# Trojan:WIN32/Sirefef help



## Dantana21 (Nov 1, 2009)

Microsoft Security Essentials keeps on finding the malware Trojan:WIN32/Sirefef on my computer on a regular basis. It's quarantined and then deleted by me, but keeps coming back. Computer symptoms include high CPU usage and internet explorer running in the background (almost exclusively use firefox).

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:15:02 PM, on 5/13/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O6 "USB001" /M "Stylus C80"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 8092 bytes


----------



## flavallee (May 12, 2002)

You appear to already have *Malwarebytes Anti-Malware*(unknown version) installed.

Download and install *SUPERAntiSpyware 5.0.0.1148*.

Run the update feature of each one to insure the definition files are up-to-date.

Run a quick scan with each one.

When each scan is finished, select and remove EVERYTHING that was found.

---------------------------------------------------------


----------



## Dantana21 (Nov 1, 2009)

I ran both as told. Superantispyware found over 700 threats that were promptly deleted. Malwarebytes didnt find anything. 

The trojan still appears to be there as MSEssentials is still detecting it on a regular basis.


----------



## flavallee (May 12, 2002)

Click Start - Run, then type in

*%temp%*

and then click OK.

Click Start - Run, then type in

*c:\windows\temp*

and then click OK.

Once those 2 temp folders appear and you can view their contents, select and delete EVERYTHING that's inside them.

If a few files resist being deleted, that's normal behavior. Leave them alone and delete EVERYTHING else.

If a massive number of files are being deleted, the computer may appear to "hang". Be patient and wait for the deletion process to finish.

After it's done, restart the computer.

---------------------------------------------------------

Go to Start - Run - *MSCONFIG* - OK - "Startup" tab.

Write down only the names in the "Startup Item" column that have a checkmark next to them.

If the "Startup Item" column isn't wide enough to see the entire name of any of them, widen the column.

Submit those names here in a vertical list.

Make sure to spell them exactly as you see them there.

---------------------------------------------------------


----------



## Dantana21 (Nov 1, 2009)

Every item in the column had a check mark by it. They are:

atiptaxx
stsystra
DLACTRLW
issch
MBBalloon
AppleSyncNotifier
iTunesHelper
isuspm
SSBkgdupdate
pptd40nt
IndexSearch
DivXUpdate
DDmService
qttask
Reader_sl
mbamgui
jusched
msseces
E_A10IC2
ctfmon
SuperAntiSpyware
MediaChecker


----------



## flavallee (May 12, 2002)

Go back to Start - Run - *MSCONFIG* - OK - "Startup" tab.

Remove the checkmark in these startup entries:

*atiptaxx

stsystra

issch

MBBalloon

iTunesHelper

isuspm

IndexSearch

DivXUpdate

DDmService

qttask

Reader_sl

jusched

SUPERAntiSpyware

MediaChecker*

After you're done, click Apply - OK/Close - Exit Without Restart.

Go to Start - Run - *SERVICES.MSC* - OK.

Expand the services window so you can see the list clearly.

Double-click on these service entries, one at a time, to open their properties window:

*Ares Chatroom Server

Ati HotKey Poller

ATI Smart

Java Quick Starter

Viewpoint Manager Service*

If "startup type" is set on Automatic, change it to Manual, then click Apply - OK.

After you're done, close the services window and then restart the computer.

When the small System Configuration Utility window appears during restart, ignore its message.

Put a checkmark in the lower left of that window BEFORE you click OK to close it.

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then copy-and-paste it here.

-------------------------------------------------------

Did you complete the first part of post #4?

-------------------------------------------------------


----------



## Dantana21 (Nov 1, 2009)

Yes I was able to complete the first part of post #4. I managed to delete all the items except one in each folder.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:09:10 PM, on 5/14/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O6 "USB001" /M "Stylus C80"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 6540 bytes


----------



## flavallee (May 12, 2002)

Start HiJackThis, then click "Do a system scan only".

When the scan is finished in about 30 - 60 seconds, put a checkmark in these log entries:

*O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -*

After you confirm that you selected the correct log entries, click "Fix checked - Yes".

Close HiJackthis.

Note: This is just some "housecleaning" of the log.

-----------------------------------------------------------

Is your computer still having the same issues?

------------------------------------------------------------


----------



## Dantana21 (Nov 1, 2009)

I was able to complete the fixing of those 7 log entries in hijackthis.

Yes, I am still having the same issues with internet explorer running in the background and trojan sirefef constantly being detected by MSEssentials. 

Thanks for your help!


----------



## flavallee (May 12, 2002)

The *Internet Explorer* browser nor the *Firefox* browser nor any other browser cannot automatically load and run in the background.

Are you referring to Windows Explorer?

-----------------------------------------------------------


----------



## Dantana21 (Nov 1, 2009)

I was referring to the iexplore.exe that I keep seeing in my task manager. I only use firefox as my browser and kept hearing ads playing and my CPU usage would spike to 50% or more (typically less than 10%) and couldnt figure out where they were coming from until I opened up the task managed and saw iexplorer.exe (sometimes multiple) running. I click on them and end task and the ads and cpu usage goes away, but will come back within a few minutes. 

