40CB293A-688B-4F36-8B41-614058AE95DE}
2011-12-13 03:12:29 -------- d-----w- c:\users\cheewen ng\appdata\local\SanctionedMedia
2011-12-12 20:41:52 -------- d-----w- c:\users\cheewen ng\appdata\local\{E04D59A2-46EE-4C04-9F02-D32558EA6655}
2011-12-12 20:41:30 -------- d-----w- c:\users\cheewen ng\appdata\local\{BD25AFE7-FF8F-4530-B2ED-38706D4335BF}
2011-12-12 08:41:18 -------- d-----w- c:\users\cheewen ng\appdata\local\{598DDCAE-BE81-4C61-9DA4-026D82F54DBE}
2011-12-12 08:40:57 -------- d-----w- c:\users\cheewen ng\appdata\local\{305AC52B-1E98-4129-A84F-0E5EE245CD16}
2011-12-11 20:40:27 -------- d-----w- c:\users\cheewen ng\appdata\local\{03F39722-39C1-48A1-99FA-D09916A1AB36}
2011-12-11 20:39:24 -------- d-----w- c:\users\cheewen ng\appdata\local\{F2AB6ABC-0DE2-4206-9E4D-849130A00C28}
2011-12-10 01:18:55 -------- d-----w- c:\users\cheewen ng\appdata\local\{C318C3AB-40B8-474B-A875-4815FA7C576A}
2011-12-10 01:17:16 -------- d-----w- c:\users\cheewen ng\appdata\local\{280D2030-CD79-445F-8800-3133002B1123}
2011-12-09 13:23:00 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1990b35c-c553-404c-95e0-3d077377a8e7}\mpengine.dll
2011-12-09 13:16:57 -------- d-----w- c:\users\cheewen ng\appdata\local\{C2EF224D-0C96-431A-827A-A773CF9F2FCB}
2011-12-09 13:16:04 -------- d-----w- c:\users\cheewen ng\appdata\local\{67C3F956-625B-4677-8FAC-AC255744FDE5}
2011-12-09 00:32:04 -------- d-----w- c:\users\cheewen ng\appdata\local\{660B116D-1F58-4C5C-862F-8365CAD3F0A1}
2011-12-09 00:31:12 -------- d-----w- c:\users\cheewen ng\appdata\local\{ADA3C69F-09F0-49D1-8DD2-AB9BF5A1730F}
.
==================== Find3M ====================
.
2011-11-18 09:18:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-13 19:10:38 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-10-13 19:10:34 88 --sh--r- c:\windows\system32\05BD190A5F.sys
.
============= FINISH: 18:42:05.40 ===============

PurpleCloud248, Jan 9, 2012

#1
PurpleCloud248 Newcomer, in training

Attach file

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/28/2010 1:23:10 AM
System Uptime: 1/7/2012 6:34:59 PM (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | N/A | 2000/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 46.412 GiB free.
D: is Removable
E: is Removable
N: is FIXED (NTFS) - 82 GiB total, 66.74 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMMATSHITA_DVD-RAM_UJ870QJ________________1.01____\5&2F27B03E&0&1.0.0
Manufacturer: (Standard CD-ROM drives)
Name: MATSHITA DVD-RAM UJ870QJ ATA Device
PNP Device ID: IDE\CDROMMATSHITA_DVD-RAM_UJ870QJ________________1.01____\5&2F27B03E&0&1.0.0
Service: cdrom
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_GXW&PROD_2J4LIZODYV8P&REV_1.03\5&36E5972&0&000000
Manufacturer: (Standard CD-ROM drives)
Name: GXW 2J4LIZODYV8P SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_GXW&PROD_2J4LIZODYV8P&REV_1.03\5&36E5972&0&000000
Service: cdrom
.
==== System Restore Points ===================
.
RP398: 1/7/2012 1:59:39 PM - Windows Update
RP399: 1/7/2012 2:37:52 PM - Windows Update
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Ace DivX Player v2.1
Ace Media Player v2.8.221
Adobe Acrobat 5.0
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.2
Age of Empires 2
Age of Empires II - The Conquerors - 1.0e Patch FINAL
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i Visual Effects
ArcSoft WebCam Companion 2
BitTorrent
Bonjour
BufferChm
Canon CanoScan Toolbox 4.5
CCleaner
Click to Disc
Click to Disc Editor
Compatibility Pack for the 2007 Office system
Copy
Corel Paint Shop Pro Photo X2
CustomerResearchQFolder
D3DX10
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DiskAid 4.0
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
eSupportQFolder
F4200
F4200_Help
GameRanger
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
GPBaseService
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 10.0
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPProductAssistant
HPSSupply
Instant Mode
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6
LiveUpdate 3.3 (Symantec Corporation)
MarketResearch
MATLAB R2010a
Messenger Plus! Live
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.22)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
ooVoo
OpenMG Secure Module 5.0.00
PSSWCORE
QuickTime
R for Windows 2.11.1
RealPlayer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Safari
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Setting Utility Series
Shop for HP Supplies
Skype™ 5.5
SmartWebPrintingOC
SolutionCenter
Sony Video Shared Library
SpeedFan (remove only)
Spybot - Search & Destroy
Status
Symantec Endpoint Protection
Synaptics Pointing Device Driver
TeamViewer 6
The KMPlayer (remove only)
Time Adjuster STANDARD 3.1
Toolbox
TrayApp
tuitalker 0.6.1
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VAIO Content Folder Setting
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO DVD Menu Data Basic
VAIO Edit Components 6.4
VAIO Entertainment Platform
VAIO Event Service
VAIO Help and Support
VAIO Launcher
VAIO Media plus
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO OOBE and Welcome Center
VAIO Original Function Setting
VAIO Power Management
VAIO Update 3
VAIO Wallpaper Contents
VC80CRTRedist - 8.0.50727.6195
VideoToolkit01
Voobly
WebReg
WIDCOMM Bluetooth Software 6.1.0.2200
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinDVD for VAIO
WinRAR archiver
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
1/7/2012 6:37:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom netbt Smb
1/7/2012 6:37:42 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
1/7/2012 6:37:00 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/7/2012 6:37:00 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
1/7/2012 6:37:00 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/7/2012 6:37:00 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
1/7/2012 6:37:00 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the netbt service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2012 6:37:00 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/7/2012 6:35:56 PM, Error: EventLog [6008] - The previous system shutdown at 6:33:39 PM on 1/7/2012 was unexpected.
1/7/2012 3:31:38 PM, Error: EventLog [6008] - The previous system shutdown at 3:28:09 PM on 1/7/2012 was unexpected.
1/7/2012 3:14:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
1/7/2012 3:14:52 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/7/2012 3:14:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/7/2012 12:39:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wcncsvc service.
1/7/2012 12:39:04 PM, Error: Service Control Manager [7000] - The Windows Connect Now - Config Registrar service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/7/2012 12:39:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
1/7/2012 12:36:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the W32Time service.
1/7/2012 12:35:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
1/7/2012 12:34:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
1/7/2012 1:48:51 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/7/2012 1:39:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the netprofm service.
1/7/2012 1:39:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fdPHost service.
1/7/2012 1:25:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.
1/7/2012 1:25:44 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/5/2012 6:39:23 PM, Error: EventLog [6008] - The previous system shutdown at 6:33:58 PM on 1/5/2012 was unexpected.
1/3/2012 12:52:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VzCdbSvc service.
1/3/2012 12:52:17 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
1/3/2012 12:35:39 AM, Error: EventLog [6008] - The previous system shutdown at 12:31:55 AM on 1/3/2012 was unexpected.
1/3/2012 12:35:00 AM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
1/3/2012 1:42:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
1/2/2012 12:44:27 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.111 for the Network Card with network address 001F3BABD0C7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

PurpleCloud248, Jan 9, 2012

#2
Broni Malware Annihilator
Welcome aboard

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
Broni, Jan 9, 2012

#3
PurpleCloud248 Newcomer, in training

Gmer Log part1

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-07 21:13:49
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS542525K9SA00 rev.BBFOC3BP
Running: gmer.exe; Driver: C:\Users\CHEEWE~1\AppData\Local\Temp\kwdiafow.sys

---- System - GMER 1.0.15 ----

SSDT 89B4D940 ZwAlertResumeThread
SSDT 89BDE808 ZwAlertThread
SSDT 89B1C478 ZwAllocateVirtualMemory
SSDT 89A6B6D8 ZwConnectPort
SSDT 89B4D690 ZwCreateMutant
SSDT 89BDE6F8 ZwCreateThread
SSDT 868EF948 ZwFreeVirtualMemory
SSDT 89B4D780 ZwImpersonateAnonymousToken
SSDT 89B4D860 ZwImpersonateThread
SSDT 89AD7518 ZwMapViewOfSection
SSDT 89B4D5B0 ZwOpenEvent
SSDT 89B1C548 ZwOpenProcessToken
SSDT 89AD72E0 ZwOpenThreadToken
SSDT \??\C:\Windows\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory [0x955C1880]
SSDT 89B1CB58 ZwResumeThread
SSDT 89AD7200 ZwSetContextThread
SSDT 89AD73D0 ZwSetInformationProcess
SSDT 89BDEB30 ZwSetInformationThread
SSDT 89B4D4D0 ZwSuspendProcess
SSDT 89BDE950 ZwSuspendThread
SSDT 858B69D0 ZwTerminateProcess
SSDT 89BDEA30 ZwTerminateThread
SSDT 89AD74A0 ZwUnmapViewOfSection
SSDT 868EFA18 ZwWriteVirtualMemory

INT 0x52 ? 868FEBF8
INT 0x62 ? 868FEBF8
INT 0x72 ? 84953BF8
INT 0x82 ? 84953BF8
INT 0xA2 ? 868FEBF8
INT 0xA2 ? 868FEBF8
INT 0xA2 ? 868FEBF8
INT 0xB2 ? 868FEBF8
INT 0xB3 ? 868FEBF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 822F78A0 8 Bytes [40, D9, B4, 89, 08, E8, BD, ...] {INC EAX; FNSTENV [ECX+ECX*4-0x764217f8]}
.text ntkrnlpa.exe!KeSetEvent + 131 822F78B4 4 Bytes [78, C4, B1, 89] {JS 0xffffffffffffffc6; MOV CL, 0x89}
.text ntkrnlpa.exe!KeSetEvent + 1C1 822F7944 4 Bytes [D8, B6, A6, 89]
.text ntkrnlpa.exe!KeSetEvent + 1F5 822F7978 4 Bytes [90, D6, B4, 89] {NOP ; SALC ; MOV AH, 0x89}
.text ntkrnlpa.exe!KeSetEvent + 221 822F79A4 4 Bytes [F8, E6, BD, 89]
.text ...
? System32\Drivers\splz.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8F8F241B 3 Bytes JMP 868FE1D8
.text USBPORT.SYS!DllUnload + 4 8F8F241F 1 Byte [F7]
.text a1higda0.SYS 8FDB3000 22 Bytes [82, F3, 21, 82, 6C, F2, 21, ...]
.text a1higda0.SYS 8FDB3017 137 Bytes [00, 32, 97, 78, 80, 3D, 95, ...]
.text a1higda0.SYS 8FDB30A1 43 Bytes [40, 2F, 82, 74, 36, 29, 82, ...]
.text a1higda0.SYS 8FDB30CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text a1higda0.SYS 8FDB30DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
.text tdx.sys 955A7000 46 Bytes [00, 00, 00, 00, 00, 00, 8B, ...]
.text tdx.sys 955A702F 83 Bytes [FF, 55, 8B, EC, 8B, 45, 1C, ...]
.text tdx.sys 955A7083 31 Bytes [15, 84, 71, 5B, 95, 83, C4, ...]
.text tdx.sys 955A70A3 162 Bytes [75, 1C, 8D, 45, 20, 6A, 02, ...]
.text tdx.sys 955A7146 30 Bytes [FF, 75, 08, FF, 15, 84, 71, ...]
.text ...
? C:\Windows\system32\DRIVERS\tdx.sys suspicious PE modification
? C:\Users\CHEEWE~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1144] ntdll.dll!NtProtectVirtualMemory 77BD4B84 5 Bytes JMP 00DB000A
.text C:\Windows\system32\svchost.exe[1144] ntdll.dll!NtWriteVirtualMemory 77BD54C4 5 Bytes JMP 0104000A
.text C:\Windows\system32\svchost.exe[1144] ntdll.dll!KiUserExceptionDispatcher 77BD5BF8 5 Bytes JMP 00D9000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] kernel32.dll!CreateThread 7715CB2E 5 Bytes JMP 6E2B7303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!CreateDialogParamW 774B72A2 5 Bytes JMP 6E446628 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!GetAsyncKeyState 774B863C 5 Bytes JMP 6E29DD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!SetWindowsHookExW 774B87AD 5 Bytes JMP 6E2F2194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!CallNextHookEx 774B8E3B 5 Bytes JMP 6E317BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!UnhookWindowsHookEx 774B98DB 5 Bytes JMP 6E33EB74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!EnableWindow 774BCD8B 5 Bytes JMP 6E2F9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!DefWindowProcA 774BDB88 7 Bytes JMP 6E2B952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!CreateWindowExA 774BDC2A 5 Bytes JMP 6E2C3363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!CreateWindowExW 774C1305 5 Bytes JMP 6E31FF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!GetKeyState 774C8CB1 5 Bytes JMP 6E29DC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!DefWindowProcW 774D03B4 7 Bytes JMP 6E317C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!IsDialogMessageW 774D0745 5 Bytes JMP 6E446D82 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!CreateDialogParamA 774D17AA 5 Bytes JMP 6E4465F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!IsDialogMessage 774D1847 2 Bytes JMP 6E446D5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!IsDialogMessage + 3 774D184A 2 Bytes [F7, F6] {DIV ESI}
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!CreateDialogIndirectParamA 774D26F1 5 Bytes JMP 6E446660 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!CreateDialogIndirectParamW 774D9A62 5 Bytes JMP 6E446698 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!SetKeyboardState 774E0987 5 Bytes JMP 6E447649 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!DialogBoxParamW 774E10B0 5 Bytes JMP 6E25170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!DialogBoxIndirectParamW 774E2EF5 5 Bytes JMP 6E4462BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!SendInput 774E2F75 5 Bytes JMP 6E4475F1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!EndDialog 774E326E 5 Bytes JMP 6E44702E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!SetCursorPos 774F6FB2 5 Bytes JMP 6E4476CA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!DialogBoxParamA 774F8152 5 Bytes JMP 6E446259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!DialogBoxIndirectParamA 774F847D 5 Bytes JMP 6E446323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!MessageBoxIndirectA 7750D4D9 5 Bytes JMP 6E4461E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!MessageBoxIndirectW 7750D5D3 5 Bytes JMP 6E446167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!MessageBoxExA 7750D639 5 Bytes JMP 6E446103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!MessageBoxExW 7750D65D 5 Bytes JMP 6E44609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!keybd_event 7750D972 5 Bytes JMP 6E4475AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] SHELL32.dll!SHRestricted + D95 762B89A8 4 Bytes [CF, 01, EF, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] SHELL32.dll!SHRestricted + D9D 762B89B0 8 Bytes [E0, 61, EE, 66, 79, F7, EE, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] ole32.dll!OleLoadFromStream 76E91E80 5 Bytes JMP 6E446A8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5476] USER32.dll!EnableWindow 774BCD8B 5 Bytes JMP 6E2F9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5476] USER32.dll!DialogBoxParamW 774E10B0 5 Bytes JMP 6E25170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5476] USER32.dll!DialogBoxIndirectParamW 774E2EF5 5 Bytes JMP 6E4462BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5476] USER32.dll!DialogBoxParamA 774F8152 5 Bytes JMP 6E446259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5476] USER32.dll!DialogBoxIndirectParamA 774F847D 5 Bytes JMP 6E446323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5476] USER32.dll!MessageBoxIndirectA 7750D4D9 5 Bytes JMP 6E4461E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5476] USER32.dll!MessageBoxIndirectW 7750D5D3 5 Bytes JMP 6E446167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5476] USER32.dll!MessageBoxExA 7750D639 5 Bytes JMP 6E446103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5476] USER32.dll!MessageBoxExW 7750D65D 5 Bytes JMP 6E44609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] kernel32.dll!CreateThread 7715CB2E 5 Bytes JMP 6E2B7303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!CreateDialogParamW 774B72A2 5 Bytes JMP 6E446628 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!GetAsyncKeyState 774B863C 5 Bytes JMP 6E29DD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!SetWindowsHookExW 774B87AD 5 Bytes JMP 6E2F2194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!CallNextHookEx 774B8E3B 5 Bytes JMP 6E317BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!UnhookWindowsHookEx 774B98DB 5 Bytes JMP 6E33EB74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!EnableWindow 774BCD8B 5 Bytes JMP 6E2F9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!DefWindowProcA 774BDB88 7 Bytes JMP 6E2B952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!CreateWindowExA 774BDC2A 5 Bytes JMP 6E2C3363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!CreateWindowExW 774C1305 5 Bytes JMP 6E31FF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!GetKeyState 774C8CB1 5 Bytes JMP 6E29DC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!DefWindowProcW 774D03B4 7 Bytes JMP 6E317C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!IsDialogMessageW 774D0745 5 Bytes JMP 6E446D82 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!CreateDialogParamA 774D17AA 5 Bytes JMP 6E4465F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!IsDialogMessage 774D1847 2 Bytes JMP 6E446D5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!IsDialogMessage + 3 774D184A 2 Bytes [F7, F6] {DIV ESI}
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!CreateDialogIndirectParamA 774D26F1 5 Bytes JMP 6E446660 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!CreateDialogIndirectParamW 774D9A62 5 Bytes JMP 6E446698 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!SetKeyboardState 774E0987 5 Bytes JMP 6E447649 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!DialogBoxParamW 774E10B0 5 Bytes JMP 6E25170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!DialogBoxIndirectParamW 774E2EF5 5 Bytes JMP 6E4462BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!SendInput 774E2F75 5 Bytes JMP 6E4475F1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!EndDialog 774E326E 5 Bytes JMP 6E44702E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!SetCursorPos 774F6FB2 5 Bytes JMP 6E4476CA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!DialogBoxParamA 774F8152 5 Bytes JMP 6E446259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!DialogBoxIndirectParamA 774F847D 5 Bytes JMP 6E446323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!MessageBoxIndirectA 7750D4D9 5 Bytes JMP 6E4461E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!MessageBoxIndirectW 7750D5D3 5 Bytes JMP 6E446167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!MessageBoxExA 7750D639 5 Bytes JMP 6E446103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!MessageBoxExW 7750D65D 5 Bytes JMP 6E44609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] USER32.dll!keybd_event 7750D972 5 Bytes JMP 6E4475AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] SHELL32.dll!SHRestricted + D95 762B89A8 4 Bytes [CF, 01, EF, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] SHELL32.dll!SHRestricted + D9D 762B89B0 8 Bytes [E0, 61, EE, 66, 79, F7, EE, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5524] ole32.dll!OleLoadFromStream 76E91E80 5 Bytes JMP 6E446A8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] kernel32.dll!CreateThread 7715CB2E 5 Bytes JMP 6E2B7303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!CreateDialogParamW 774B72A2 5 Bytes JMP 6E446628 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!GetAsyncKeyState 774B863C 5 Bytes JMP 6E29DD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!SetWindowsHookExW 774B87AD 5 Bytes JMP 6E2F2194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!CallNextHookEx 774B8E3B 5 Bytes JMP 6E317BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!UnhookWindowsHookEx 774B98DB 5 Bytes JMP 6E33EB74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!EnableWindow 774BCD8B 5 Bytes JMP 6E2F9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!DefWindowProcA 774BDB88 7 Bytes JMP 6E2B952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!CreateWindowExA 774BDC2A 5 Bytes JMP 6E2C3363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!CreateWindowExW 774C1305 5 Bytes JMP 6E31FF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!GetKeyState 774C8CB1 5 Bytes JMP 6E29DC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!DefWindowProcW 774D03B4 7 Bytes JMP 6E317C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!IsDialogMessageW 774D0745 5 Bytes JMP 6E446D82 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!CreateDialogParamA 774D17AA 5 Bytes JMP 6E4465F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!IsDialogMessage 774D1847 2 Bytes JMP 6E446D5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!IsDialogMessage + 3 774D184A 2 Bytes [F7, F6] {DIV ESI}
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!CreateDialogIndirectParamA 774D26F1 5 Bytes JMP 6E446660 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!CreateDialogIndirectParamW 774D9A62 5 Bytes JMP 6E446698 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!SetKeyboardState 774E0987 5 Bytes JMP 6E447649 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!DialogBoxParamW 774E10B0 5 Bytes JMP 6E25170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!DialogBoxIndirectParamW 774E2EF5 5 Bytes JMP 6E4462BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!SendInput 774E2F75 5 Bytes JMP 6E4475F1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!EndDialog 774E326E 5 Bytes JMP 6E44702E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!SetCursorPos 774F6FB2 5 Bytes JMP 6E4476CA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!DialogBoxParamA 774F8152 5 Bytes JMP 6E446259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!DialogBoxIndirectParamA 774F847D 5 Bytes JMP 6E446323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!MessageBoxIndirectA 7750D4D9 5 Bytes JMP 6E4461E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!MessageBoxIndirectW 7750D5D3 5 Bytes JMP 6E446167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!MessageBoxExA 7750D639 5 Bytes JMP 6E446103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!MessageBoxExW 7750D65D 5 Bytes JMP 6E44609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] USER32.dll!keybd_event 7750D972 5 Bytes JMP 6E4475AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] SHELL32.dll!SHRestricted + D95 762B89A8 4 Bytes [CF, 01, EF, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] SHELL32.dll!SHRestricted + D9D 762B89B0 8 Bytes [E0, 61, EE, 66, 79, F7, EE, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5968] ole32.dll!OleLoadFromStream 76E91E80 5 Bytes JMP 6E446A8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