Maybe its not internet explorer but whatever is causing iexplorer.exe to run is what is giving me problems. It started at the same time that MSE began finding the trojan sirefef, which is still being detected constantly.

Edit: I typed in iexplorer.exe virus into google and found a few matches of people talking about similar issues. Could this be what Im dealing with?


----------



## flavallee (May 12, 2002)

*iexplore.exe* is associated with Internet Explorer.

You apparently have an issue that's beyond my expertise.

Read the topmost "sticky" in this section, then provide the required logs and information.

It'll be needed in order for a gold/blue shield removal specialist to assist you.

-----------------------------------------------------------------


----------



## Dantana21 (Nov 1, 2009)

Thanks for your help flavallee!

Here are the requested logs from the sticky:

*Hijackthis*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:46 AM, on 5/16/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O6 "USB001" /M "Stylus C80"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 6278 bytes

*DDS

*.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by Dan Gentner at 11:17:19 on 2012-05-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.359 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: *Disabled* 
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 : {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
uRun: [EPSON Stylus C80 Series] c:\windows\system32\spool\drivers\w32x86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O6 "USB001" /M "Stylus C80"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 71.89.132.13 71.89.132.59
TCP: Interfaces\{056FC7EA-37A0-49E7-949C-A88D618C11C7} : DhcpNameServer = 71.89.132.13 71.89.132.59
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dan gentner\application data\mozilla\firefox\profiles\cobodq9j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cbssports.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2008-6-5 15172]
R1 MpKslb7546622;MpKslb7546622;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a658a18e-84f9-4b67-a415-a38dd676b341}\MpKslb7546622.sys [2012-5-16 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-19 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-19 22344]
S1 hyojmkut;hyojmkut;\??\c:\windows\system32\drivers\hyojmkut.sys --> c:\windows\system32\drivers\hyojmkut.sys [?]
S1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\mpfirewall.sys --> c:\windows\system32\drivers\MpFirewall.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-9 129976]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [2011-11-10 111872]
S3 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S4 vsdatant;vsdatant;a --> a [?]
.
=============== Created Last 30 ================
.
2012-05-16 15:16:58 581 ----a-w- c:\documents and settings\all users\application data\agrqaaa.tmp
2012-05-16 15:10:04 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a658a18e-84f9-4b67-a415-a38dd676b341}\offreg.dll
2012-05-16 15:09:36 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a658a18e-84f9-4b67-a415-a38dd676b341}\MpKslb7546622.sys
2012-05-16 05:35:22 1001 ----a-w- c:\documents and settings\all users\application data\gfoqaaa.tmp
2012-05-16 04:20:50 -------- d-----w- c:\program files\iTunes
2012-05-16 04:20:50 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-05-16 00:31:08 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a658a18e-84f9-4b67-a415-a38dd676b341}\mpengine.dll
2012-05-14 21:33:28 6734704 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-05-14 04:58:22 985 ----a-w- c:\documents and settings\all users\application data\yuyqaaa.tmp
2012-05-14 02:51:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-14 02:01:26 -------- d-----w- c:\documents and settings\dan gentner\application data\SUPERAntiSpyware.com
2012-05-14 02:00:37 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-05-13 15:32:55 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-11 20:33:53 -------- d-----w- c:\windows\system32\NtmsData
2012-05-10 22:53:19 -------- d-----w- c:\program files\Oracle
2012-05-10 22:53:08 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-10 22:53:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
.
==================== Find3M ====================
.
2012-04-04 22:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-02-29 20:05:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 11:22:19.51 ===============

*Ark.txt*

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-16 14:32:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD80 rev.10.0
Running: r34m8hvw.exe; Driver: C:\DOCUME~1\DANGEN~1\LOCALS~1\Temp\pxtdapob.sys

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\PzWDM.sys entry point in "init" section [0xF78A630E]
? C:\DOCUME~1\DANGEN~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00634844 
.text C:\WINDOWS\Explorer.EXE[2064] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00B44844

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device  DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Processes - GMER 1.0.15 ----

Library c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1400] 0x45670000

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A53830B9-6704-47C1-8C65-4055CDC42978} 7724 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{35C1A090-06B6-4D70-9AB6-BBD54C045F6A} 7366 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KID19QTY\results[10].htm 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WPPYIBRD\other;pos=top728;tile=1;dcopt=ist;sz=728x90;ord=943691475293[1] 0 bytes
File C:\WINDOWS\temp\REG589.tmp 0 bytes
File C:\WINDOWS\temp\REG58A.tmp 0 bytes

---- EOF - GMER 1.0.15 ----


----------



## flavallee (May 12, 2002)

Thanks for submitting the required logs.

I've made a request for a gold/blue shield removal specialist to assist you.

Good luck.

---------------------------------------------------------------


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## Dantana21 (Nov 1, 2009)

Thank you for taking this issue on cookiegal!

I have run into some problems when trying to run combofix. When I click it to run, the black screen appears with percentage complete bar at the top. Once it has finished, the program just disappears and doesnt return. Ive used combofix before in the past and was pretty sure there is a blue screen that follows, correct? I've tried it three times (waiting various times for it to return) in normal mode and once in safe mode and have the same results. I even tried renaming the file from puppy.exe to kitty.exe and got the same 

Also, when I disabled MSEssentials to run combofix, my windows firewall got turned off (either coincidence or due to virus) and now I cannot get it to turn back on. 

And finally, my internet on the infected computer is spotty at best. Sometimes it works, sometimes it doesnt. I am posting this from a laptop on the same wireless signal as infected CPU and having no issues at all, so the problem is clearly limited to that computer.


----------



## Cookiegal (Aug 27, 2003)

OK. Yes, you should get a blue screen that shows the progression of the scan. Let's try something else instead and we'll come back to ComboFix later.

Please go  here and download the *TDSSKiller.exe* to your desktop.

Double-click to TDSSKiller.exe on your desktop to run it.
Click on *Start Scan*
As we don't want to fix anything yet, if any malicious objects are detected, *do NOT select Cure* but select *Skip* instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.


----------



## Dantana21 (Nov 1, 2009)

Results for the TDSS Scan:

14:29:10.0484 0932 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
14:29:10.0953 0932 ============================================================
14:29:10.0953 0932 Current date / time: 2012/05/17 14:29:10.0953
14:29:10.0953 0932 SystemInfo:
14:29:10.0953 0932 
14:29:10.0953 0932 OS Version: 5.1.2600 ServicePack: 3.0
14:29:10.0953 0932 Product type: Workstation
14:29:10.0953 0932 ComputerName: DAN
14:29:10.0953 0932 UserName: Dan Gentner
14:29:10.0953 0932 Windows directory: C:\WINDOWS
14:29:10.0953 0932 System windows directory: C:\WINDOWS
14:29:10.0953 0932 Processor architecture: Intel x86
14:29:10.0953 0932 Number of processors: 2
14:29:10.0953 0932 Page size: 0x1000
14:29:10.0953 0932 Boot type: Normal boot
14:29:10.0953 0932 ============================================================
14:29:13.0125 0932 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:29:13.0250 0932 Drive \Device\Harddisk1\DR2 - Size: 0x76A4FE00 (1.85 Gb), SectorSize: 0x200, Cylinders: 0xF2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:29:13.0250 0932 ============================================================
14:29:13.0250 0932 \Device\Harddisk0\DR0:
14:29:13.0250 0932 MBR partitions:
14:29:13.0250 0932 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
14:29:13.0250 0932 \Device\Harddisk1\DR2:
14:29:13.0250 0932 MBR partitions:
14:29:13.0250 0932 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xE, StartLBA 0x10, BlocksNum 0x3B526F
14:29:13.0250 0932 ============================================================
14:29:13.0375 0932 C: <-> \Device\Harddisk0\DR0\Partition0
14:29:13.0375 0932 ============================================================
14:29:13.0375 0932 Initialize success
14:29:13.0375 0932 ============================================================
14:29:19.0453 0364 ============================================================
14:29:19.0453 0364 Scan started
14:29:19.0453 0364 Mode: Manual; 
14:29:19.0453 0364 ============================================================
14:29:22.0390 0364 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
14:29:22.0390 0364 !SASCORE - ok
14:29:24.0859 0364 Abiosdsk - ok
14:29:24.0859 0364 abp480n5 - ok
14:29:25.0281 0364 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:29:25.0312 0364 ACPI - ok
14:29:25.0453 0364 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:29:25.0484 0364 ACPIEC - ok
14:29:25.0484 0364 adpu160m - ok
14:29:25.0968 0364 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:29:26.0093 0364 aec - ok
14:29:26.0343 0364 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
14:29:26.0546 0364 AegisP - ok
14:29:27.0296 0364 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
14:29:27.0328 0364 AFD - ok
14:29:27.0328 0364 Aha154x - ok
14:29:27.0343 0364 aic78u2 - ok
14:29:27.0343 0364 aic78xx - ok
14:29:27.0390 0364 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:29:27.0390 0364 Alerter - ok
14:29:27.0531 0364 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:29:27.0562 0364 ALG - ok
14:29:27.0562 0364 AliIde - ok
14:29:27.0562 0364 amsint - ok
14:29:28.0000 0364 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:29:28.0000 0364 Apple Mobile Device - ok
14:29:28.0437 0364 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
14:29:28.0453 0364 AppMgmt - ok
14:29:29.0296 0364 AresChatServer (d0c8b41a2690cd3b57783c759b3b72d5) C:\Program Files\Ares\chatServer.exe
14:29:29.0296 0364 AresChatServer - ok
14:29:29.0609 0364 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:29:29.0609 0364 Arp1394 - ok
14:29:29.0625 0364 asc - ok
14:29:29.0625 0364 asc3350p - ok
14:29:29.0640 0364 asc3550 - ok
14:29:30.0265 0364 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:29:30.0593 0364 aspnet_state - ok
14:29:30.0812 0364 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:29:30.0828 0364 AsyncMac - ok
14:29:31.0859 0364 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:29:32.0000 0364 atapi - ok
14:29:32.0000 0364 Atdisk - ok
14:29:34.0656 0364 Ati HotKey Poller (c03be4819ef9052ae7bfd667617b9351) C:\WINDOWS\system32\Ati2evxx.exe
14:29:35.0171 0364 Ati HotKey Poller - ok
14:29:35.0234 0364 ATI Smart (de86cd9f6fd6d86a1f7d1f8b19f50a96) C:\WINDOWS\system32\ati2sgag.exe
14:29:36.0328 0364 ATI Smart - ok
14:29:36.0421 0364 ati2mtag (afb591955258dec2deb6de0137876800) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:29:36.0687 0364 ati2mtag - ok
14:29:36.0703 0364 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:29:36.0703 0364 Atmarpc - ok
14:29:36.0734 0364 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:29:36.0750 0364 AudioSrv - ok
14:29:36.0796 0364 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:29:36.0796 0364 audstub - ok
14:29:36.0859 0364 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:29:36.0859 0364 Beep - ok
14:29:37.0000 0364 Belkin Wireless USB Network Adapter Service (ee684c735b6d1d07498a1ec2ea1ae483) C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
14:29:37.0046 0364 Belkin Wireless USB Network Adapter Service - ok
14:29:37.0109 0364 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:29:37.0187 0364 BITS - ok
14:29:37.0265 0364 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:29:37.0296 0364 Bonjour Service - ok
14:29:37.0343 0364 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:29:37.0343 0364 Browser - ok
14:29:37.0390 0364 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:29:37.0390 0364 cbidf2k - ok
14:29:37.0390 0364 cd20xrnt - ok