PurpleCloud248, Jan 9, 2012

#4
PurpleCloud248 Newcomer, in training

Gmer Log part2

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 857151F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 849551F8
Device \Driver\usbuhci \Device\USBPDO-0 869181F8
Device \Driver\sptd \Device\4197792535 splz.sys
Device \Driver\usbuhci \Device\USBPDO-1 869181F8
Device \Driver\usbehci \Device\USBPDO-2 869211F8
Device \Driver\usbuhci \Device\USBPDO-3 869181F8
Device \Driver\usbuhci \Device\USBPDO-4 869181F8
Device \Driver\tdx \Device\Tcp [955B1E58] \SystemRoot\system32\DRIVERS\tdx.sys[.data]
Device \Driver\usbuhci \Device\USBPDO-5 869181F8
Device \Driver\usbehci \Device\USBPDO-6 869211F8
Device \Driver\volmgr \Device\HarddiskVolume1 849551F8
Device \Driver\volmgr \Device\HarddiskVolume2 849551F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 857141F8
Device \Driver\atapi \Device\Ide\IdePort0 857141F8
Device \Driver\atapi \Device\Ide\IdePort1 857141F8
Device \Driver\volmgr \Device\HarddiskVolume3 849551F8
Device \Driver\volmgr \Device\HarddiskVolume4 849551F8
Device \Driver\volmgr \Device\HarddiskVolume5 849551F8
Device \Driver\BTHUSB \Device\00000081 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000083 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\iScsiPrt \Device\RaidPort0 869B01F8
Device \Driver\tdx \Device\Udp [955B1E58] \SystemRoot\system32\DRIVERS\tdx.sys[.data]
Device \Driver\PCI_PNP4522 \Device\0000005d splz.sys
Device \Driver\tdx \Device\RawIp [955B1E58] \SystemRoot\system32\DRIVERS\tdx.sys[.data]
Device \Driver\usbuhci \Device\USBFDO-0 869181F8
Device \Driver\usbuhci \Device\USBFDO-1 869181F8
Device \Driver\usbehci \Device\USBFDO-2 869211F8
Device \Driver\usbuhci \Device\USBFDO-3 869181F8
Device \Driver\usbuhci \Device\USBFDO-4 869181F8
Device \Driver\usbuhci \Device\USBFDO-5 869181F8
Device \Driver\usbehci \Device\USBFDO-6 869211F8
Device \Driver\a1higda0 \Device\Scsi\a1higda01 869091F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfb57dc1e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3da51a97
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x54 0x02 0xA1 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE4 0xFF 0x26 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0xC4 0x0E 0x05 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001bfb57dc1e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3da51a97 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x67 0xA0 0xA0 0xAF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE4 0xFF 0x26 0x72 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0xC4 0x0E 0x05 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB53746$\2520467401 0 bytes
File C:\Windows\$NtUninstallKB53746$\2520467401\@ 2048 bytes
File C:\Windows\$NtUninstallKB53746$\2520467401\bckfg.tmp 870 bytes
File C:\Windows\$NtUninstallKB53746$\2520467401\cfg.ini 176 bytes
File C:\Windows\$NtUninstallKB53746$\2520467401\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB53746$\2520467401\keywords 399 bytes
File C:\Windows\$NtUninstallKB53746$\2520467401\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB53746$\2520467401\L 0 bytes
File C:\Windows\$NtUninstallKB53746$\2520467401\L\qnbwvoto 72192 bytes
File C:\Windows\$NtUninstallKB53746$\2520467401\U 0 bytes
File C:\Windows\$NtUninstallKB53746$\2520467401\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB53746$\2520467401\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB53746$\2520467401\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB53746$\2520467401\U\80000000.@ 11264 bytes
File C:\Windows\$NtUninstallKB53746$\2520467401\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB53746$\2520467401\U\80000032.@ 77312 bytes
File C:\Windows\$NtUninstallKB53746$\515653912 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VU0IP9YJ\tap[4].gif 49 bytes
File C:\Windows\Temp\fla238C.tmp 0 bytes

---- EOF - GMER 1.0.15 ----

PurpleCloud248, Jan 9, 2012

#5
PurpleCloud248 Newcomer, in training

Mbam Log

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.10.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Cheewen Ng :: CHEEWEN-PC [administrator]

1/9/2012 8:37:28 PM
mbam-log-2012-01-09 (20-37-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 178590
Time elapsed: 9 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Smad (Trojan.Agent) -> Data: "C:\Users\Cheewen Ng\AppData\Local\SanctionedMedia\Smad\Smad.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Files Detected: 3
C:\Users\Cheewen Ng\Downloads\dxplayer_setup.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlls.dll_old (Spyware.MarketScore) -> Quarantined and deleted successfully.

(end)

PurpleCloud248, Jan 9, 2012

#6
Broni Malware Annihilator
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Broni, Jan 9, 2012