14:29:37.0437 0364 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:29:37.0437 0364 Cdaudio - ok
14:29:37.0484 0364 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:29:37.0484 0364 Cdfs - ok
14:29:37.0500 0364 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:29:37.0500 0364 Cdrom - ok
14:29:37.0546 0364 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
14:29:37.0562 0364 cercsr6 - ok
14:29:37.0562 0364 Changer - ok
14:29:37.0593 0364 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:29:37.0593 0364 CiSvc - ok
14:29:37.0625 0364 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:29:37.0640 0364 ClipSrv - ok
14:29:37.0734 0364 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:29:37.0781 0364 clr_optimization_v2.0.50727_32 - ok
14:29:37.0781 0364 CmdIde - ok
14:29:37.0796 0364 COMSysApp - ok
14:29:37.0796 0364 Cpqarray - ok
14:29:37.0843 0364 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:29:37.0843 0364 CryptSvc - ok
14:29:37.0859 0364 dac2w2k - ok
14:29:37.0859 0364 dac960nt - ok
14:29:37.0921 0364 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:29:37.0968 0364 DcomLaunch - ok
14:29:38.0031 0364 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:29:38.0031 0364 Dhcp - ok
14:29:38.0078 0364 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:29:38.0078 0364 Disk - ok
14:29:38.0109 0364 DLABOIOM (d8d58a84f3ece3359df95fd2e459b330) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
14:29:38.0125 0364 DLABOIOM - ok
14:29:38.0140 0364 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
14:29:38.0156 0364 DLACDBHM - ok
14:29:38.0187 0364 DLADResN (27c78078bd9c4f2de2ad3eb04bfe101b) C:\WINDOWS\system32\DLA\DLADResN.SYS
14:29:38.0234 0364 DLADResN - ok
14:29:38.0296 0364 DLAIFS_M (7f2d93e560b763ef5d11422d78da8ed0) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
14:29:38.0343 0364 DLAIFS_M - ok
14:29:38.0390 0364 DLAOPIOM (f643637de6aac57e38d197aa63d9ea74) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
14:29:38.0406 0364 DLAOPIOM - ok
14:29:38.0437 0364 DLAPoolM (340705474807f57a46d59d18fc2959f1) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
14:29:38.0453 0364 DLAPoolM - ok
14:29:38.0468 0364 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
14:29:38.0515 0364 DLARTL_N - ok
14:29:38.0546 0364 DLAUDFAM (6984ea763907c045ce813468882bc587) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
14:29:38.0593 0364 DLAUDFAM - ok
14:29:38.0625 0364 DLAUDF_M (12b30c449cfd36adbed53eb6560933c6) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
14:29:38.0671 0364 DLAUDF_M - ok
14:29:38.0671 0364 dmadmin - ok
14:29:38.0750 0364 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:29:38.0765 0364 dmboot - ok
14:29:38.0781 0364 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:29:38.0781 0364 dmio - ok
14:29:38.0812 0364 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:29:38.0812 0364 dmload - ok
14:29:38.0843 0364 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:29:38.0843 0364 dmserver - ok
14:29:38.0890 0364 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:29:38.0890 0364 DMusic - ok
14:29:38.0906 0364 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
14:29:38.0906 0364 Dnscache - ok
14:29:38.0953 0364 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:29:38.0968 0364 Dot3svc - ok
14:29:38.0968 0364 dpti2o - ok
14:29:39.0031 0364 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:29:39.0031 0364 drmkaud - ok
14:29:39.0031 0364 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
14:29:39.0062 0364 DRVMCDB - ok
14:29:39.0062 0364 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
14:29:40.0390 0364 DRVNDDM - ok
14:29:40.0437 0364 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:29:40.0437 0364 E100B - ok
14:29:40.0468 0364 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:29:40.0484 0364 EapHost - ok
14:29:40.0515 0364 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:29:40.0515 0364 ERSvc - ok
14:29:40.0578 0364 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:29:40.0578 0364 Eventlog - ok
14:29:40.0640 0364 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:29:40.0640 0364 EventSystem - ok
14:29:40.0718 0364 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:29:40.0718 0364 Fastfat - ok
14:29:40.0765 0364 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
14:29:40.0765 0364 FastUserSwitchingCompatibility - ok
14:29:40.0765 0364 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:29:40.0781 0364 Fdc - ok
14:29:40.0812 0364 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:29:40.0812 0364 Fips - ok
14:29:40.0828 0364 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:29:40.0828 0364 Flpydisk - ok
14:29:40.0875 0364 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:29:40.0890 0364 FltMgr - ok
14:29:41.0000 0364 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:29:41.0000 0364 FontCache3.0.0.0 - ok
14:29:41.0046 0364 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:29:41.0046 0364 Fs_Rec - ok
14:29:41.0046 0364 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:29:41.0046 0364 Ftdisk - ok
14:29:41.0093 0364 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
14:29:41.0093 0364 GEARAspiWDM - ok
14:29:41.0109 0364 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:29:41.0109 0364 Gpc - ok
14:29:41.0125 0364 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:29:41.0125 0364 HDAudBus - ok
14:29:41.0218 0364 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:29:41.0218 0364 helpsvc - ok
14:29:41.0218 0364 HidServ - ok
14:29:41.0234 0364 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:29:41.0234 0364 hidusb - ok
14:29:41.0265 0364 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:29:41.0265 0364 hkmsvc - ok
14:29:41.0281 0364 hpn - ok
14:29:41.0312 0364 HSFHWAZL (14b15d0d803ef4ab9b525b7e2da303ef) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
14:29:41.0328 0364 HSFHWAZL - ok
14:29:41.0406 0364 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
14:29:41.0468 0364 HSF_DPV - ok
14:29:41.0546 0364 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:29:41.0578 0364 HTTP - ok
14:29:41.0656 0364 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:29:41.0656 0364 HTTPFilter - ok
14:29:41.0656 0364 hyojmkut - ok
14:29:41.0656 0364 i2omgmt - ok
14:29:41.0687 0364 i2omp - ok
14:29:41.0687 0364 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
14:29:41.0687 0364 i8042prt - ok
14:29:41.0734 0364 iastor (88b1943ecff661f765228099138cf6ab) C:\WINDOWS\system32\DRIVERS\iaStor.sys
14:29:41.0734 0364 iastor - ok
14:29:41.0828 0364 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:29:41.0890 0364 idsvc - ok
14:29:41.0937 0364 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:29:41.0937 0364 Imapi - ok
14:29:42.0000 0364 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:29:42.0000 0364 ImapiService - ok
14:29:42.0000 0364 ini910u - ok
14:29:42.0015 0364 IntelIde - ok
14:29:42.0062 0364 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:29:42.0062 0364 intelppm - ok
14:29:42.0093 0364 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:29:42.0093 0364 Ip6Fw - ok
14:29:42.0125 0364 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:29:42.0125 0364 IpFilterDriver - ok
14:29:42.0156 0364 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:29:42.0171 0364 IpInIp - ok
14:29:42.0203 0364 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:29:42.0203 0364 IpNat - ok
14:29:42.0375 0364 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
14:29:42.0406 0364 iPod Service - ok
14:29:42.0468 0364 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:29:42.0468 0364 IPSec - ok
14:29:42.0500 0364 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:29:42.0500 0364 IRENUM - ok
14:29:42.0500 0364 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:29:42.0515 0364 isapnp - ok
14:29:42.0609 0364 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
14:29:42.0625 0364 JavaQuickStarterService - ok
14:29:42.0671 0364 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:29:42.0671 0364 Kbdclass - ok
14:29:42.0765 0364 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:29:42.0765 0364 kbdhid - ok
14:29:42.0781 0364 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:29:42.0796 0364 kmixer - ok
14:29:42.0828 0364 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:29:42.0828 0364 KSecDD - ok
14:29:42.0890 0364 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:29:42.0890 0364 lanmanserver - ok
14:29:42.0937 0364 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:29:42.0937 0364 lanmanworkstation - ok
14:29:42.0953 0364 lbrtfdc - ok
14:29:42.0968 0364 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:29:42.0968 0364 LmHosts - ok
14:29:43.0015 0364 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
14:29:43.0015 0364 MBAMProtector - ok
14:29:43.0140 0364 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:29:43.0156 0364 MBAMService - ok
14:29:43.0218 0364 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:29:43.0218 0364 mdmxsdk - ok
14:29:43.0250 0364 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:29:43.0250 0364 Messenger - ok
14:29:43.0250 0364 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:29:43.0250 0364 mnmdd - ok
14:29:43.0281 0364 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
14:29:43.0281 0364 mnmsrvc - ok
14:29:43.0312 0364 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:29:43.0312 0364 Modem - ok
14:29:43.0312 0364 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:29:43.0312 0364 Mouclass - ok
14:29:43.0359 0364 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:29:43.0375 0364 mouhid - ok
14:29:43.0375 0364 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:29:43.0375 0364 MountMgr - ok
14:29:43.0421 0364 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:29:43.0437 0364 MozillaMaintenance - ok
14:29:43.0500 0364 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
14:29:43.0500 0364 MpFilter - ok
14:29:43.0500 0364 MPFIREWL - ok
14:29:43.0687 0364 MpKsl22ce240a (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B70918A4-D149-422E-8EAA-F1EDA2BE25B9}\MpKsl22ce240a.sys
14:29:43.0687 0364 MpKsl22ce240a - ok
14:29:43.0687 0364 mraid35x - ok
14:29:43.0765 0364 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:29:43.0765 0364 MRxDAV - ok
14:29:43.0828 0364 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:29:43.0828 0364 MRxSmb - ok
14:29:43.0890 0364 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:29:43.0890 0364 MSDTC - ok
14:29:43.0890 0364 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:29:43.0906 0364 Msfs - ok
14:29:43.0906 0364 MSIServer - ok
14:29:43.0921 0364 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:29:43.0921 0364 MSKSSRV - ok
14:29:43.0968 0364 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:29:43.0968 0364 MsMpSvc - ok
14:29:44.0000 0364 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:29:44.0000 0364 MSPCLOCK - ok
14:29:44.0000 0364 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:29:44.0000 0364 MSPQM - ok
14:29:44.0031 0364 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:29:44.0031 0364 mssmbios - ok
14:29:44.0046 0364 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
14:29:44.0046 0364 Mup - ok
14:29:44.0109 0364 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:29:44.0156 0364 napagent - ok
14:29:44.0171 0364 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:29:44.0171 0364 NDIS - ok
14:29:44.0203 0364 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:29:44.0203 0364 NdisTapi - ok
14:29:44.0203 0364 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:29:44.0203 0364 Ndisuio - ok
14:29:44.0218 0364 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:29:44.0218 0364 NdisWan - ok
14:29:44.0234 0364 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
14:29:44.0234 0364 NDProxy - ok
14:29:44.0234 0364 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:29:44.0234 0364 NetBIOS - ok
14:29:44.0296 0364 NetBT  (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:29:44.0296 0364 NetBT - ok
14:29:44.0375 0364 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:29:44.0375 0364 NetDDE - ok
14:29:44.0375 0364 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:29:44.0375 0364 NetDDEdsdm - ok
14:29:44.0421 0364 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:29:44.0421 0364 Netlogon - ok
14:29:44.0484 0364 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:29:44.0500 0364 Netman - ok
14:29:44.0593 0364 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:29:44.0593 0364 NetTcpPortSharing - ok
14:29:44.0625 0364 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:29:44.0625 0364 NIC1394 - ok
14:29:44.0765 0364 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