#7
PurpleCloud248 Newcomer, in training

ComboFix p1

ComboFix 12-01-09.07 - Cheewen Ng 01/09/2012 22:55:19.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.2072 [GMT -5:00]
Running from: c:\users\Cheewen Ng\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB53746$\2520467401\@
c:\windows\$NtUninstallKB53746$\2520467401\bckfg.tmp
c:\windows\$NtUninstallKB53746$\2520467401\cfg.ini
c:\windows\$NtUninstallKB53746$\2520467401\Desktop.ini
c:\windows\$NtUninstallKB53746$\2520467401\keywords
c:\windows\$NtUninstallKB53746$\2520467401\kwrd.dll
c:\windows\$NtUninstallKB53746$\2520467401\L\qnbwvoto
c:\windows\$NtUninstallKB53746$\2520467401\U\00000001.@
c:\windows\$NtUninstallKB53746$\2520467401\U\00000002.@
c:\windows\$NtUninstallKB53746$\2520467401\U\00000004.@
c:\windows\$NtUninstallKB53746$\2520467401\U\80000000.@
c:\windows\$NtUninstallKB53746$\2520467401\U\80000004.@
c:\windows\$NtUninstallKB53746$\2520467401\U\80000032.@
c:\windows\$NtUninstallKB53746$\515653912
c:\windows\$NtUninstallKB53746$ . . . . Failed to delete
.
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.cdrom
-------\Service_.netbt
.
.
((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))
.
.
2012-01-10 01:33 . 2012-01-10 01:33 -------- d-----w- c:\users\Cheewen Ng\AppData\Roaming\Malwarebytes
2012-01-10 01:33 . 2012-01-10 01:33 -------- d-----w- c:\programdata\Malwarebytes
2012-01-10 01:33 . 2012-01-10 01:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-10 01:33 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-07 18:59 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-07 18:58 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-07 18:58 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2012-01-07 18:58 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-01-07 18:58 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-07 18:58 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-07 18:58 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-01-07 18:57 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-12-25 03:47 . 2011-12-25 03:47 -------- d-----w- c:\program files\TimeAdjuster
2011-12-25 03:32 . 2011-12-25 03:32 -------- d-----w- c:\users\Cheewen Ng\AppData\Local\AMP
2011-12-25 03:27 . 2012-01-02 18:19 -------- d-----w- c:\program files\Complitly
2011-12-25 03:26 . 2011-12-25 03:32 -------- d-----w- c:\program files\GustoSoft
2011-12-15 02:20 . 2011-12-15 02:20 -------- d-----w- c:\programdata\HP Product Assistant
2011-12-15 02:18 . 2011-12-15 02:18 -------- d-----w- c:\program files\Hewlett-Packard
2011-12-15 02:16 . 2011-12-15 02:16 -------- d-----w- c:\program files\Common Files\HP
2011-12-13 03:12 . 2011-12-13 03:12 -------- d-----w- c:\users\Cheewen Ng\AppData\Local\SanctionedMedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2011-12-09 13:23 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1990B35C-C553-404C-95E0-3D077377A8E7}\mpengine.dll
2011-11-18 09:18 . 2011-09-01 04:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-06-11 18:05 . 2010-07-21 02:04 253952 ----a-w- c:\program files\mozilla firefox\components\CheckTudouVa.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-04-11 . 1F05B78AB91C9075565A9D8A4B880BC4 . 19944 . . [6.0.6002.18005] . . c:\windows\System32\drivers\atapi.sys
[7] 2009-04-11 . 1F05B78AB91C9075565A9D8A4B880BC4 . 19944 . . [6.0.6002.18005] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[7] 2009-04-11 . 1F05B78AB91C9075565A9D8A4B880BC4 . 19944 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[7] 2008-01-21 . 2D9C903DC76A66813D350A562DE40ED9 . 21560 . . [6.0.6001.18000] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[7] 2008-01-21 . 2D9C903DC76A66813D350A562DE40ED9 . 21560 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[7] 2006-11-02 . 4F4FCB8B6EA06784FB6D475B7EC7300F . 19048 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
.
[7] 2008-01-21 . 53B202ABEE6455406254444303E87BE1 . 17408 . . [6.0.6001.18000] . . c:\windows\System32\drivers\asyncmac.sys
[7] 2008-01-21 . 53B202ABEE6455406254444303E87BE1 . 17408 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.0.6001.18000_none_2457cee334d93e6f\asyncmac.sys
.
[7] 2008-01-21 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\System32\drivers\beep.sys
[7] 2008-01-21 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
.
[7] 2008-01-21 . 37605E0A8CF00CBBA538E753E4344C6E . 35384 . . [6.0.6000.16386] . . c:\windows\System32\drivers\kbdclass.sys
[7] 2008-01-21 . 37605E0A8CF00CBBA538E753E4344C6E . 35384 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\kbdclass.sys
[7] 2008-01-21 . 37605E0A8CF00CBBA538E753E4344C6E . 35384 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\keyboard.inf_f55d5e51\kbdclass.sys
[7] 2008-01-21 . 37605E0A8CF00CBBA538E753E4344C6E . 35384 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\kbdclass.sys
[7] 2008-01-21 . 37605E0A8CF00CBBA538E753E4344C6E . 35384 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6002.18005_none_9939e6e4d61ab7ca\kbdclass.sys
[7] 2008-01-21 . B076B2AB806B3F696DAB21375389101C . 35384 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\kbdclass.sys
[7] 2008-01-21 . B076B2AB806B3F696DAB21375389101C . 35384 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\kbdclass.sys
[7] 2008-01-21 . C9B0CF786D5F151A43C7BE8E243F2819 . 35384 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\kbdclass.sys
[7] 2006-11-02 . 1A48765F92BA1A88445FC25C9C9D94FC . 32872 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\kbdclass.sys
.
[7] 2009-04-11 . 1357274D1883F68300AEADD15D7BBB42 . 527848 . . [6.0.6002.18005] . . c:\windows\System32\drivers\ndis.sys
[7] 2009-04-11 . 1357274D1883F68300AEADD15D7BBB42 . 527848 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[7] 2008-01-21 . 9BDC71790FA08F0A0B5F10462B1BD0B1 . 529464 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
.
[7] 2009-04-11 . 6A4A98CEE84CF9E99564510DDA4BAA47 . 1083880 . . [6.0.6000.16386] . . c:\windows\System32\drivers\ntfs.sys
[7] 2009-04-11 . 6A4A98CEE84CF9E99564510DDA4BAA47 . 1083880 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
[7] 2008-01-21 . B4EFFE29EB4F15538FD8A9681108492D . 1081912 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys
.
[7] 2008-01-21 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\System32\drivers\null.sys
[7] 2008-01-21 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6001.18000_none_a965ed7d1afd0ac7\null.sys
.
[7] 2011-09-20 . 814A1C66FBD4E1B310A517221F1456BF . 905088 . . [6.0.6002.18519] . . c:\windows\System32\drivers\tcpip.sys
[7] 2011-09-20 . 814A1C66FBD4E1B310A517221F1456BF . 905088 . . [6.0.6002.18519] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
[7] 2011-09-20 . 16731B631F28F63CD9F4CB60940E7DDD . 913280 . . [6.0.6002.22719] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
[7] 2011-06-17 . 6647FCE6FC4970DAAFE5C64C794513D3 . 913296 . . [6.0.6002.22662] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970\tcpip.sys
[7] 2011-06-17 . 2756186E287139310997090797E0182B . 905104 . . [6.0.6002.18484] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_b4b2134c63c9c70f\tcpip.sys
[7] 2010-06-16 . 6A10AFCE0B38371064BE41C1FBFD3C6B . 912776 . . [6.0.6002.22425] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[7] 2010-06-16 . A474879AFA4A596B3A531F3E69730DBF . 905088 . . [6.0.6002.18272] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[7] 2010-06-16 . 782568AB6A43160A159B6215B70BCCE9 . 898952 . . [6.0.6001.18493] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[7] 2010-06-16 . 6216A954ED7045B62880A92D6C9B9FC7 . 902032 . . [6.0.6001.22713] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[7] 2010-02-18 . 93A5655CD9CD2F080EF1CB71A3666215 . 902024 . . [6.0.6001.22636] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[7] 2010-02-18 . 2EAE4500984C2F8DACFB977060300A15 . 898952 . . [6.0.6001.18427] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[7] 2010-02-18 . D9F5DD5BBC8348E8F8220CCBF14C022E . 910216 . . [6.0.6002.22341] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[7] 2010-02-18 . 48CBE6D53632D0067C2D6B20F90D84CA . 904576 . . [6.0.6002.18209] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[7] 2010-02-18 . 4A82FA8F0DF67AA354580C3FAAF8BDE3 . 815104 . . [6.0.6000.17021] . . c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[7] 2010-02-18 . 2C1F7005AA3B62721BFDB307BD5F5010 . 818688 . . [6.0.6000.21226] . . c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[7] 2009-08-15 . 2512B4D1353370D6688B1AF1F5AFA1CF . 816640 . . [6.0.6000.21108] . . c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[7] 2009-08-14 . 8A7AD2A214233F684242F289ED83EBC3 . 897608 . . [6.0.6001.18311] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[7] 2009-08-14 . 2608E71AAD54564647D4BB984E1925AA . 900168 . . [6.0.6001.22497] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[7] 2009-08-14 . FF71856BD4CD6D4367F9FD84BE79A874 . 905784 . . [6.0.6002.22200] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
[7] 2009-08-14 . 65877AA1B6A7CB797488E831698973E9 . 904776 . . [6.0.6002.18091] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[7] 2009-08-14 . 300208927321066EA53761FDC98747C6 . 813568 . . [6.0.6000.16908] . . c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[7] 2009-04-11 . 0E6B0885C3D5E4643ED2D043DE3433D8 . 897000 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[7] 2008-04-26 . 82E266BEE5F0167E41C6ECFDD2A79C02 . 891448 . . [6.0.6001.18063] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[7] 2008-04-26 . 01EC1E92595F839BEE70D439C46796E3 . 891448 . . [6.0.6001.22167] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[7] 2008-01-21 . FC6E2835D667774D409C7C7021EAF9C4 . 891448 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
.
[7] 2008-01-21 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6000.16386] . . c:\windows\System32\browser.dll
[7] 2008-01-21 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.0.6001.18000_none_78e926b99dfe756d\browser.dll
.
[7] 2009-09-10 . D09A5DA84B7C9CA9B02EBCD7FAE41C8D . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[7] 2009-09-10 . 2D3AC5E7AC01E905F3ABD2D745FE3A9B . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[7] 2009-09-09 . CB7E838C140B4087B2DA323F2D4523C5 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[7] 2009-06-15 . C731B1FE449D4E9CEA358C9D55B69BE9 . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[7] 2009-06-15 . 6F1F23D3599EAE17734451936B7F17C6 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[7] 2009-06-15 . BA9A67672E025078C77967731BCFC560 . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[7] 2009-06-15 . A911ECAC81F94ADEAFBE8E3F7873EDB0 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[7] 2009-06-15 . 203D86EBD6D8E4C8501B222421E81506 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[7] 2009-06-15 . 3978F3540329E16C0AC3BCF677E5669F . 9728 . . [6.0.6000.16386] . . c:\windows\System32\lsass.exe
[7] 2009-06-15 . 3978F3540329E16C0AC3BCF677E5669F . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[7] 2009-02-13 . F4C62B07E5BF96F1FDCA9DB393ECED22 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe
[7] 2009-02-13 . 59DE082968FDD257FFF0D209B9A5B460 . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[7] 2009-02-13 . AFF8A58280863629CA4FFA9E0B259F1E . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[7] 2008-01-21 . DCF733788C7D088D814E5F80EB4B3E0F . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[7] 2008-01-21 . DCF733788C7D088D814E5F80EB4B3E0F . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[7] 2008-01-21 . DCF733788C7D088D814E5F80EB4B3E0F . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
.
[7] 2008-01-21 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6000.16386] . . c:\windows\System32\netman.dll
[7] 2008-01-21 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.0.6001.18000_none_0fbd1b9651cfd333\netman.dll
.
[7] 2008-01-21 . 4211249955AF9133E2E357CC92B54DFD . 1291264 . . [2001.12.6930.16386] . . c:\windows\System32\comres.dll
[7] 2008-01-21 . 4211249955AF9133E2E357CC92B54DFD . 1291264 . . [2001.12.6930.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6001.18000_none_2cb0dad7e631d923\comres.dll
.
[7] 2009-04-11 . 93952506C6D67330367F7E7934B6A02F . 758784 . . [7.0.6001.18000] . . c:\windows\System32\qmgr.dll
[7] 2009-04-11 . 93952506C6D67330367F7E7934B6A02F . 758784 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll
[7] 2008-01-21 . 02ED7B4DBC2A3232A389106DA7515C3D . 758272 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
.
[7] 2009-04-11 . 3B5B4D53FEC14F7476CA29A20CC31AC9 . 550400 . . [6.0.6000.16386] . . c:\windows\System32\rpcss.dll
[7] 2009-04-11 . 3B5B4D53FEC14F7476CA29A20CC31AC9 . 550400 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
[7] 2009-03-03 . 301AE00E12408650BADDC04DBC832830 . 551424 . . [6.0.6001.18226] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[7] 2009-03-03 . 4DFCBDEF3CCAA98F99038DED78945253 . 551424 . . [6.0.6001.22389] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[7] 2009-03-03 . 7B981222A257D076885BFFB66F19B7CE . 549888 . . [6.0.6000.16830] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[7] 2009-03-03 . B1BB45E24717A7F790B4411C4446EF5E . 550400 . . [6.0.6000.21023] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
[7] 2008-01-21 . 33FB1F0193EE2051067441492D56113C . 547328 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
.
[7] 2009-04-11 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6000.16386] . . c:\windows\System32\services.exe
[7] 2009-04-11 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[7] 2008-01-21 . 2B336AB6286D6C81FA02CBAB914E3C6C . 279040 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
.
[7] 2010-08-17 . AAE98B295E88D439A6E0F6E8929424FB . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4c\spoolsv.exe
[7] 2010-08-17 . 8554097E5136C3BF9F69FE578A1B35F4 . 128000 . . [6.0.6000.16386] . . c:\windows\System32\spoolsv.exe
[7] 2010-08-17 . 8554097E5136C3BF9F69FE578A1B35F4 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_d7d4d063bef46cd2\spoolsv.exe
[7] 2010-08-17 . 3665F79026A3F91FBCA63F2C65A09B19 . 126464 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21\spoolsv.exe
[7] 2010-08-17 . E807FC542C295BA256CE3567829E02A6 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_d6ad0c7edac40f93\spoolsv.exe
[7] 2009-04-11 . 524BFBEA40E6E404737CCBC754647A2E . 127488 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe
[7] 2008-01-21 . 846CDF9A3CF4DA9B306ADFB7D55EE4C2 . 125952 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
.
[7] 2009-04-11 . 898E7C06A350D4A1A64A9EA264D55452 . 314368 . . [6.0.6001.18000] . . c:\windows\System32\winlogon.exe
[7] 2009-04-11 . 898E7C06A350D4A1A64A9EA264D55452 . 314368 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[7] 2008-01-21 . C2610B6BDBEFC053BBDAB4F1B965CB24 . 314880 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
.
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\System32\wuauclt.exe
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wuauclt.exe
[7] 2008-01-21 . 8E93CDF0EA8EDBA63F07E2898A9B2147 . 43008 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.0.6001.18000_none_a052d92e34802200\wuauclt.exe
[7] 2008-01-21 . 8E93CDF0EA8EDBA63F07E2898A9B2147 . 43008 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.0.6002.18005_none_a23e523a31a1ed4c\wuauclt.exe
[7] 2006-11-02 . FF81090B6EF1A42A19DF226632711D25 . 41472 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_6.0.6000.16386_none_acab9aecacae685d\wuauclt.exe
.
[-] 2009-04-11 04:45 . 217F97A3207EABF7C33F67DFE05159CF . 72192 . . [------] . . c:\windows\System32\drivers\tdx.sys
[-] 2009-04-11 04:45 . 217F97A3207EABF7C33F67DFE05159CF . 72192 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
[7] 2008-01-21 . D09276B1FAB033CE1D40DCBDF303D10F . 71680 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys
.
[7] 2010-09-02 . 542A806C74798410ADA0623B9E745C38 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6002.22480_none_3bb5b9b7ee7c46da\comctl32.dll