14:29:44.0796 0364 Nla - ok
14:29:44.0796 0364 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:29:44.0812 0364 Npfs - ok
14:29:44.0890 0364 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:29:44.0921 0364 Ntfs - ok
14:29:44.0937 0364 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:29:44.0937 0364 NtLmSsp - ok
14:29:44.0984 0364 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:29:45.0000 0364 NtmsSvc - ok
14:29:45.0031 0364 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:29:45.0031 0364 Null - ok
14:29:45.0046 0364 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:29:45.0046 0364 NwlnkFlt - ok
14:29:45.0062 0364 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:29:45.0062 0364 NwlnkFwd - ok
14:29:45.0078 0364 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:29:45.0078 0364 ohci1394 - ok
14:29:45.0156 0364 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:29:45.0156 0364 ose - ok
14:29:45.0218 0364 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
14:29:45.0218 0364 Parport - ok
14:29:45.0250 0364 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:29:45.0250 0364 PartMgr - ok
14:29:45.0265 0364 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:29:45.0265 0364 ParVdm - ok
14:29:45.0265 0364 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:29:45.0265 0364 PCI - ok
14:29:45.0281 0364 PCIDump - ok
14:29:45.0296 0364 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:29:45.0296 0364 PCIIde - ok
14:29:45.0312 0364 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:29:45.0312 0364 Pcmcia - ok
14:29:45.0343 0364 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
14:29:45.0343 0364 pcouffin - ok
14:29:45.0343 0364 PDCOMP - ok
14:29:45.0343 0364 PDFRAME - ok
14:29:45.0359 0364 PDRELI - ok
14:29:45.0359 0364 PDRFRAME - ok
14:29:45.0359 0364 perc2 - ok
14:29:45.0375 0364 perc2hib - ok
14:29:45.0421 0364 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:29:45.0421 0364 PlugPlay - ok
14:29:45.0421 0364 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:29:45.0437 0364 PolicyAgent - ok
14:29:45.0484 0364 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:29:45.0484 0364 PptpMiniport - ok
14:29:45.0500 0364 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:29:45.0500 0364 ProtectedStorage - ok
14:29:45.0531 0364 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:29:45.0531 0364 PSched - ok
14:29:45.0531 0364 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:29:45.0531 0364 Ptilink - ok
14:29:45.0562 0364 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:29:45.0578 0364 PxHelp20 - ok
14:29:45.0578 0364 PzWDM (36cf3653d367cbc72a38625543f3d4d1) C:\WINDOWS\system32\Drivers\PzWDM.sys
14:29:45.0593 0364 PzWDM - ok
14:29:45.0593 0364 ql1080 - ok
14:29:45.0593 0364 Ql10wnt - ok
14:29:45.0609 0364 ql12160 - ok
14:29:45.0609 0364 ql1240 - ok
14:29:45.0609 0364 ql1280 - ok
14:29:45.0656 0364 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:29:45.0656 0364 RasAcd - ok
14:29:45.0687 0364 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:29:45.0687 0364 RasAuto - ok
14:29:45.0718 0364 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:29:45.0718 0364 Rasl2tp - ok
14:29:45.0796 0364 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:29:45.0843 0364 RasMan - ok
14:29:45.0843 0364 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:29:45.0843 0364 RasPppoe - ok
14:29:45.0859 0364 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:29:45.0859 0364 Raspti - ok
14:29:45.0906 0364 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:29:45.0906 0364 Rdbss - ok
14:29:45.0921 0364 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:29:45.0921 0364 RDPCDD - ok
14:29:45.0984 0364 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:29:45.0984 0364 rdpdr - ok
14:29:46.0031 0364 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
14:29:46.0031 0364 RDPWD - ok
14:29:46.0046 0364 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:29:46.0093 0364 RDSessMgr - ok
14:29:46.0140 0364 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:29:46.0140 0364 redbook - ok
14:29:46.0171 0364 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:29:46.0171 0364 RemoteAccess - ok
14:29:46.0218 0364 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
14:29:46.0218 0364 RemoteRegistry - ok
14:29:46.0265 0364 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
14:29:46.0265 0364 RpcLocator - ok
14:29:46.0312 0364 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
14:29:46.0312 0364 RpcSs - ok
14:29:46.0343 0364 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:29:46.0390 0364 RSVP - ok
14:29:46.0437 0364 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
14:29:46.0437 0364 RT73 - ok
14:29:46.0500 0364 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:29:46.0500 0364 SamSs - ok
14:29:46.0625 0364 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:29:46.0625 0364 SASDIFSV - ok
14:29:46.0656 0364 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:29:46.0656 0364 SASKUTIL - ok
14:29:46.0703 0364 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:29:46.0703 0364 SCardSvr - ok
14:29:46.0750 0364 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:29:46.0812 0364 Schedule - ok
14:29:46.0875 0364 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:29:46.0875 0364 Secdrv - ok
14:29:46.0890 0364 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:29:46.0890 0364 seclogon - ok
14:29:46.0921 0364 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:29:46.0937 0364 SENS - ok
14:29:46.0984 0364 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
14:29:46.0984 0364 Serial - ok
14:29:47.0031 0364 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:29:47.0031 0364 Sfloppy - ok
14:29:47.0062 0364 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
14:29:47.0078 0364 ShellHWDetection - ok
14:29:47.0078 0364 Simbad - ok
14:29:47.0093 0364 Sparrow - ok
14:29:47.0140 0364 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:29:47.0140 0364 splitter - ok
14:29:47.0156 0364 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
14:29:47.0156 0364 Spooler - ok
14:29:47.0218 0364 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:29:47.0218 0364 sr - ok
14:29:47.0234 0364 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:29:47.0281 0364 srservice - ok
14:29:47.0328 0364 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
14:29:47.0343 0364 Srv - ok
14:29:47.0375 0364 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:29:47.0375 0364 SSDPSRV - ok
14:29:47.0453 0364 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys
14:29:47.0531 0364 STHDA - ok
14:29:47.0609 0364 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:29:47.0609 0364 stisvc - ok
14:29:47.0671 0364 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:29:47.0671 0364 swenum - ok
14:29:47.0687 0364 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:29:47.0687 0364 swmidi - ok
14:29:47.0687 0364 SwPrv - ok
14:29:47.0703 0364 symc810 - ok
14:29:47.0703 0364 symc8xx - ok
14:29:47.0703 0364 sym_hi - ok
14:29:47.0718 0364 sym_u3 - ok
14:29:47.0750 0364 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:29:47.0750 0364 sysaudio - ok
14:29:47.0812 0364 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:29:47.0828 0364 SysmonLog - ok
14:29:47.0875 0364 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:29:47.0921 0364 TapiSrv - ok
14:29:48.0015 0364 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:29:48.0031 0364 Tcpip - ok
14:29:48.0078 0364 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:29:48.0078 0364 TDPIPE - ok
14:29:48.0078 0364 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:29:48.0078 0364 TDTCP - ok
14:29:48.0109 0364 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:29:48.0109 0364 TermDD - ok
14:29:48.0171 0364 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:29:48.0203 0364 TermService - ok
14:29:48.0265 0364 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
14:29:48.0265 0364 Themes - ok
14:29:48.0312 0364 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
14:29:48.0312 0364 TlntSvr - ok
14:29:48.0328 0364 TosIde - ok
14:29:48.0375 0364 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:29:48.0375 0364 TrkWks - ok
14:29:48.0437 0364 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
14:29:48.0578 0364 TrueSight - ok
14:29:48.0656 0364 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:29:48.0656 0364 Udfs - ok
14:29:48.0656 0364 UIUSys - ok
14:29:48.0671 0364 ultra - ok
14:29:48.0734 0364 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:29:48.0734 0364 Update - ok
14:29:48.0796 0364 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:29:48.0843 0364 upnphost - ok
14:29:48.0875 0364 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:29:48.0875 0364 UPS - ok
14:29:48.0921 0364 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:29:48.0953 0364 USBAAPL - ok
14:29:49.0000 0364 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:29:49.0000 0364 usbccgp - ok
14:29:49.0015 0364 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:29:49.0015 0364 usbehci - ok
14:29:49.0078 0364 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:29:49.0078 0364 usbhub - ok
14:29:49.0125 0364 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:29:49.0125 0364 usbprint - ok
14:29:49.0171 0364 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:29:49.0171 0364 usbscan - ok
14:29:49.0203 0364 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:29:49.0218 0364 USBSTOR - ok
14:29:49.0234 0364 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:29:49.0234 0364 usbuhci - ok
14:29:49.0265 0364 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:29:49.0265 0364 VgaSave - ok
14:29:49.0265 0364 ViaIde - ok
14:29:49.0343 0364 Viewpoint Manager Service - ok
14:29:49.0390 0364 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:29:49.0390 0364 VolSnap - ok
14:29:49.0390 0364 vsdatant - ok
14:29:49.0437 0364 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:29:49.0453 0364 VSS - ok
14:29:49.0500 0364 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:29:49.0546 0364 W32Time - ok
14:29:49.0593 0364 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:29:49.0609 0364 Wanarp - ok
14:29:49.0609 0364 WDICA - ok
14:29:49.0671 0364 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:29:49.0671 0364 wdmaud - ok
14:29:49.0718 0364 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:29:49.0734 0364 WebClient - ok
14:29:49.0812 0364 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:29:49.0843 0364 winachsf - ok
14:29:49.0953 0364 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:29:49.0953 0364 winmgmt - ok
14:29:50.0015 0364 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:29:50.0031 0364 WmdmPmSN - ok
14:29:50.0078 0364 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
14:29:50.0093 0364 Wmi - ok
14:29:50.0156 0364 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:29:50.0156 0364 WmiApSrv - ok
14:29:50.0328 0364 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:29:50.0359 0364 WMPNetworkSvc - ok
14:29:50.0421 0364 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:29:50.0421 0364 WS2IFSL - ok
14:29:50.0468 0364 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:29:50.0468 0364 wscsvc - ok
14:29:50.0515 0364 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:29:50.0546 0364 wuauserv - ok
14:29:50.0593 0364 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:29:50.0593 0364 WudfPf - ok
14:29:50.0593 0364 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:29:50.0609 0364 WudfRd - ok
14:29:50.0625 0364 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:29:50.0640 0364 WudfSvc - ok
14:29:50.0687 0364 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:29:50.0734 0364 WZCSVC - ok
14:29:50.0781 0364 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:29:50.0812 0364 xmlprov - ok
14:29:50.0843 0364 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:29:51.0296 0364 \Device\Harddisk0\DR0 - ok
14:29:51.0312 0364 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR2
14:30:02.0640 0364 \Device\Harddisk1\DR2 - ok
14:30:02.0640 0364 Boot (0x1200) (fa91ea5d4340c49075df74a279db0650) \Device\Harddisk0\DR0\Partition0
14:30:02.0640 0364 \Device\Harddisk0\DR0\Partition0 - ok
14:30:02.0656 0364 Boot (0x1200) (a32cddfac1fb8ab53d438744787974dd) \Device\Harddisk1\DR2\Partition0
14:30:02.0656 0364 \Device\Harddisk1\DR2\Partition0 - ok
14:30:02.0656 0364 ============================================================
14:30:02.0656 0364 Scan finished
14:30:02.0656 0364 ============================================================
14:30:02.0656 0524 Detected object count: 0
14:30:02.0656 0524 Actual detected object count: 0