[7] 2010-09-02 . 2429BBFFCE9EDB193232DE902F88C688 . 1686016 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.22480_none_45f1fca2222ab96c\comctl32.dll
[7] 2010-09-02 . 63A65EA959BD32B01F02E847CB16C63D . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.22480_none_8ada5c8366e90385\comctl32.dll
[7] 2010-09-01 . FFBE05ED8338B17940DEA55FA6BC6F03 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.22755_none_39f4b905f1391c96\comctl32.dll
[7] 2010-09-01 . 168B034C75B85AFD667AC8D0C9003312 . 1685504 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.22755_none_4612924c21dcda90\comctl32.dll
[7] 2010-09-01 . 640C4514157B3C6FE1E05B135FCB95B4 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.22755_none_8a5499024dc7b801\comctl32.dll
[7] 2010-08-31 . DC8891A9203810FC994E7FCCF76E94C8 . 531968 . . [5.82] . . c:\windows\System32\comctl32.dll
[7] 2010-08-31 . DC8891A9203810FC994E7FCCF76E94C8 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6002.18305_none_3b879dbed519463b\comctl32.dll
[7] 2010-08-31 . BE3C082837866C4C291ADAF163C10EA6 . 1686016 . . [6.10] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
[7] 2010-08-31 . 35ACD5EA63D75E97DD0E9A1629E582B2 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
[7] 2010-08-31 . 457366B876CEAB9E92DDF976B8520CB6 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.18523_none_39898984d804f924\comctl32.dll
[7] 2010-08-31 . D702B4E30B31BFCAB7BD4E5965C1A5DC . 1684480 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
[7] 2010-08-31 . E402A6E79D1E4DBFEBA8B364C67A3158 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18523_none_886c608850a2f36f\comctl32.dll
[7] 2009-04-11 . 0C2236FB7195A1CF2A632D530349E673 . 1686016 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
[7] 2008-01-21 . 50CDFD99E606D172875E73B87C64053D . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.18000_none_399c1f00d7f7837a\comctl32.dll
[7] 2008-01-21 . 58D3C1519096F3D9E07EEC5F5FC64885 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18000_none_886786f450a74a05\comctl32.dll
[7] 2008-01-21 . A5BB4537004C8DCC096A952EF1E20FE9 . 1684480 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
[7] 2006-11-02 . B28A9B2300A250B703D44C1759AF2605 . 1648128 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
[7] 2006-11-02 . 4A05089F43041903A3C523A3C16E3350 . 537088 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\comctl32.dll
.
[7] 2009-04-11 . FB27772BEAF8E1D28CCD825C09DA939B . 129024 . . [6.0.6000.16386] . . c:\windows\System32\cryptsvc.dll
[7] 2009-04-11 . FB27772BEAF8E1D28CCD825C09DA939B . 129024 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll
[7] 2008-01-21 . 6DE363F9F99334514C46AEC02D3E3678 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
.
[7] 2009-04-11 . 67058C46504BC12D821F38CF99B7B28F . 268800 . . [2001.12.6932.18005] . . c:\windows\System32\es.dll
[7] 2009-04-11 . 67058C46504BC12D821F38CF99B7B28F . 268800 . . [2001.12.6932.18005] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6002.18005_none_0ed918294edf6b75\es.dll
[7] 2008-04-19 . 131B7E46A7ACD49CB56BB03917A76DE3 . 268800 . . [2001.12.6930.20818] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.20818_none_0b8e318c6db592d2\es.dll
[7] 2008-04-19 . 7B4971C3D43525175A4EA0D143E0412E . 268800 . . [2001.12.6930.16677] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.16677_none_0ac2b30954c98430\es.dll
[7] 2008-04-18 . 3CB3343D720168B575133A0A20DC2465 . 269312 . . [2001.12.6931.18057] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0cbe918751dfdd3f\es.dll
[7] 2008-04-18 . 776D75AF432C598068CC933C7421171B . 269312 . . [2001.12.6931.22162] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.22162_none_0d385cf46b0a1a47\es.dll
[7] 2008-01-21 . F4BF4FA769DB51B106D2B4B35256988B . 262144 . . [2001.12.6931.18000] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18000_none_0ced9f1d51bda029\es.dll
.
[7] 2009-04-11 . C8BDCECEE082B54F0BAC838BF0A34597 . 114688 . . [6.0.6002.18005] . . c:\windows\System32\imm32.dll
[7] 2009-04-11 . C8BDCECEE082B54F0BAC838BF0A34597 . 114688 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_5e419722778cc84e\imm32.dll
[7] 2008-01-21 . EC17194A193CD8E90D27CFB93DFA9A2E . 114688 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\imm32.dll
.
[7] 2011-04-12 . 574B473FACAA0E91702B86578440B525 . 892416 . . [6.0.6001.18000] . . c:\windows\System32\kernel32.dll
[7] 2011-04-12 . 574B473FACAA0E91702B86578440B525 . 892416 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18449_none_9582275d538a1db6\kernel32.dll
[7] 2011-04-12 . 7062DEB220FA1CCB1B65FC40D6E7D807 . 893440 . . [6.0.6002.22625] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.22625_none_961d64be6c9b1d69\kernel32.dll
[7] 2011-04-12 . 306835D4E74E49A5D10F0FCA0B422EB1 . 890368 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18631_none_939e812b5662e4c2\kernel32.dll
[7] 2011-04-12 . 497A2DA8181560B3E2F8FFE0092FD1E6 . 892928 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22898_none_93ee425a6faadaba\kernel32.dll
[7] 2009-04-11 . BB8509089E7DF514310814E1B2593FFC . 891392 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_95a95e4d536d53fa\kernel32.dll
[7] 2009-02-13 . DB6E3731E6F5C8AE2843F80B5787F7C6 . 888832 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
[7] 2009-02-13 . 1987D817D08F5EAF0B7F334026FDDB79 . 890880 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
[7] 2009-02-13 . B82C7AC1D559F0FD088792171D64C7F3 . 875520 . . [6.0.6000.16820] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[7] 2009-02-13 . BB792054BD990EC05D9E260D50FEAD39 . 875520 . . [6.0.6000.21010] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[7] 2008-01-21 . DC2338093F91BA4E0512208E60206DDD . 888320 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll
.
[7] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\System32\linkinfo.dll
[7] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-linkinfo_31bf3856ad364e35_6.0.6000.16386_none_362e7020a86900de\linkinfo.dll
.
[7] 2011-02-16 . 08F5BC2DC64C4D97931A28058F238D80 . 23552 . . [6.0.6002.22589] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22589_none_abf5b7af710301e2\lpk.dll
[7] 2011-02-16 . 0F1AF051D2B58411341B70360852AA36 . 23552 . . [6.0.6001.22854] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22854_none_aa2ab41973c8da38\lpk.dll
[7] 2011-01-08 . 9259B5AD10104BB0847013A70A0A6F32 . 23552 . . [6.0.6002.22566] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22566_none_ac0856a970f57dfb\lpk.dll
[7] 2011-01-08 . 53B04A1B4BB0C84B063AA7219083FC16 . 23552 . . [6.0.6001.22830] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22830_none_aa3c52c973bc3cfa\lpk.dll
[7] 2010-10-28 . 52212E87A6E94FB997728259D836D605 . 23552 . . [6.0.6002.22514] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22514_none_ac3c65b170cebf98\lpk.dll
[7] 2010-10-28 . 61112C628C7883DD7F63D2DF6C6FF108 . 23552 . . [6.0.6001.22787] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22787_none_aa0d434d73de7ce9\lpk.dll
[7] 2010-05-26 . A58A8CF30FBDB8969C24B0820B0F2976 . 23552 . . [6.0.6002.22412] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22412_none_ac3a633770d08fc3\lpk.dll
[7] 2010-05-26 . 021F8740EFF00B65889FD1AD4C634498 . 23552 . . [6.0.6001.22700] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22700_none_aa5cc0a773a3ec00\lpk.dll
[7] 2009-10-19 . 7BE32E67440BB5B2205C5402A2FBDE25 . 24064 . . [6.0.6000.16939] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2\lpk.dll
[7] 2009-10-19 . 1C8BB8BB211F8ADB8E51FC2FF5C411D6 . 24064 . . [6.0.6000.21142] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21142_none_a84d1555769c394e\lpk.dll
[7] 2009-10-19 . 6223ACDEE46548B706EE8E8C51A985B0 . 23552 . . [6.0.6001.22544] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22544_none_aa357e5373c0c6d2\lpk.dll
[7] 2009-10-19 . 7ABEC59B0338BAA1261190B89B2B90E6 . 23552 . . [6.0.6002.22247] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22247_none_ac1ef11970e467fb\lpk.dll
[7] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\System32\lpk.dll
[7] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18124_none_aba7f34857b9444a\lpk.dll
[7] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18262_none_ab7ab4ea57db7e87\lpk.dll
[7] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18336_none_ab9f27bc57bf8d37\lpk.dll
[7] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18371_none_ab6ee69a57e47e48\lpk.dll
[7] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18405_none_abbe991c57a81d34\lpk.dll
[7] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785a865d4c\lpk.dll
[7] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18344_none_a9abdfa25aa329e1\lpk.dll
[7] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18482_none_a97ea1445ac5641e\lpk.dll
[7] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18547_none_a9aee44c5aa07034\lpk.dll
[7] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18579_none_a990751c5ab6f6b5\lpk.dll
[7] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18599_none_a97ad5445ac72e97\lpk.dll
[7] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18005_none_abbe918457a82898\lpk.dll
.
[7] 2011-11-03 . A21B983E40578D0E6CFA9864AC4E1219 . 12279808 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.20544_none_d3ad4b5d7938e4df\mshtml.dll
[7] 2011-11-03 . 66C0AEE61D1C5C35BF1B4642A153B114 . 12279808 . . [9.00.8112.16421] . . c:\windows\System32\mshtml.dll
[7] 2011-11-03 . 66C0AEE61D1C5C35BF1B4642A153B114 . 12279808 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.16440_none_d31fad6a601edfb9\mshtml.dll
[7] 2011-09-01 . 04E0CD31A63DFC0D73725A3D1768FB5A . 12275200 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.16437_none_d3317f5c60107529\mshtml.dll
[7] 2011-09-01 . 8C93AED0A332209434B62162D03C38C9 . 12275200 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.20537_none_d3bb1c27792e14f3\mshtml.dll
[7] 2011-07-26 . 3F63F95C998F7E1AF409BC74E83D45E5 . 12269056 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.16430_none_d32a7d566016c3c8\mshtml.dll
[7] 2011-07-22 . E6D5C7E4AAC0C682169AA5021386EFF3 . 12273664 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.16434_none_d32e7e7e60132924\mshtml.dll
[7] 2011-07-22 . F2966190D2C20C585A730F9C0B3C7373 . 12273664 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.20534_none_d3b81b497930c8ee\mshtml.dll
[7] 2011-05-28 . 7AF8A6DB4596E3BB3309BABA661EB523 . 5967360 . . [8.00.6001.23181] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23181_none_f6602e0551547f04\mshtml.dll
[7] 2011-05-28 . 6D1E32A3C964BAF06B7973E7B18E3212 . 5964800 . . [8.00.6001.19088] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19088_none_f5dd93403830909b\mshtml.dll
[7] 2010-12-18 . 0DA63A2B1D6D55E6005F4552D22E7BBE . 5962240 . . [8.00.6001.23111] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23111_none_f6abdd79511bbb6d\mshtml.dll
[7] 2010-12-18 . 42B87D22378C1EF98F3B6F410C2670AA . 5961216 . . [8.00.6001.19019] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19019_none_f62a42fe37f6e65b\mshtml.dll
[7] 2010-11-02 . 9FCC1F6457A84902EA7545B568B5AEDB . 5960704 . . [8.00.6001.23091] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23091_none_f6555c33515c9dce\mshtml.dll
[7] 2010-11-02 . 9AC463498C480E9EB3C63DC21E4F29C8 . 5959168 . . [8.00.6001.18999] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18999_none_f5d3eb7c383792a1\mshtml.dll
[7] 2010-09-08 . E993FB26BFAC2887BFE8DDAC4DC9180A . 5958656 . . [8.00.6001.23067] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23067_none_f67bcdb3513ee205\mshtml.dll
[7] 2010-09-08 . 1704FC902E1B53EF87593D60FD312A55 . 5957120 . . [8.00.6001.18975] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18975_none_f5e58a2c382af563\mshtml.dll
[7] 2010-06-26 . DF63821381A08F65174BA42745B1C79B . 5954560 . . [8.00.6001.23040] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23040_none_f68a6b855134f8c2\mshtml.dll
[7] 2010-06-26 . D6168759945CD6BC2DB4BFCD4E94B399 . 5951488 . . [8.00.6001.18943] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18943_none_f603f95c38146ee2\mshtml.dll
[7] 2010-05-04 . 62F23130C89F1EE5C0C9EEAB0685D1E5 . 5953024 . . [8.00.6001.23019] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23019_none_f6b3dde3511488fe\mshtml.dll
[7] 2010-05-04 . B1E862448C38B0F70139BC28F67332DE . 5950976 . . [8.00.6001.18928] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18928_none_f61e9aa637ffb5b3\mshtml.dll
[7] 2010-03-11 . 08A647C3B5ECA022D302EF9D5C0C8D10 . 3602944 . . [7.00.6002.22360] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22360_none_15724b45389e0973\mshtml.dll
[7] 2010-03-11 . 1FB6B5513C5986FAED9ADF2BAD543097 . 3587072 . . [7.00.6001.22653] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22653_none_1399aa273b6ce463\mshtml.dll
[7] 2010-03-09 . A01004B13E763DB42BF0F19DBEB62F51 . 3599872 . . [7.00.6000.17037] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.17037_none_1143440c25151a16\mshtml.dll
[7] 2010-03-09 . C0BF3F7D312BBE4773F7DF43EC999722 . 3602944 . . [7.00.6000.21242] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21242_none_11bd115f3e3f5445\mshtml.dll
[7] 2010-03-09 . B0A6D956D4950E55265A8ACDC58C2F39 . 3586048 . . [7.00.6001.18444] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18444_none_131bdbac224644d8\mshtml.dll
[7] 2010-03-09 . 2BBAE33B3393896FFC381EEEE02AB98E . 3601920 . . [7.00.6002.18226] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18226_none_1519efe61f5a91ef\mshtml.dll
[7] 2010-02-23 . 27DB55375D8F8045A27E016BB21B17C0 . 5946880 . . [8.00.6001.22995] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22995_none_f65985395158cfe8\mshtml.dll
[7] 2010-02-23 . 8D5FB97AE3D30CCDD8C9D8AF447C7D09 . 5944832 . . [8.00.6001.18904] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18904_none_f630395637f31875\mshtml.dll
[7] 2009-04-11 . A4D04D404AFC1D30EDA01EE50D27AA51 . 3596288 . . [7.00.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18005_none_152e8ba81f4b4668\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18702_none_f62e34f637f4eb79\mshtml.dll
[7] 2008-01-21 . 48E05FD07045BB2E5CFC43C970CAF1E7 . 3578368 . . [7.00.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18000_none_1343129c22297b1c\mshtml.dll
.
[7] 2009-04-11 . F5E991236960137B1F5449C5E5DF4656 . 679936 . . [7.0.6002.18005] . . c:\windows\System32\msvcrt.dll
[7] 2009-04-11 . F5E991236960137B1F5449C5E5DF4656 . 679936 . . [7.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll
[7] 2008-01-21 . 04CBEAA089B6A752B3EB660BEE8C4964 . 680448 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll
.
[7] 2009-04-11 . 8617350C9B590B63E620881092751BCB . 223232 . . [6.0.6000.16386] . . c:\windows\System32\mswsock.dll
[7] 2009-04-11 . 8617350C9B590B63E620881092751BCB . 223232 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[7] 2008-01-21 . 89FD0595EEA4E505CABEFCF7008F2612 . 223232 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
.
[7] 2009-04-11 . 95DAECF0FB120A7B5DA679CC54E37DDE . 592896 . . [6.0.6001.18000] . . c:\windows\System32\netlogon.dll
[7] 2009-04-11 . 95DAECF0FB120A7B5DA679CC54E37DDE . 592896 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[7] 2008-01-21 . A8EFC0B6E75B789F7FD3BA5025D4E37F . 592384 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
.
[7] 2009-04-11 . 9A7F4B2EDACD11444D048AA19CBB26AF . 98816 . . [6.0.6001.18000] . . c:\windows\System32\powrprof.dll
[7] 2009-04-11 . 9A7F4B2EDACD11444D048AA19CBB26AF . 98816 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6002.18005_none_a505176cf9fa2abd\powrprof.dll
[7] 2008-01-21 . 51832219A52C3535BF4771C375E63F9B . 97280 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6001.18000_none_a3199e60fcd85f71\powrprof.dll
.
[7] 2009-04-11 . 8FC182167381E9915651267044105EE1 . 177152 . . [6.0.6000.16386] . . c:\windows\System32\scecli.dll
[7] 2009-04-11 . 8FC182167381E9915651267044105EE1 . 177152 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[7] 2008-01-21 . 28B84EB538F7E8A0FE8B9299D591E0B9 . 177152 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
.
[7] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\sfc.dll
[7] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6001.18000_none_a735c34c5c31a578\sfc.dll

PurpleCloud248, Jan 9, 2012

#8
PurpleCloud248 Newcomer, in training

ComboFix p2

.
[7] 2008-01-21 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6000.16386] . . c:\windows\System32\svchost.exe
[7] 2008-01-21 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
.
[7] 2009-04-11 . D7673E4B38CE21EE54C59EEEB65E2483 . 242688 . . [6.0.6000.16386] . . c:\windows\System32\tapisrv.dll
[7] 2009-04-11 . D7673E4B38CE21EE54C59EEEB65E2483 . 242688 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.0.6002.18005_none_e52851e7e21463cb\tapisrv.dll
[7] 2008-01-21 . 680916BB09EE0F3A6ACA7C274B0D633F . 242688 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.0.6001.18000_none_e33cd8dbe4f2987f\tapisrv.dll
.
[7] 2009-04-11 . 75510147B94598407666F4802797C75A . 627712 . . [6.0.6001.18000] . . c:\windows\System32\user32.dll
[7] 2009-04-11 . 75510147B94598407666F4802797C75A . 627712 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[7] 2008-01-21 . B974D9F06DC7D1908E825DC201681269 . 627200 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
.
[7] 2008-01-21 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] . . c:\windows\System32\userinit.exe
[7] 2008-01-21 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
[7] 2011-11-03 . 32569DF2F9BEF05DD7D56E30590EDFD9 . 1127424 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20544_none_c2532c3ef8e27ba9\wininet.dll
[7] 2011-11-03 . 02F98B5C0E397AD06124D84428CF8F1A . 1127424 . . [9.00.8112.16421] . . c:\windows\System32\wininet.dll
[7] 2011-11-03 . 02F98B5C0E397AD06124D84428CF8F1A . 1127424 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16440_none_c1c58e4bdfc87683\wininet.dll
[7] 2011-09-01 . D3788D91530CFA005BD516189A4C676E . 1126912 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16437_none_c1d7603ddfba0bf3\wininet.dll
[7] 2011-09-01 . C0FCEE8D760C70DB6EF858BB2262288E . 1126912 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20537_none_c260fd08f8d7abbd\wininet.dll
[7] 2011-07-26 . A1236375B74EA63C75657D564890C436 . 1126912 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16421_none_c1dc2e6ddfb757f8\wininet.dll
[7] 2011-07-22 . 2C7332C222D1FE1FC57D622699A8C001 . 1126912 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16434_none_c1d45f5fdfbcbfee\wininet.dll
[7] 2011-07-22 . AA75F065975FCE762FC9BBF5A3C08368 . 1126912 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20534_none_c25dfc2af8da5fb8\wininet.dll
[7] 2011-05-28 . E1E66EB05099B9DDCA178A9A00FCFF74 . 919552 . . [8.00.6001.23181] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23181_none_e5060ee6d0fe15ce\wininet.dll
[7] 2011-05-28 . DE4685DE5130039FA63DA66C0F72F787 . 916480 . . [8.00.6001.19088] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19088_none_e4837421b7da2765\wininet.dll
[7] 2010-12-18 . 7D6AACE6BF60B5A1D572E082DEC9F0F0 . 919552 . . [8.00.6001.23111] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23111_none_e551be5ad0c55237\wininet.dll
[7] 2010-12-18 . 74BCC23D622F32DA0450D164735ACAB1 . 916480 . . [8.00.6001.19019] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19019_none_e4d023dfb7a07d25\wininet.dll
[7] 2010-11-02 . D364DEB34DB229A4C1EFB1BC68F505C4 . 919552 . . [8.00.6001.23091] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23091_none_e4fb3d14d1063498\wininet.dll
[7] 2010-11-02 . 5681261BF2572F8776E1344DCB090C0B . 916480 . . [8.00.6001.18999] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18999_none_e479cc5db7e1296b\wininet.dll
[7] 2010-09-08 . 6D4B5C39BB00A8BD98462664E73AC403 . 919552 . . [8.00.6001.23067] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23067_none_e521ae94d0e878cf\wininet.dll
[7] 2010-09-08 . 545264F1F3AC5BD57B159EBBDC4FDC58 . 916480 . . [8.00.6001.18975] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18975_none_e48b6b0db7d48c2d\wininet.dll
[7] 2010-06-26 . F60F99762FABCD7F4B53A4A0EBAE3505 . 919040 . . [8.00.6001.23040] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23040_none_e5304c66d0de8f8c\wininet.dll
[7] 2010-06-26 . 78D42E00B5AB233F34116C0EF07F1BC9 . 916480 . . [8.00.6001.18943] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18943_none_e4a9da3db7be05ac\wininet.dll
[7] 2010-05-04 . 9DF755B063C647A1CAEB17F3E2FDDE1D . 919040 . . [8.00.6001.23019] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23019_none_e559bec4d0be1fc8\wininet.dll
[7] 2010-05-04 . F317362AEB06140E7FB1B29331FDC038 . 916480 . . [8.00.6001.18928] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18928_none_e4c47b87b7a94c7d\wininet.dll
[7] 2010-03-11 . C5EC0879DF48AB8846FFFC21F707A504 . 834560 . . [7.00.6002.22360] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22360_none_04182c26b847a03d\wininet.dll
[7] 2010-03-11 . 2744014FD9E9069E73CBC7797ACEDCDD . 834048 . . [7.00.6001.22653] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22653_none_023f8b08bb167b2d\wininet.dll
[7] 2010-03-09 . 0F340B61FA7221DDF8B8375BC0217B71 . 832512 . . [7.00.6000.17037] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.17037_none_ffe924eda4beb0e0\wininet.dll
[7] 2010-03-09 . F245376BFFED63999B0290601128A72A . 841216 . . [7.00.6000.21242] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21242_none_0062f240bde8eb0f\wininet.dll
[7] 2010-03-09 . 76C9A358D176DD7904C8A72BB7235608 . 833024 . . [7.00.6001.18444] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18444_none_01c1bc8da1efdba2\wininet.dll
[7] 2010-03-09 . 1846CD5B8EE042DB00DEB0A50ABF6737 . 834048 . . [7.00.6002.18226] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18226_none_03bfd0c79f0428b9\wininet.dll
[7] 2010-02-23 . 24427C9C96556887A2F161800F00B2DE . 919040 . . [8.00.6001.22995] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22995_none_e4ff661ad10266b2\wininet.dll
[7] 2010-02-23 . EC3B3E6071E3FCD4290BFD42676EE064 . 916480 . . [8.00.6001.18904] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18904_none_e4d61a37b79caf3f\wininet.dll
[7] 2009-04-11 . 8777B44511D8BCCF47B5A7CBDC02DE11 . 828416 . . [7.00.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18005_none_03d46c899ef4dd32\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\wininet.dll
[7] 2008-01-21 . 455D715A840579BDC1CF8E5C1DA76849 . 825856 . . [7.00.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18000_none_01e8f37da1d311e6\wininet.dll
.
[7] 2008-01-21 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] . . c:\windows\System32\ws2_32.dll
[7] 2008-01-21 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
.
[7] 2006-11-02 . 17C0671BF57057108A6D949510EE42C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\ws2help.dll
[7] 2006-11-02 . 17C0671BF57057108A6D949510EE42C8 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\ws2help.dll
.
[7] 2009-04-11 . D07D4C3038F3578FFCE1C0237F2A1253 . 2926592 . . [6.0.6000.16386] . . c:\windows\explorer.exe
[7] 2009-04-11 . D07D4C3038F3578FFCE1C0237F2A1253 . 2926592 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[7] 2008-10-30 . 50BA5850147410CDE89C523AD3BC606E . 2927616 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[7] 2008-10-29 . 4F554999D7D5F05DAAEBBA7B5BA1089D . 2927104 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[7] 2008-10-29 . 37440D09DEAE0B672A04DCCF7ABF06BE . 2923520 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[7] 2008-10-28 . E7156B0B74762D9DE0E66BDCDE06E5FB . 2923520 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[7] 2008-01-21 . FFA764631CB70A30065C12EF8E174F9F . 2927104 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
.
[7] 2008-01-21 . 467A3B03E924B7B7EDD16D34740574B0 . 134656 . . [6.0.6000.16386] . . c:\windows\regedit.exe
[7] 2008-01-21 . 467A3B03E924B7B7EDD16D34740574B0 . 134656 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
.
[7] 2010-06-28 . 7C6F74A11FCF5745B36CB8085B7DE3FB . 1316864 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.22433_none_ae70528d08aae434\ole32.dll
[7] 2010-06-28 . 9586E7CB2255A8B097A7E4538202585E . 1316864 . . [6.0.6000.16386] . . c:\windows\System32\ole32.dll
[7] 2010-06-28 . 9586E7CB2255A8B097A7E4538202585E . 1316864 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.18277_none_adbf7553efaa1c63\ole32.dll
[7] 2010-06-28 . 64A319477AF21806B8A17E8A3A3FF8BC . 1315840 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.22720_none_ac91afb30b7f271a\ole32.dll
[7] 2010-06-28 . AA406846DD60E3A4536DBAAB4037B685 . 1315840 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18498_none_abc461f7f2931b51\ole32.dll
[7] 2009-04-11 . C50A0AB19094BC362FBA69E105EBCCFD . 1316864 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.18005_none_ae092067ef732bd0\ole32.dll
[7] 2008-01-21 . 3B634E4BE373D6D987EBF906B43FAAB3 . 1315328 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18000_none_ac1da75bf2516084\ole32.dll
.
[7] 2010-04-16 . E609A492AD596187CEA24E8418FF082F . 502784 . . [1.0626.6002.22384] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.22384_none_af1813076efd8bc3\usp10.dll
[7] 2010-04-16 . 80FFF14F1757B9AF8BE9D314FC1AE88B . 502272 . . [1.0626.6002.18244] . . c:\windows\System32\usp10.dll
[7] 2010-04-16 . 80FFF14F1757B9AF8BE9D314FC1AE88B . 502272 . . [1.0626.6002.18244] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.18244_none_aeb9b5ec55bf7c35\usp10.dll
[7] 2010-04-16 . 8CB1162DD3586683D71BCB303C1FF54F . 502272 . . [1.0626.6001.22672] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.22672_none_ad3a707771d0e800\usp10.dll
[7] 2010-04-16 . A23E4692716C25E5AEA300ED74E73A1C . 501760 . . [1.0626.6001.18461] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.18461_none_acbaa16858ac15c7\usp10.dll
[7] 2009-04-11 . 5A8E28037289FCCBF7AD3FC57DF7048F . 502272 . . [1.0626.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.18005_none_aee5f21a559e2b7a\usp10.dll
[7] 2008-01-21 . 3122DAF86B33ED8AC4662D07593025D7 . 501760 . . [1.0626.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.18000_none_acfa790e587c602e\usp10.dll
.
[7] 2006-11-02 . 919CC2A0476D5A6A4C935D4B88E29912 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\ksuser.dll
[7] 2006-11-02 . 919CC2A0476D5A6A4C935D4B88E29912 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.0.6001.18000_none_e8019c5c974c4491\ksuser.dll
.
[7] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\System32\ctfmon.exe
[7] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe
.
[7] 2009-07-10 . 1E3FDB80E40A3CE645F229DFBDFB7694 . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18287_none_cce0e39c1d282219\shsvcs.dll
[7] 2009-07-10 . 94285A002D2826D2FD1C0806455136E9 . 245760 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16883_none_caf6a3ce20052bcc\shsvcs.dll
[7] 2009-07-10 . 6898575E052CE7CB1CB87622EF187CDA . 245760 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.21081_none_cb7e18273924cc2a\shsvcs.dll
[7] 2009-07-10 . 6669714ACE90E9BB4E8C1D550C67B160 . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.22467_none_cd80222536358728\shsvcs.dll
[7] 2009-07-10 . F0942394F642F5CE3D9A86474FA293FA . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.22169_none_cf6894a1335a0efa\shsvcs.dll
[7] 2009-07-10 . C7230FBEE14437716701C15BE02C27B8 . 247808 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[7] 2009-07-10 . C7230FBEE14437716701C15BE02C27B8 . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18063_none_ced8f61a1a41d726\shsvcs.dll
[7] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622e\shsvcs.dll
[7] 2008-01-21 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll
.
[7] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] . . c:\windows\System32\cngaudit.dll
[7] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
.
[7] 2008-01-21 . 101BA3EA053480BB5D957EF37C06B5ED . 96768 . . [6.0.6000.16386] . . c:\windows\System32\wininit.exe
[7] 2008-01-21 . 101BA3EA053480BB5D957EF37C06B5ED . 96768 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
.
[7] 2009-04-11 . 9E6894EA18DAFF37B63E1005F83AE4AB . 107008 . . [6.0.6000.16386] . . c:\windows\System32\regsvc.dll
[7] 2009-04-11 . 9E6894EA18DAFF37B63E1005F83AE4AB . 107008 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.0.6002.18005_none_8b517ec580991c4d\regsvc.dll
[7] 2008-01-21 . CC4E32400F3C7253400CF8F3F3A0B676 . 106496 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.0.6001.18000_none_896605b983775101\regsvc.dll
.
[7] 2010-11-06 . 7B587B8A6D4A99F79D2902D0385F29BD . 603648 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18551_none_2ecc18bd972a0f87\schedsvc.dll
[7] 2010-11-05 . 4B71C228530440F853F9C30E308F00E9 . 604672 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.22791_none_2f2a77beb0681c3c\schedsvc.dll
[7] 2010-11-05 . 38AE0400578FD396628F21A571473A3B . 602112 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.22519_none_316f6d3cad4659b7\schedsvc.dll
[7] 2010-11-04 . 1A58069DB21D05EB2AB58EE5753EBE8D . 601600 . . [6.0.6001.18000] . . c:\windows\System32\schedsvc.dll
[7] 2010-11-04 . 1A58069DB21D05EB2AB58EE5753EBE8D . 601600 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.18342_none_30be5cc194475f38\schedsvc.dll
[7] 2009-04-11 . 323AE0BDFD2EB15B668DDA50CC597329 . 595456 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.18005_none_30ec979d94244404\schedsvc.dll
[7] 2008-01-21 . 1D5E99DB3C10F4FA034010DC49043CA4 . 596992 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18000_none_2f011e91970278b8\schedsvc.dll
[7] 2008-01-21 . 886CEC884B5BE29AB9828B8AB46B11F7 . 595456 . . [6.0.6000.16609] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.16609_none_2d23e28599d3cbd6\schedsvc.dll
[7] 2008-01-21 . BF17DA9F25A4F84C2577AC13EE126CB7 . 595968 . . [6.0.6000.20734] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.20734_none_2d880e1ab30e40c0\schedsvc.dll
.
[7] 2008-01-21 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\System32\ssdpsrv.dll
[7] 2008-01-21 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.0.6001.18000_none_7fc972ebd13849b5\ssdpsrv.dll
.
[7] 2009-04-11 . BB95DA09BEF6E7A131BFF3BA5032090D . 449024 . . [6.0.6001.18000] . . c:\windows\System32\termsrv.dll
[7] 2009-04-11 . BB95DA09BEF6E7A131BFF3BA5032090D . 449024 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_908abad45165e2ae\termsrv.dll
[7] 2008-01-21 . D605031E225AACCBCEB5B76A4F1603A6 . 448512 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll
.
[7] 2008-01-21 . A952D0DED445F26AEFCF593A935AB300 . 289792 . . [6.0.6000.16386] . . c:\windows\System32\hnetcfg.dll
[7] 2008-01-21 . A952D0DED445F26AEFCF593A935AB300 . 289792 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.0.6001.18000_none_b03645b494998691\hnetcfg.dll
.
[7] 2008-01-21 . 13F9E33747E6B41A3FF305C37DB0D360 . 56376 . . [6.0.6000.16386] . . c:\windows\System32\drivers\AGP440.sys
[7] 2008-01-21 . 13F9E33747E6B41A3FF305C37DB0D360 . 56376 . . [6.0.6001.18000] . . c:\windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[7] 2008-01-21 . 13F9E33747E6B41A3FF305C37DB0D360 . 56376 . . [6.0.6001.18000] . . c:\windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[7] 2008-01-21 . 13F9E33747E6B41A3FF305C37DB0D360 . 56376 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[7] 2008-01-21 . 13F9E33747E6B41A3FF305C37DB0D360 . 56376 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[7] 2006-11-02 . EF23439CDD587F64C2C1B8825CEAD7D8 . 53864 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
.
[7] 2008-01-21 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\System32\ias.dll
[7] 2008-01-21 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.0.6001.18000_none_f900daa442864318\ias.dll
[7] 2008-01-21 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.0.6002.18005_none_faec53b03fa80e64\ias.dll
.
[7] 2010-08-31 16:49 . 5E9F187AC6BADB58C21C4E3A18DD1F62 . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6002.22478_none_f53f7ef86c05abb0\mfc40u.dll
[7] 2010-08-31 15:46 . 2A64FE405579BB073FBABD68AF1468E7 . 954288 . . [4.1.6140] . . c:\windows\System32\mfc40u.dll
[7] 2010-08-31 15:46 . 2A64FE405579BB073FBABD68AF1468E7 . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6002.18305_none_f4fe90c352b1fc4a\mfc40u.dll
[7] 2010-08-31 15:41 . 13D0F7769927B74782CB59D8CCEF9E10 . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6001.18523_none_f3007c89559daf33\mfc40u.dll
[7] 2010-08-31 15:17 . 1C1486BB262DF6DFD298110BC495906E . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6001.22754_none_f36aabc06ed2b94e\mfc40u.dll
[7] 2006-11-02 09:46 . BA8639F9EB0F74F2946DE6DE1AF4691F . 924944 . . [4.1.6140] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6000.16386_none_f0dc500958a528b5\mfc40u.dll
.
[7] 2011-10-27 . 5B3C5FBBE4FB0DCFFCEC402B44BC6719 . 3603840 . . [6.0.6002.22732] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22732_none_6e821239ca7d7436\ntkrnlpa.exe
[7] 2011-10-27 . CA537C1021ACDF5B3D14A01B0D4A09B7 . 3602816 . . [6.0.6002.18533] . . c:\windows\System32\ntkrnlpa.exe
[7] 2011-10-27 . CA537C1021ACDF5B3D14A01B0D4A09B7 . 3602816 . . [6.0.6002.18533] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18533_none_6df973d2b15ef09c\ntkrnlpa.exe
[7] 2011-06-20 . A94B3B8B4B35ACA0290A2A8CC2977094 . 3603856 . . [6.0.6002.22662] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22662_none_6e61a08fca95cae2\ntkrnlpa.exe
[7] 2011-06-20 . 31AD5148F09D539BAF06D0A0FA53CD8B . 3602832 . . [6.0.6002.18484] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18484_none_6dc4629ab1869881\ntkrnlpa.exe
[7] 2010-10-15 . 950C425C9E1FA4DDEC8A6B7915E3D892 . 3600272 . . [6.0.6001.18538] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18538_none_6c17fdaab43422b6\ntkrnlpa.exe
[7] 2010-10-15 . C391DF1007E54B1FE06A4EF02DB6FA61 . 3602320 . . [6.0.6002.18327] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18327_none_6e08411ab1533fb9\ntkrnlpa.exe
[7] 2010-10-15 . 3BEF21D45A74AD2C6EAD894BA6C6A502 . 3602832 . . [6.0.6001.22777] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22777_none_6c755c61cd731614\ntkrnlpa.exe
[7] 2010-10-15 . FEB9209E1D2B97DB4AE8FBF1DB0F54B6 . 3603856 . . [6.0.6002.22505] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22505_none_6ea57f0fca62721a\ntkrnlpa.exe
[7] 2010-06-08 . 3FAFA4C0567D205F56C15D8B9D469F9D . 3601792 . . [6.0.6002.22420] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22420_none_6e8adbdfca772e22\ntkrnlpa.exe
[7] 2010-06-08 . E3A2697835A14C75B233606357AB46DD . 3600768 . . [6.0.6002.18267] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18267_none_6ddcff84b173b256\ntkrnlpa.exe
[7] 2010-06-08 . 4F332C0A64F4209EB322DB35310BA879 . 3598216 . . [6.0.6001.18488] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18488_none_6be1ec28b45cb144\ntkrnlpa.exe
[7] 2010-06-08 . 560C7E5036D6D0F9CC4AED5DE885DB8A . 3600784 . . [6.0.6001.22707] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22707_none_6cc10bd5cd3a527d\ntkrnlpa.exe
[7] 2010-02-18 . AF2FC3FE3AD6860A808B237171BA6EED . 3600776 . . [6.0.6001.22636] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22636_none_6c9f99e1cd538fd2\ntkrnlpa.exe
[7] 2010-02-18 . D8077969EE22B889B793D076FDCA7066 . 3502480 . . [6.0.6000.17021] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.17021_none_6a356140b70bfd67\ntkrnlpa.exe
[7] 2010-02-18 . C2334AE54E10BCA2631660F649010B03 . 3598216 . . [6.0.6001.18427] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18427_none_6c21cb66b42cf047\ntkrnlpa.exe
[7] 2010-02-18 . 642161C66547496ACCD2794AB6B4284F . 3504008 . . [6.0.6000.21226] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21226_none_6ac40163d025190b\ntkrnlpa.exe
[7] 2010-02-18 . 1FED62B16D372E169CF355B2F3210A65 . 3601800 . . [6.0.6002.22341] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22341_none_6e763a6bca868234\ntkrnlpa.exe
[7] 2010-02-18 . 8BBC454D2F91D92E3E73DB5B5A0D8D8E . 3600776 . . [6.0.6002.18209] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18209_none_6e1fdfa0b1413d5e\ntkrnlpa.exe
[7] 2009-04-11 . 1260BEACF2F023807A1087BBB0E15BBD . 3601896 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18005_none_6e1bdaacb144ddb4\ntkrnlpa.exe
[7] 2009-03-03 . FEB3FB3309EBA85917BDE7F4FD019C9D . 3599328 . . [6.0.6001.18226] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_6c20c750b42ddca2\ntkrnlpa.exe
[7] 2009-03-03 . 641C0F376136E5B6F389016EC48374D2 . 3600880 . . [6.0.6001.22389] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_6c6c8571cd797017\ntkrnlpa.exe
[7] 2009-03-03 . 06BCF21AAA1890328D1F58F0ACBE668D . 3503584 . . [6.0.6000.16830] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_6a29b702b714cf98\ntkrnlpa.exe
[7] 2009-03-03 . 191C702B48681FB2BA5A96F416207ACF . 3505120 . . [6.0.6000.21023] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_6ac0fcb9d027d2b8\ntkrnlpa.exe
[7] 2008-04-26 . 6BB1994F5B62FEF6268F1EBB4014E293 . 3600952 . . [6.0.6001.18063] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_6bf282f6b4510613\ntkrnlpa.exe
[7] 2008-04-26 . 68EEF02A8846442FE98AD0E0517EE6BC . 3601464 . . [6.0.6001.22167] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_6c8020e9cd6b0b39\ntkrnlpa.exe
[7] 2008-01-21 . FE51E8DBBEF2D01EF886499FECBF2D78 . 3600440 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18000_none_6c3061a0b4231268\ntkrnlpa.exe

PurpleCloud248, Jan 9, 2012

#9
PurpleCloud248 Newcomer, in training

ComboFix p3

.
[7] 2008-01-21 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] . . c:\windows\System32\upnphost.dll
[7] 2008-01-21 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.0.6001.18000_none_c1e834753483fdcf\upnphost.dll
.
[7] 2009-04-11 . 84B8827562B005C118CADBA0F25DB2C6 . 444416 . . [6.0.6000.16386] . . c:\windows\System32\dsound.dll
[7] 2009-04-11 . 84B8827562B005C118CADBA0F25DB2C6 . 444416 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.0.6002.18005_none_5a8737643f04aa4c\dsound.dll
[7] 2008-01-21 . 8A7B8DA5CA558D2DE47086BB23556543 . 444416 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.0.6001.18000_none_589bbe5841e2df00\dsound.dll
.
[7] 2009-04-11 . 8AAEEE8E59A70F37579993D118A34EE0 . 1788416 . . [6.0.6002.18005] . . c:\windows\System32\d3d9.dll
[7] 2009-04-11 . 8AAEEE8E59A70F37579993D118A34EE0 . 1788416 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.0.6002.18005_none_c438e5b15de80145\d3d9.dll
[7] 2008-01-21 . FAB8F08EC64A54917C07BDB6DC811C95 . 1788928 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.0.6001.18000_none_c24d6ca560c635f9\d3d9.dll
.
[7] 2008-01-21 . FA2A3AFADC4FB47DBC234A4E57F92CDB . 522752 . . [6.0.6000.16386] . . c:\windows\System32\ddraw.dll
[7] 2008-01-21 . FA2A3AFADC4FB47DBC234A4E57F92CDB . 522752 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.0.6001.18000_none_0505a2ecc0013ebd\ddraw.dll
.
[7] 2009-04-11 06:28 . A944A73CEC5921B871542FE5CC5E03E4 . 88576 . . [6.0.6002.18005] . . c:\windows\System32\olepro32.dll
[7] 2009-04-11 06:28 . A944A73CEC5921B871542FE5CC5E03E4 . 88576 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.0.6002.18005_none_3bff339efed611ca\olepro32.dll
[7] 2008-01-21 02:23 . AE70AE6F0760793D4893C3735EEC7292 . 88576 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.0.6001.18000_none_3a13ba9301b4467e\olepro32.dll
.
[7] 2006-11-02 . BA7C3E9DD6B1A632124C8659E8014028 . 39424 . . [6.0.6000.16386] . . c:\windows\System32\perfctrs.dll
[7] 2006-11-02 . BA7C3E9DD6B1A632124C8659E8014028 . 39424 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfctrs.dll
[7] 2006-11-02 . BA7C3E9DD6B1A632124C8659E8014028 . 39424 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6002.18005_none_335eb6cf5a3b9de4\perfctrs.dll
.
[7] 2009-04-11 . 69827805A221C21450BA22F4326A2EE3 . 20480 . . [6.0.6002.18005] . . c:\windows\System32\version.dll
[7] 2009-04-11 . 69827805A221C21450BA22F4326A2EE3 . 20480 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.0.6002.18005_none_16e9c83b4e078740\version.dll
[7] 2008-01-21 . 187D588F7A1A45DE48B8540401A90850 . 20480 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.0.6001.18000_none_14fe4f2f50e5bbf4\version.dll
.
[7] 2011-07-26 . 904E13BA41AF2E353A32CF351CA53639 . 748336 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_58a99749ebaa0de6\iexplore.exe
[7] 2011-05-28 . 7EE10C5413AD7ED1AF9E8FAE1B58FC3E . 638232 . . [8.00.6001.23181] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23181_none_127f1b72492984b1\iexplore.exe
[7] 2011-05-28 . ED65737D70FDEAC29F738E77D2496EE5 . 638232 . . [8.00.6001.19088] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19088_none_11fc80ad30059648\iexplore.exe
[7] 2010-12-18 . 7852371DA9EFBC17B645558E23780EAC . 638232 . . [8.00.6001.23111] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23111_none_12cacae648f0c11a\iexplore.exe
[7] 2010-12-18 . B988D7F127B94BD5BF8356FE81B985C4 . 638232 . . [8.00.6001.19019] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19019_none_1249306b2fcbec08\iexplore.exe
[7] 2010-11-02 . 92A17B0A89D14815AACC62CD190B6CE3 . 638232 . . [8.00.6001.23091] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23091_none_127449a04931a37b\iexplore.exe
[7] 2010-11-02 . 5AB037B17F8A87D052F5A88E0D29A3C8 . 638232 . . [8.00.6001.18999] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18999_none_11f2d8e9300c984e\iexplore.exe
[7] 2010-09-08 . 4A719476A6393B1DCACFEB4F3AC6599C . 638232 . . [8.00.6001.23067] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_129abb204913e7b2\iexplore.exe
[7] 2010-09-08 . D5A730DFDEAE005373E62BC2A866E3BB . 638232 . . [8.00.6001.18975] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_120477992ffffb10\iexplore.exe
[7] 2010-06-26 . F05B3A2C6CB319DD1377AD566CF5ECE5 . 638232 . . [8.00.6001.23040] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
[7] 2010-06-26 . 7420BE0E7D3D1320054F7ACA0594953D . 638232 . . [8.00.6001.18943] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
[7] 2010-05-04 . 48A6109E8DF0365195298CC527B7426A . 638232 . . [8.00.6001.23019] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe
[7] 2010-05-04 . 5C9B1062EA7A44E8F6BFDE994B68C7AA . 638232 . . [8.00.6001.18928] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe
[7] 2010-03-11 . 67C769016A79E6FC65D1755E5D6ADAB3 . 634648 . . [7.00.6001.22653] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22653_none_2fb897943341ea10\iexplore.exe
[7] 2010-03-09 . 259E27152180B895DF395ED3E412B90E . 634648 . . [7.00.6000.17037] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.17037_none_2d6231791cea1fc3\iexplore.exe
[7] 2010-03-09 . 97496AA4590CB101EF990060F7055F3D . 634648 . . [7.00.6000.21242] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21242_none_2ddbfecc361459f2\iexplore.exe
[7] 2010-03-09 . 74E60C93D1C9A40354D839776CCF53DF . 634648 . . [7.00.6001.18444] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18444_none_2f3ac9191a1b4a85\iexplore.exe
[7] 2010-02-23 . 25DB705A7DC85C208B3CF2D20F118AA7 . 638232 . . [8.00.6001.22995] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
[7] 2010-02-23 . 9F52FBE99C749E3F32C75124F09F1B03 . 638232 . . [8.00.6001.18904] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
[7] 2009-04-11 . 2C5168C856455CC43C4B4E1CC1920001 . 636080 . . [7.00.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
[7] 2008-01-21 . 5B92133D3E7FB2644677686305E29E81 . 625664 . . [7.00.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
.
.
[7] 2011-10-27 . C7D1507B837BC41D13D6EAC31A032AE3 . 3550080 . . [6.0.6002.18533] . . c:\windows\System32\ntoskrnl.exe
[7] 2011-10-27 . C7D1507B837BC41D13D6EAC31A032AE3 . 3550080 . . [6.0.6002.18533] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18533_none_6df973d2b15ef09c\ntoskrnl.exe
[7] 2011-10-27 . D91407C7DF48B369E35E9E1426563EFA . 3552640 . . [6.0.6002.22732] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22732_none_6e821239ca7d7436\ntoskrnl.exe
[7] 2011-06-20 . BF4B9F40116DF26B2FC7C20CB69B9D9A . 3552144 . . [6.0.6002.22662] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22662_none_6e61a08fca95cae2\ntoskrnl.exe
[7] 2011-06-20 . C73E0BEB5062C94B68581642304F7BB4 . 3550096 . . [6.0.6002.18484] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18484_none_6dc4629ab1869881\ntoskrnl.exe
[7] 2010-10-15 . A573338BDCED710795C618EA5FCF48D5 . 3548048 . . [6.0.6001.18538] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18538_none_6c17fdaab43422b6\ntoskrnl.exe
[7] 2010-10-15 . 8B5EEAA99965E26C3FBB9FAC8BD3B6A1 . 3552144 . . [6.0.6002.22505] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22505_none_6ea57f0fca62721a\ntoskrnl.exe
[7] 2010-10-15 . F276ABE13DD0BA1024A42A443E47A4A2 . 3550608 . . [6.0.6001.22777] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22777_none_6c755c61cd731614\ntoskrnl.exe
[7] 2010-10-15 . 1ACD7FC485D0E0FF9097E08900D834CC . 3550096 . . [6.0.6002.18327] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18327_none_6e08411ab1533fb9\ntoskrnl.exe
[7] 2010-06-08 . C5AB434D0C8FA38EAD136FB29E2504B7 . 3550600 . . [6.0.6002.22420] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22420_none_6e8adbdfca772e22\ntoskrnl.exe
[7] 2010-06-08 . F2BEE482023F146CF85EBB15B9E1CD35 . 3548040 . . [6.0.6002.18267] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18267_none_6ddcff84b173b256\ntoskrnl.exe
[7] 2010-06-08 . D5FA5D17F03E6D39E1A12431DD6F2A39 . 3545992 . . [6.0.6001.18488] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18488_none_6be1ec28b45cb144\ntoskrnl.exe
[7] 2010-06-08 . 47DB9968B8CF2031C46007F42CCE2437 . 3548552 . . [6.0.6001.22707] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22707_none_6cc10bd5cd3a527d\ntoskrnl.exe
[7] 2010-02-18 . C5759C9345A06EE52C7F5ECCF685CA6D . 3548560 . . [6.0.6001.22636] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22636_none_6c9f99e1cd538fd2\ntoskrnl.exe
[7] 2010-02-18 . DC44BF78DEB87B7737D0D29B5B8EDAE3 . 3468168 . . [6.0.6000.17021] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.17021_none_6a356140b70bfd67\ntoskrnl.exe
[7] 2010-02-18 . 6025E5530E2C43E1983CC8B840DF2108 . 3545992 . . [6.0.6001.18427] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18427_none_6c21cb66b42cf047\ntoskrnl.exe
[7] 2010-02-18 . F8BEC470EAA8621751F739585C5871CD . 3470216 . . [6.0.6000.21226] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21226_none_6ac40163d025190b\ntoskrnl.exe
[7] 2010-02-18 . 31289DD6914686D088582EED4B43F826 . 3550088 . . [6.0.6002.22341] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22341_none_6e763a6bca868234\ntoskrnl.exe
[7] 2010-02-18 . A5D0B405442724448D23D61821BEA92A . 3548040 . . [6.0.6002.18209] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18209_none_6e1fdfa0b1413d5e\ntoskrnl.exe
[7] 2009-04-11 . 6798DBF3F25721637AEF5B6C69911C9C . 3549672 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18005_none_6e1bdaacb144ddb4\ntoskrnl.exe
[7] 2009-03-03 . 393BB8FE05D66ABA7B091E6032179272 . 3547632 . . [6.0.6001.18226] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_6c20c750b42ddca2\ntoskrnl.exe
[7] 2009-03-03 . DFF34C5D66AB4BF1EED47BF19D1267BB . 3548656 . . [6.0.6001.22389] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_6c6c8571cd797017\ntoskrnl.exe
[7] 2009-03-03 . 3910FE042C707E6BACD0FEC5AB9ECDE6 . 3469280 . . [6.0.6000.16830] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_6a29b702b714cf98\ntoskrnl.exe
[7] 2009-03-03 . 808C86316AED98716C5F305A6265F393 . 3471328 . . [6.0.6000.21023] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_6ac0fcb9d027d2b8\ntoskrnl.exe
[7] 2008-04-26 . C9CD31B3CBA8134F2B47FB5E78376ACC . 3549240 . . [6.0.6001.18063] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_6bf282f6b4510613\ntoskrnl.exe
[7] 2008-04-26 . 22D444D3D88A4C299894B3638A114BF7 . 3549240 . . [6.0.6001.22167] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_6c8020e9cd6b0b39\ntoskrnl.exe
[7] 2008-01-21 . 6700F35EBA206E5C89AC27C9A124DC01 . 3548728 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18000_none_6c3061a0b4231268\ntoskrnl.exe
.
[7] 2009-04-11 . 96EA68B9EB310A69C25EBB0282B2B9DE . 282624 . . [6.0.6001.18000] . . c:\windows\System32\w32time.dll
[7] 2009-04-11 . 96EA68B9EB310A69C25EBB0282B2B9DE . 282624 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-time-service_31bf3856ad364e35_6.0.6002.18005_none_8a92dcbb6a6c707b\w32time.dll
[7] 2008-01-21 . 1CF9206966A8458CDA9A8B20DF8AB7D3 . 282624 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-time-service_31bf3856ad364e35_6.0.6001.18000_none_88a763af6d4aa52f\w32time.dll
.
[7] 2009-04-11 . 5DE7D67E49B88F5F07F3E53C4B92A352 . 453120 . . [6.0.6000.16386] . . c:\windows\System32\wiaservc.dll
[7] 2009-04-11 . 5DE7D67E49B88F5F07F3E53C4B92A352 . 453120 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6002.18005_none_347fb41db0752753\wiaservc.dll
[7] 2008-01-21 . 7DD08A597BC56051F320DA0BAF69E389 . 452608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6001.18000_none_32943b11b3535c07\wiaservc.dll
.
[7] 2009-04-11 . 83199EF88D691E730B80666E29F90D58 . 17408 . . [6.0.6000.16386] . . c:\windows\System32\midimap.dll
[7] 2009-04-11 . 83199EF88D691E730B80666E29F90D58 . 17408 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6002.18005_none_8ee941100db1acf2\midimap.dll
[7] 2008-01-21 . D7F1F6C72276A15579D5761098018891 . 17408 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6001.18000_none_8cfdc804108fe1a6\midimap.dll
.
[7] 2006-11-02 . A7D525E5C0D91C8C1D84C6BCD25AD77D . 10240 . . [6.0.6000.16386] . . c:\windows\System32\rasadhlp.dll
[7] 2006-11-02 . A7D525E5C0D91C8C1D84C6BCD25AD77D . 10240 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"googletalk"="c:\users\Cheewen Ng\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-28 4915200]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-11-21 311296]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-26 115560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2009-11-25 4009592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-02-21 17:26 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-05-28 13:01 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 20:17]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 20:17]
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1789908265-441396232-4072253329-1000Core.job
- c:\users\Cheewen Ng\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-09 01:21]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1789908265-441396232-4072253329-1000UA.job
- c:\users\Cheewen Ng\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-09 01:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://search.searchcompletion.com/?si=10205&home=1
uInternet Settings,ProxyOverride = local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 64.71.255.198
FF - ProfilePath - c:\users\Cheewen Ng\AppData\Roaming\Mozilla\Firefox\Profiles\uciu5qj0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.searchcompletion.com/?bs=1&si=10205&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Unattend0000000001{11F5AE89-8467-4F59-B203-FE9F4F0E4511} - c:\program files\Sony\First Experience\VAIOWelcome.exe
SafeBoot-Symantec Antvirus
AddRemove-MatlabR2010a - c:\program files\MATLAB\R2010a\uninstall\uninstall.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.smb]
"ImagePath"="\*"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4072)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\PSIService.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\TeamViewer\Version6\TeamViewer_Service.exe
c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\igfxext.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2012-01-09 23:22:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-10 04:22
.
Pre-Run: 41,721,303,040 bytes free
Post-Run: 41,920,847,872 bytes free
.
- - End Of File - - 422167E0D1954754362A8E126030B12A

PurpleCloud248, Jan 9, 2012

#10
Broni Malware Annihilator

I still need aswMBR log.

Broni, Jan 9, 2012

#11
PurpleCloud248 Newcomer, in training

aswMBR

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-09 22:16:59
-----------------------------
22:16:59.567 OS Version: Windows 6.0.6002 Service Pack 2
22:16:59.567 Number of processors: 2 586 0xF0D
22:16:59.569 ComputerName: CHEEWEN-PC UserName: Cheewen Ng
22:17:03.524 Initialize success
22:19:22.929 AVAST engine defs: 12010901
22:20:02.881 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:20:02.884 Disk 0 Vendor: Hitachi_HTS542525K9SA00 BBFOC3BP Size: 238475MB BusType: 3
22:20:02.887 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000071
22:20:02.891 Disk 1 Vendor: ( Size: 238475MB BusType: 0
22:20:02.895 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000072
22:20:02.898 Disk 2 Vendor: ( Size: 238475MB BusType: 0
22:20:02.935 Disk 0 MBR read successfully
22:20:02.939 Disk 0 MBR scan
22:20:02.950 Disk 0 Windows 7 default MBR code
22:20:02.988 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9211 MB offset 2048
22:20:03.005 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145581 MB offset 18866176
22:20:03.039 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 83679 MB offset 317018112
22:20:03.051 Disk 0 scanning sectors +488392704
22:20:03.481 Disk 0 scanning C:\Windows\system32\drivers
22:20:13.234 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Aluroot-B [Rtk]
22:20:17.467 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Aluroot-B [Rtk]
22:20:22.999 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Sirefef-JD [Rtk]
22:20:27.047 Disk 0 trace - called modules:
22:20:27.067 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89b58ff0]<<
22:20:27.074 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86101780]
22:20:27.079 3 CLASSPNP.SYS[8aba58b3] -> nt!IofCallDriver -> [0x89a9bd88]
22:20:27.086 \Driver\00001628[0x89a9bec0] -> IRP_MJ_CREATE -> 0x89b58ff0
22:20:28.799 AVAST engine scan C:\Windows
22:20:33.695 AVAST engine scan C:\Windows\system32
22:24:27.242 AVAST engine scan C:\Windows\system32\drivers
22:24:35.179 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Aluroot-B [Rtk]
22:24:38.777 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Aluroot-B [Rtk]
22:24:43.999 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Sirefef-JD [Rtk]
22:24:48.953 AVAST engine scan C:\Users\Cheewen Ng
22:31:58.313 Disk 0 MBR has been saved successfully to "C:\Users\Cheewen Ng\Desktop\MBR.dat"
22:31:58.361 The log file has been saved successfully to "C:\Users\Cheewen Ng\Desktop\aswMBR.txt"

PurpleCloud248, Jan 10, 2012

#12
Broni Malware Annihilator
Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
Broni, Jan 10, 2012

#13
PurpleCloud248 Newcomer, in training

tdsskiller

20:44:51.0639 1608 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
20:44:52.0079 1608 ============================================================
20:44:52.0079 1608 Current date / time: 2012/01/10 20:44:52.0079
20:44:52.0079 1608 SystemInfo:
20:44:52.0079 1608
20:44:52.0079 1608 OS Version: 6.0.6002 ServicePack: 2.0
20:44:52.0079 1608 Product type: Workstation
20:44:52.0079 1608 ComputerName: CHEEWEN-PC
20:44:52.0079 1608 UserName: Cheewen Ng
20:44:52.0079 1608 Windows directory: C:\Windows
20:44:52.0079 1608 System windows directory: C:\Windows
20:44:52.0080 1608 Processor architecture: Intel x86
20:44:52.0080 1608 Number of processors: 2
20:44:52.0080 1608 Page size: 0x1000
20:44:52.0080 1608 Boot type: Normal boot
20:44:52.0080 1608 ============================================================
20:44:53.0580 1608 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000, SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
20:44:53.0730 1608 Initialize success
20:45:02.0176 5144 ============================================================
20:45:02.0176 5144 Scan started
20:45:02.0176 5144 Mode: Manual;
20:45:02.0176 5144 ============================================================
20:45:02.0880 5144 .smb - ok
20:45:03.0066 5144 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:45:03.0070 5144 ACPI - ok
20:45:03.0253 5144 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:45:03.0261 5144 adp94xx - ok
20:45:03.0415 5144 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:45:03.0420 5144 adpahci - ok
20:45:03.0479 5144 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:45:03.0480 5144 adpu160m - ok
20:45:03.0647 5144 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:45:03.0649 5144 adpu320 - ok
20:45:03.0878 5144 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:45:03.0882 5144 AFD - ok
20:45:04.0085 5144 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:45:04.0087 5144 agp440 - ok
20:45:04.0229 5144 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:45:04.0231 5144 aic78xx - ok
20:45:04.0273 5144 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:45:04.0274 5144 aliide - ok
20:45:04.0483 5144 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:45:04.0483 5144 amdagp - ok
20:45:04.0658 5144 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:45:04.0658 5144 amdide - ok
20:45:04.0845 5144 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:45:04.0846 5144 AmdK7 - ok
20:45:05.0030 5144 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:45:05.0032 5144 AmdK8 - ok
20:45:05.0195 5144 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:45:05.0197 5144 arc - ok
20:45:05.0276 5144 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:45:05.0277 5144 arcsas - ok
20:45:05.0464 5144 ArcSoftKsUFilter (6b3ab8f67b37402a4174caa45002903e) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
20:45:05.0464 5144 ArcSoftKsUFilter - ok
20:45:05.0650 5144 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:45:05.0650 5144 AsyncMac - ok
20:45:05.0803 5144 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:45:05.0804 5144 atapi - ok
20:45:06.0012 5144 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:45:06.0013 5144 Beep - ok
20:45:06.0166 5144 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:45:06.0167 5144 blbdrive - ok
20:45:06.0349 5144 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:45:06.0350 5144 bowser - ok
20:45:06.0437 5144 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:45:06.0437 5144 BrFiltLo - ok
20:45:06.0610 5144 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:45:06.0611 5144 BrFiltUp - ok
20:45:06.0824 5144 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:45:06.0825 5144 Brserid - ok
20:45:07.0037 5144 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:45:07.0039 5144 BrSerWdm - ok
20:45:07.0143 5144 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:45:07.0145 5144 BrUsbMdm - ok
20:45:07.0185 5144 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:45:07.0186 5144 BrUsbSer - ok
20:45:07.0274 5144 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
20:45:07.0275 5144 BthEnum - ok
20:45:07.0409 5144 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:45:07.0410 5144 BTHMODEM - ok
20:45:07.0483 5144 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
20:45:07.0484 5144 BthPan - ok
20:45:07.0637 5144 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
20:45:07.0644 5144 BTHPORT - ok
20:45:07.0777 5144 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
20:45:07.0778 5144 BTHUSB - ok
20:45:07.0857 5144 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys
20:45:07.0858 5144 btwaudio - ok
20:45:08.0044 5144 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys
20:45:08.0045 5144 btwavdt - ok
20:45:08.0208 5144 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:45:08.0209 5144 btwl2cap - ok
20:45:08.0293 5144 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys
20:45:08.0294 5144 btwrchid - ok
20:45:08.0335 5144 catchme - ok
20:45:08.0550 5144 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:45:08.0551 5144 cdfs - ok
20:45:08.0749 5144 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:45:08.0750 5144 cdrom - ok
20:45:08.0923 5144 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:45:08.0924 5144 circlass - ok
20:45:09.0031 5144 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:45:09.0035 5144 CLFS - ok
20:45:09.0275 5144 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:45:09.0276 5144 CmBatt - ok
20:45:09.0321 5144 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:45:09.0321 5144 cmdide - ok
20:45:09.0527 5144 COH_Mon (c586875ece5318c6309ed1ab79d0e55f) C:\Windows\system32\Drivers\COH_Mon.sys
20:45:09.0528 5144 COH_Mon - ok
20:45:09.0691 5144 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:45:09.0692 5144 Compbatt - ok
20:45:09.0848 5144 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:45:09.0849 5144 crcdisk - ok
20:45:10.0014 5144 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:45:10.0016 5144 Crusoe - ok
20:45:10.0183 5144 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:45:10.0185 5144 DfsC - ok
20:45:10.0354 5144 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:45:10.0355 5144 disk - ok
20:45:10.0439 5144 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
20:45:10.0440 5144 DMICall - ok
20:45:10.0657 5144 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
20:45:10.0658 5144 Dot4 - ok
20:45:10.0875 5144 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:45:10.0876 5144 Dot4Print - ok
20:45:11.0056 5144 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
20:45:11.0057 5144 dot4usb - ok
20:45:11.0204 5144 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:45:11.0204 5144 drmkaud - ok
20:45:11.0287 5144 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:45:11.0297 5144 DXGKrnl - ok
20:45:11.0477 5144 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:45:11.0479 5144 E1G60 - ok
20:45:11.0706 5144 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:45:11.0708 5144 Ecache - ok
20:45:11.0850 5144 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:45:11.0868 5144 eeCtrl - ok
20:45:12.0189 5144 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:45:12.0194 5144 elxstor - ok
20:45:12.0392 5144 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:45:12.0393 5144 EraserUtilRebootDrv - ok
20:45:12.0516 5144 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:45:12.0517 5144 ErrDev - ok
20:45:12.0652 5144 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:45:12.0655 5144 exfat - ok
20:45:12.0761 5144 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:45:12.0764 5144 fastfat - ok
20:45:12.0857 5144 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:45:12.0859 5144 fdc - ok
20:45:13.0047 5144 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:45:13.0048 5144 FileInfo - ok
20:45:13.0215 5144 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:45:13.0216 5144 Filetrace - ok
20:45:13.0421 5144 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:45:13.0422 5144 flpydisk - ok
20:45:13.0608 5144 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:45:13.0619 5144 FltMgr - ok
20:45:13.0847 5144 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:45:13.0848 5144 Fs_Rec - ok
20:45:14.0012 5144 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:45:14.0014 5144 gagp30kx - ok
20:45:14.0183 5144 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:45:14.0184 5144 GEARAspiWDM - ok
20:45:14.0263 5144 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
20:45:14.0265 5144 giveio - ok
20:45:14.0461 5144 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
20:45:14.0462 5144 hamachi - ok
20:45:14.0669 5144 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:45:14.0673 5144 HdAudAddService - ok
20:45:14.0840 5144 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:45:14.0848 5144 HDAudBus - ok
20:45:15.0013 5144 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:45:15.0014 5144 HidBth - ok
20:45:15.0188 5144 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:45:15.0189 5144 HidIr - ok
20:45:15.0359 5144 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:45:15.0360 5144 HidUsb - ok
20:45:15.0526 5144 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:45:15.0527 5144 HpCISSs - ok
20:45:15.0720 5144 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:45:15.0722 5144 HSFHWAZL - ok
20:45:15.0913 5144 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:45:15.0929 5144 HSF_DPV - ok
20:45:16.0138 5144 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:45:16.0142 5144 HSXHWAZL - ok
20:45:16.0316 5144 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:45:16.0321 5144 HTTP - ok
20:45:16.0494 5144 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:45:16.0496 5144 i2omp - ok
20:45:16.0698 5144 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:45:16.0699 5144 i8042prt - ok
20:45:16.0874 5144 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:45:16.0878 5144 iaStorV - ok
20:45:17.0084 5144 igfx (62448322731ac1beda52e2b3327046ee) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:45:17.0139 5144 igfx - ok
20:45:17.0265 5144 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:45:17.0267 5144 iirsp - ok
20:45:17.0493 5144 IntcAzAudAddService (d729199b204c3fb78c58ff30550d965c) C:\Windows\system32\drivers\RTKVHDA.sys
20:45:17.0526 5144 IntcAzAudAddService - ok
20:45:17.0631 5144 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:45:17.0632 5144 intelide - ok
20:45:17.0698 5144 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:45:17.0699 5144 intelppm - ok
20:45:17.0853 5144 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:45:17.0854 5144 IpFilterDriver - ok
20:45:17.0884 5144 IpInIp - ok
20:45:17.0938 5144 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:45:17.0940 5144 IPMIDRV - ok
20:45:18.0052 5144 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:45:18.0054 5144 IPNAT - ok
20:45:18.0156 5144 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:45:18.0156 5144 IRENUM - ok
20:45:18.0255 5144 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:45:18.0256 5144 isapnp - ok
20:45:18.0305 5144 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:45:18.0308 5144 iScsiPrt - ok
20:45:18.0407 5144 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:45:18.0409 5144 iteatapi - ok
20:45:18.0480 5144 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:45:18.0481 5144 iteraid - ok
20:45:18.0517 5144 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:45:18.0518 5144 kbdclass - ok
20:45:18.0657 5144 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:45:18.0658 5144 kbdhid - ok
20:45:18.0850 5144 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
20:45:18.0851 5144 KMWDFILTER - ok
20:45:19.0014 5144 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
20:45:19.0021 5144 KSecDD - ok
20:45:19.0163 5144 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:45:19.0164 5144 lltdio - ok
20:45:19.0223 5144 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:45:19.0225 5144 LSI_FC - ok
20:45:19.0265 5144 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:45:19.0268 5144 LSI_SAS - ok
20:45:19.0435 5144 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:45:19.0437 5144 LSI_SCSI - ok
20:45:19.0603 5144 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:45:19.0605 5144 luafv - ok
20:45:19.0818 5144 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:45:19.0819 5144 mdmxsdk - ok
20:45:20.0027 5144 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:45:20.0028 5144 megasas - ok
20:45:20.0241 5144 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:45:20.0247 5144 MegaSR - ok
20:45:20.0434 5144 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:45:20.0434 5144 Modem - ok
20:45:20.0574 5144 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:45:20.0575 5144 monitor - ok
20:45:20.0733 5144 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:45:20.0734 5144 mouclass - ok
20:45:20.0889 5144 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:45:20.0890 5144 mouhid - ok
20:45:21.0054 5144 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:45:21.0056 5144 MountMgr - ok
20:45:21.0218 5144 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:45:21.0221 5144 mpio - ok
20:45:21.0273 5144 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:45:21.0274 5144 mpsdrv - ok
20:45:21.0384 5144 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:45:21.0385 5144 Mraid35x - ok
20:45:21.0465 5144 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:45:21.0466 5144 MRxDAV - ok
20:45:21.0636 5144 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:45:21.0638 5144 mrxsmb - ok
20:45:21.0830 5144 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:45:21.0833 5144 mrxsmb10 - ok
20:45:22.0014 5144 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:45:22.0015 5144 mrxsmb20 - ok
20:45:22.0193 5144 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:45:22.0194 5144 msahci - ok
20:45:22.0337 5144 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:45:22.0339 5144 msdsm - ok
20:45:22.0394 5144 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:45:22.0395 5144 Msfs - ok
20:45:22.0466 5144 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:45:22.0467 5144 msisadrv - ok
20:45:22.0658 5144 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:45:22.0659 5144 MSKSSRV - ok
20:45:22.0856 5144 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:45:22.0856 5144 MSPCLOCK - ok
20:45:23.0062 5144 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:45:23.0062 5144 MSPQM - ok
20:45:23.0252 5144 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:45:23.0253 5144 MsRPC - ok
20:45:23.0428 5144 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:45:23.0429 5144 mssmbios - ok
20:45:23.0590 5144 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:45:23.0590 5144 MSTEE - ok
20:45:23.0760 5144 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:45:23.0761 5144 Mup - ok
20:45:23.0984 5144 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:45:23.0985 5144 NativeWifiP - ok
20:45:24.0154 5144 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120110.002\NAVENG.SYS
20:45:24.0155 5144 NAVENG - ok
20:45:24.0238 5144 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120110.002\NAVEX15.SYS
20:45:24.0266 5144 NAVEX15 - ok
20:45:24.0458 5144 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:45:24.0464 5144 NDIS - ok
20:45:24.0629 5144 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:45:24.0630 5144 NdisTapi - ok
20:45:24.0784 5144 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:45:24.0785 5144 Ndisuio - ok
20:45:24.0990 5144 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:45:24.0992 5144 NdisWan - ok
20:45:25.0169 5144 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:45:25.0171 5144 NDProxy - ok
20:45:25.0323 5144 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:45:25.0324 5144 NetBIOS - ok
20:45:25.0402 5144 netbt (c9d3d5a78f9e12c7be5d1cbc9ff5c932) C:\Windows\system32\DRIVERS\netbt.sys
20:45:25.0404 5144 netbt - ok
20:45:25.0613 5144 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
20:45:25.0646 5144 NETw4v32 - ok
20:45:25.0815 5144 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:45:25.0816 5144 nfrd960 - ok
20:45:26.0015 5144 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:45:26.0016 5144 Npfs - ok
20:45:26.0182 5144 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:45:26.0183 5144 nsiproxy - ok
20:45:26.0330 5144 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:45:26.0352 5144 Ntfs - ok
20:45:26.0472 5144 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:45:26.0473 5144 ntrigdigi - ok
20:45:26.0556 5144 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:45:26.0557 5144 Null - ok
20:45:26.0614 5144 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:45:26.0616 5144 nvraid - ok
20:45:26.0668 5144 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:45:26.0669 5144 nvstor - ok
20:45:26.0770 5144 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:45:26.0772 5144 nv_agp - ok
20:45:26.0819 5144 NwlnkFlt - ok
20:45:26.0836 5144 NwlnkFwd - ok
20:45:26.0988 5144 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:45:26.0989 5144 ohci1394 - ok
20:45:27.0189 5144 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:45:27.0191 5144 Parport - ok
20:45:27.0364 5144 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:45:27.0365 5144 partmgr - ok
20:45:27.0482 5144 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:45:27.0483 5144 Parvdm - ok
20:45:27.0576 5144 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:45:27.0577 5144 pci - ok
20:45:27.0691 5144 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:45:27.0693 5144 pciide - ok
20:45:27.0788 5144 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
20:45:27.0790 5144 pcmcia - ok
20:45:27.0933 5144 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:45:27.0946 5144 PEAUTH - ok
20:45:28.0118 5144 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:45:28.0120 5144 PptpMiniport - ok
20:45:28.0175 5144 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:45:28.0176 5144 Processor - ok
20:45:28.0343 5144 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:45:28.0354 5144 PSched - ok
20:45:28.0399 5144 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
20:45:28.0400 5144 PxHelp20 - ok
20:45:28.0527 5144 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:45:28.0547 5144 ql2300 - ok
20:45:28.0663 5144 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:45:28.0665 5144 ql40xx - ok
20:45:28.0689 5144 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:45:28.0690 5144 QWAVEdrv - ok
20:45:28.0728 5144 R5U870FLx86 (68e04f3944e6f82c64b53f8a8f13fb3a) C:\Windows\system32\Drivers\R5U870FLx86.sys
20:45:28.0730 5144 R5U870FLx86 - ok
20:45:28.0827 5144 R5U870FUx86 (7f1356060d1894b46554a0d8e6f13958) C:\Windows\system32\Drivers\R5U870FUx86.sys
20:45:28.0828 5144 R5U870FUx86 - ok
20:45:28.0870 5144 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:45:28.0870 5144 RasAcd - ok
20:45:28.0898 5144 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:45:28.0900 5144 Rasl2tp - ok
20:45:29.0023 5144 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:45:29.0024 5144 RasPppoe - ok
20:45:29.0083 5144 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:45:29.0084 5144 RasSstp - ok
20:45:29.0147 5144 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:45:29.0150 5144 rdbss - ok
20:45:29.0242 5144 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:45:29.0243 5144 RDPCDD - ok
20:45:29.0286 5144 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:45:29.0291 5144 rdpdr - ok
20:45:29.0413 5144 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:45:29.0413 5144 RDPENCDD - ok
20:45:29.0485 5144 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:45:29.0488 5144 RDPWD - ok
20:45:29.0591 5144 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
20:45:29.0592 5144 regi - ok
20:45:29.0639 5144 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
20:45:29.0641 5144 RFCOMM - ok
20:45:29.0759 5144 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:45:29.0759 5144 rspndr - ok
20:45:29.0833 5144 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
20:45:29.0836 5144 RTL8169 - ok
20:45:29.0957 5144 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:45:29.0959 5144 sbp2port - ok
20:45:30.0009 5144 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:45:30.0010 5144 secdrv - ok
20:45:30.0043 5144 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:45:30.0044 5144 Serenum - ok
20:45:30.0165 5144 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:45:30.0167 5144 Serial - ok
20:45:30.0214 5144 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:45:30.0214 5144 sermouse - ok
20:45:30.0390 5144 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
20:45:30.0390 5144 SFEP - ok
20:45:30.0437 5144 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:45:30.0438 5144 sffdisk - ok
20:45:30.0553 5144 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:45:30.0554 5144 sffp_mmc - ok
20:45:30.0597 5144 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:45:30.0598 5144 sffp_sd - ok
20:45:30.0640 5144 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:45:30.0640 5144 sfloppy - ok
20:45:30.0752 5144 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:45:30.0753 5144 sisagp - ok
20:45:30.0800 5144 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:45:30.0801 5144 SiSRaid2 - ok
20:45:30.0829 5144 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:45:30.0831 5144 SiSRaid4 - ok
20:45:30.0943 5144 Smb (f40788e0bd039a13c07230976f353cd3) C:\Windows\system32\DRIVERS\smb.sys
20:45:30.0944 5144 Smb - ok
20:45:31.0166 5144 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
20:45:31.0172 5144 SPBBCDrv - ok
20:45:31.0263 5144 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
20:45:31.0265 5144 speedfan - ok
20:45:31.0328 5144 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:45:31.0329 5144 spldr - ok
20:45:31.0509 5144 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
20:45:31.0509 5144 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
20:45:31.0511 5144 sptd ( LockedFile.Multi.Generic ) - warning
20:45:31.0511 5144 sptd - detected LockedFile.Multi.Generic (1)
20:45:31.0657 5144 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\Windows\system32\Drivers\SRTSP.SYS
20:45:31.0660 5144 SRTSP - ok
20:45:31.0710 5144 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\Windows\system32\Drivers\SRTSPL.SYS
20:45:31.0714 5144 SRTSPL - ok
20:45:31.0833 5144 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\Windows\system32\Drivers\SRTSPX.SYS
20:45:31.0833 5144 SRTSPX - ok
20:45:31.0910 5144 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:45:31.0915 5144 srv - ok
20:45:32.0025 5144 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:45:32.0028 5144 srv2 - ok
20:45:32.0063 5144 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:45:32.0065 5144 srvnet - ok
20:45:32.0158 5144 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:45:32.0159 5144 swenum - ok
20:45:32.0209 5144 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:45:32.0210 5144 Symc8xx - ok
20:45:32.0262 5144 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
20:45:32.0263 5144 SymEvent - ok
20:45:32.0388 5144 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
20:45:32.0389 5144 SYMREDRV - ok
20:45:32.0433 5144 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
20:45:32.0435 5144 SYMTDI - ok
20:45:32.0534 5144 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:45:32.0535 5144 Sym_hi - ok
20:45:32.0585 5144 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:45:32.0586 5144 Sym_u3 - ok
20:45:32.0732 5144 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
20:45:32.0734 5144 SynTP - ok
20:45:32.0807 5144 SysPlant (1295b1da3e2a2c24c7d176f6e97afbd1) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
20:45:32.0808 5144 SysPlant - ok
20:45:32.0952 5144 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
20:45:32.0965 5144 Tcpip - ok
20:45:33.0107 5144 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
20:45:33.0114 5144 Tcpip6 - ok
20:45:33.0233 5144 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:45:33.0234 5144 tcpipreg - ok
20:45:33.0287 5144 TcUsb (07d174a992ab0ea6001f390de1afa27b) C:\Windows\system32\Drivers\tcusb.sys
20:45:33.0288 5144 TcUsb - ok
20:45:33.0340 5144 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:45:33.0340 5144 TDPIPE - ok
20:45:33.0449 5144 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:45:33.0450 5144 TDTCP - ok
20:45:33.0535 5144 Teefer2 (1de2e1357552a79f39bff003a11c533e) C:\Windows\system32\DRIVERS\teefer2.sys
20:45:33.0545 5144 Teefer2 - ok
20:45:33.0666 5144 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:45:33.0667 5144 TermDD - ok
20:45:33.0741 5144 ti21sony (030f439ac1ccda7ac6ce01cc02102045) C:\Windows\system32\drivers\ti21sony.sys
20:45:33.0752 5144 ti21sony - ok
20:45:33.0855 5144 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:45:33.0856 5144 tssecsrv - ok
20:45:33.0912 5144 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:45:33.0913 5144 tunmp - ok
20:45:33.0960 5144 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:45:33.0961 5144 tunnel - ok
20:45:34.0057 5144 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:45:34.0058 5144 uagp35 - ok
20:45:34.0131 5144 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:45:34.0135 5144 udfs - ok
20:45:34.0264 5144 UIUSys - ok
20:45:34.0321 5144 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:45:34.0322 5144 uliagpkx - ok
20:45:34.0359 5144 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:45:34.0363 5144 uliahci - ok
20:45:34.0473 5144 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:45:34.0475 5144 UlSata - ok
20:45:34.0521 5144 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:45:34.0523 5144 ulsata2 - ok
20:45:34.0556 5144 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:45:34.0557 5144 umbus - ok
20:45:34.0668 5144 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
20:45:34.0669 5144 USBAAPL - ok
20:45:34.0752 5144 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:45:34.0753 5144 usbccgp - ok
20:45:34.0853 5144 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:45:34.0854 5144 usbcir - ok
20:45:34.0903 5144 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:45:34.0905 5144 usbehci - ok
20:45:35.0007 5144 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:45:35.0009 5144 usbhub - ok
20:45:35.0068 5144 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:45:35.0069 5144 usbohci - ok
20:45:35.0182 5144 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:45:35.0183 5144 usbprint - ok
20:45:35.0284 5144 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:45:35.0285 5144 usbscan - ok
20:45:35.0396 5144 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:45:35.0398 5144 USBSTOR - ok
20:45:35.0450 5144 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:45:35.0451 5144 usbuhci - ok
20:45:35.0548 5144 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:45:35.0549 5144 usbvideo - ok
20:45:35.0608 5144 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:45:35.0609 5144 vga - ok
20:45:35.0642 5144 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:45:35.0643 5144 VgaSave - ok
20:45:35.0728 5144 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:45:35.0729 5144 viaagp - ok
20:45:35.0782 5144 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:45:35.0784 5144 ViaC7 - ok
20:45:35.0814 5144 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:45:35.0815 5144 viaide - ok
20:45:35.0904 5144 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:45:35.0905 5144 volmgr - ok
20:45:35.0977 5144 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:45:35.0982 5144 volmgrx - ok
20:45:36.0024 5144 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:45:36.0026 5144 volsnap - ok
20:45:36.0110 5144 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:45:36.0112 5144 vsmraid - ok
20:45:36.0167 5144 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:45:36.0169 5144 WacomPen - ok
20:45:36.0261 5144 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:36.0262 5144 Wanarp - ok
20:45:36.0286 5144 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:36.0287 5144 Wanarpv6 - ok
20:45:36.0350 5144 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:45:36.0351 5144 Wd - ok
20:45:36.0449 5144 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:45:36.0458 5144 Wdf01000 - ok
20:45:36.0629 5144 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
20:45:36.0632 5144 WimFltr - ok
20:45:36.0773 5144 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:45:36.0781 5144 winachsf - ok
20:45:36.0949 5144 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
20:45:36.0951 5144 WmiAcpi - ok
20:45:37.0011 5144 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:45:37.0012 5144 WpdUsb - ok
20:45:37.0136 5144 WPS (c1620ebb375d3b02e31fd311c44fedeb) C:\Windows\system32\drivers\wpsdrvnt.sys
20:45:37.0137 5144 WPS - ok
20:45:37.0172 5144 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
20:45:37.0183 5144 WpsHelper - ok
20:45:37.0225 5144 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:45:37.0226 5144 ws2ifsl - ok
20:45:37.0440 5144 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:45:37.0442 5144 WUDFRd - ok
20:45:37.0529 5144 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
20:45:37.0530 5144 XAudio - ok
20:45:37.0607 5144 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:45:37.0677 5144 \Device\Harddisk0\DR0 - ok
20:45:37.0680 5144 Boot (0x1200) (5a1b952fd5671f2e7af16238eacb72af) \Device\Harddisk0\DR0\Partition0
20:45:37.0681 5144 \Device\Harddisk0\DR0\Partition0 - ok
20:45:37.0711 5144 Boot (0x1200) (b490ac5f783fc8f02255e092a2ffc7cd) \Device\Harddisk0\DR0\Partition1
20:45:37.0712 5144 \Device\Harddisk0\DR0\Partition1 - ok
20:45:37.0714 5144 ============================================================
20:45:37.0714 5144 Scan finished
20:45:37.0714 5144 ============================================================
20:45:37.0729 2828 Detected object count: 1
20:45:37.0729 2828 Actual detected object count: 1
20:46:01.0715 2828 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:46:01.0715 2828 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

PurpleCloud248, Jan 10, 2012

#14
Broni Malware Annihilator
Post fresh aswMBR log.

..and...

Download Bootkit Remover to your Desktop.

Unzip downloaded file to your Desktop.

Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.
Broni, Jan 10, 2012

#15
PurpleCloud248 Newcomer, in training

bootkit

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`3fc00000
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

PurpleCloud248, Jan 11, 2012

#16
Broni Malware Annihilator

Post fresh aswMBR log.

...

Broni, Jan 11, 2012

#17
PurpleCloud248 Newcomer, in training

aswMBR

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-09 22:16:59
-----------------------------
22:16:59.567 OS Version: Windows 6.0.6002 Service Pack 2
22:16:59.567 Number of processors: 2 586 0xF0D
22:16:59.569 ComputerName: CHEEWEN-PC UserName: Cheewen Ng
22:17:03.524 Initialize success
22:19:22.929 AVAST engine defs: 12010901
22:20:02.881 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:20:02.884 Disk 0 Vendor: Hitachi_HTS542525K9SA00 BBFOC3BP Size: 238475MB BusType: 3
22:20:02.887 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000071
22:20:02.891 Disk 1 Vendor: ( Size: 238475MB BusType: 0
22:20:02.895 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000072
22:20:02.898 Disk 2 Vendor: ( Size: 238475MB BusType: 0
22:20:02.935 Disk 0 MBR read successfully
22:20:02.939 Disk 0 MBR scan
22:20:02.950 Disk 0 Windows 7 default MBR code
22:20:02.988 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9211 MB offset 2048
22:20:03.005 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145581 MB offset 18866176
22:20:03.039 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 83679 MB offset 317018112
22:20:03.051 Disk 0 scanning sectors +488392704
22:20:03.481 Disk 0 scanning C:\Windows\system32\drivers
22:20:13.234 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Aluroot-B [Rtk]
22:20:17.467 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Aluroot-B [Rtk]
22:20:22.999 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Sirefef-JD [Rtk]
22:20:27.047 Disk 0 trace - called modules:
22:20:27.067 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89b58ff0]<<
22:20:27.074 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86101780]
22:20:27.079 3 CLASSPNP.SYS[8aba58b3] -> nt!IofCallDriver -> [0x89a9bd88]
22:20:27.086 \Driver\00001628[0x89a9bec0] -> IRP_MJ_CREATE -> 0x89b58ff0
22:20:28.799 AVAST engine scan C:\Windows
22:20:33.695 AVAST engine scan C:\Windows\system32
22:24:27.242 AVAST engine scan C:\Windows\system32\drivers
22:24:35.179 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Aluroot-B [Rtk]
22:24:38.777 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Aluroot-B [Rtk]
22:24:43.999 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Sirefef-JD [Rtk]
22:24:48.953 AVAST engine scan C:\Users\Cheewen Ng
22:31:58.313 Disk 0 MBR has been saved successfully to "C:\Users\Cheewen Ng\Desktop\MBR.dat"
22:31:58.361 The log file has been saved successfully to "C:\Users\Cheewen Ng\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-11 20:12:22
-----------------------------
20:12:22.985 OS Version: Windows 6.0.6002 Service Pack 2
20:12:22.986 Number of processors: 2 586 0xF0D
20:12:22.987 ComputerName: CHEEWEN-PC UserName: Cheewen Ng
20:12:42.710 Initialize success
20:13:33.520 AVAST engine defs: 12011101
20:13:37.941 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:13:37.943 Disk 0 Vendor: Hitachi_HTS542525K9SA00 BBFOC3BP Size: 238475MB BusType: 3
20:13:37.954 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000073
20:13:37.958 Disk 1 Vendor: ( Size: 238475MB BusType: 0
20:13:37.963 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000074
20:13:37.967 Disk 2 Vendor: ( Size: 238475MB BusType: 0
20:13:38.003 Disk 0 MBR read successfully
20:13:38.008 Disk 0 MBR scan
20:13:38.041 Disk 0 Windows 7 default MBR code
20:13:38.067 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9211 MB offset 2048
20:13:38.084 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145581 MB offset 18866176
20:13:38.119 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 83679 MB offset 317018112
20:13:38.129 Disk 0 scanning sectors +488392704
20:13:38.238 Disk 0 scanning C:\Windows\system32\drivers
20:13:51.538 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Aluroot-B [Rtk]
20:13:55.527 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Aluroot-B [Rtk]
20:14:04.853 Disk 0 trace - called modules:
20:14:04.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x857161f8]<<
20:14:04.896 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859ba380]
20:14:04.902 3 CLASSPNP.SYS[8abac8b3] -> nt!IofCallDriver -> [0x85766918]
20:14:04.911 5 acpi.sys[807b46bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x849846c0]
20:14:04.916 \Driver\atapi[0x857c1f38] -> IRP_MJ_CREATE -> 0x857161f8
20:14:09.752 AVAST engine scan C:\Windows
20:14:16.211 File: C:\Windows\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
20:14:19.840 AVAST engine scan C:\Windows\system32
20:18:30.822 AVAST engine scan C:\Windows\system32\drivers
20:18:39.315 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Aluroot-B [Rtk]
20:18:42.801 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Aluroot-B [Rtk]
20:18:49.631 AVAST engine scan C:\Users\Cheewen Ng
20:32:43.860 AVAST engine scan C:\ProgramData
20:38:04.059 Scan finished successfully
20:39:55.242 Disk 0 MBR has been saved successfully to "C:\Users\Cheewen Ng\Desktop\MBR.dat"
20:39:55.288 The log file has been saved successfully to "C:\Users\Cheewen Ng\Desktop\aswMBR.txt"

PurpleCloud248, Jan 11, 2012

#18
Broni Malware Annihilator

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\Windows\system32\drivers\netbt.sys
- C:\Windows\system32\drivers\smb.sys
If the file is listed as already analyzed, click on Reanalyse file now button.

Broni, Jan 11, 2012

#19
PurpleCloud248 Newcomer, in training

netbt

Antivirus Version Last Update Result
AhnLab-V3 2012.01.11.00 2012.01.11 Trojan/Win32.ADH
AntiVir 7.11.20.248 2012.01.11 TR/Crypt.XPACK.Gen8
Antiy-AVL 2.0.3.7 2012.01.11 -
Avast 6.0.1289.0 2012.01.11 Win32:Aluroot-B [Rtk]
AVG 10.0.0.1190 2012.01.11 BackDoor.Generic14.CEVO
BitDefender 7.2 2012.01.12 Gen:Variant.Graftor.10214
ByteHero 1.0.0.1 2012.01.11 -
CAT-QuickHeal 12.00 2012.01.11 -
ClamAV 0.97.3.0 2012.01.12 -
Commtouch 5.3.2.6 2012.01.12 -
Comodo 11245 2012.01.12 UnclassifiedMalware
DrWeb 5.0.2.03300 2012.01.12 -
Emsisoft 5.1.0.11 2012.01.12 Trojan-Dropper.Win32.Sirefef!IK
eSafe 7.0.17.0 2012.01.11 -
eTrust-Vet 37.0.9676 2012.01.11 -
F-Prot 4.6.5.141 2012.01.12 -
F-Secure 9.0.16440.0 2012.01.12 Gen:Variant.Graftor.10214
Fortinet 4.3.388.0 2012.01.11 W32/ZAccess.K!tr.rkit
GData 22 2012.01.12 Gen:Variant.Graftor.10214
Ikarus T3.1.1.113.0 2012.01.12 Trojan-Dropper.Win32.Sirefef
Jiangmin 13.0.900 2012.01.11 -
K7AntiVirus 9.125.5916 2012.01.11 Riskware
Kaspersky 9.0.0.837 2012.01.12 HEUR:Trojan.Win32.Generic
McAfee 5.400.0.1158 2012.01.12 ZeroAccess.v
McAfee-GW-Edition 2010.1E 2012.01.11 ZeroAccess.v
Microsoft 1.7903 2012.01.11 -
NOD32 6787 2012.01.12 a variant of Win32/Rootkit.Kryptik.GG
Norman 6.07.13 2012.01.11 W32/Suspicious_Gen2.UNYTN
nProtect 2012-01-11.01 2012.01.11 -
Panda 10.0.3.5 2012.01.11 Generic Malware
PCTools 8.0.0.5 2012.01.12 -
Prevx 3.0 2012.01.12 -
Rising 23.92.02.02 2012.01.11 -
Sophos 4.73.0 2012.01.11 Mal/EncPk-AAL
SUPERAntiSpyware 4.40.0.1006 2012.01.12 Trojan.Agent/Gen-Kryptik
Symantec 20111.2.0.82 2012.01.12 -
TheHacker 6.7.0.1.375 2012.01.10 Trojan/Kryptik.gg
TrendMicro 9.500.0.1008 2012.01.11 -
TrendMicro-HouseCall 9.500.0.1008 2012.01.12 -
VBA32 3.12.16.4 2012.01.11 -
VIPRE 11385 2012.01.12 Trojan.Win32.Sirefef.pf (v)
ViRobot 2012.1.11.4875 2012.01.11 -
VirusBuster 14.1.162.0 2012.01.11 Rootkit.Kryptik!NI/K+wE+4g0

PurpleCloud248, Jan 11, 2012

#20

(You must log in or sign up to reply here.)

Page 1 of 3

TechSpot | Technology News and Analysis
Copyright © 1998-2012, TechSpot, Inc.
Forum software by XenForo™
TechSpot is a registered trademark
All Rights Reserved