----------



## Dantana21 (Nov 1, 2009)

Good news, I was able to get Combofix to run in its entirety!

Combofix results:

ComboFix 12-05-17.05 - Dan Gentner 05/17/2012 23:12:48.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.601 [GMT -4:00]
Running from: C:\Documents and Settings\Dan Gentner\Desktop\kitty.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\All Users\Application Data\agrqaaa.tmp
C:\Documents and Settings\All Users\Application Data\iqgqaaa.tmp
C:\Documents and Settings\All Users\Application Data\yuyqaaa.tmp

Infected copy of C:\WINDOWS\system32\winlogon.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\winlogon.exe

Infected copy of C:\WINDOWS\system32\svchost.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\svchost.exe

C:\WINDOWS\explorer.exe . . . is infected!!

((((((((((((((((((((((((( Files Created from 2012-04-18 to 2012-05-18 )))))))))))))))))))))))))))))))

2012-05-18 03:10:10 . 2012-05-18 03:10:10 56200 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1863A698-8CF9-45A7-B326-21808025724B}\offreg.dll
2012-05-18 03:03:23 . 2012-05-18 03:03:23 29904 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1863A698-8CF9-45A7-B326-21808025724B}\MpKsl9418e461.sys
2012-05-17 22:41:47 . 2012-05-08 16:40:12 6737808 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1863A698-8CF9-45A7-B326-21808025724B}\mpengine.dll
2012-05-17 19:40:28 . 2012-05-08 16:40:12 6737808 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-16 04:34:36 . 2012-05-16 04:34:36 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\Apple Computer
2012-05-16 04:20:50 . 2012-05-16 04:22:37 -------- d-----w- C:\Program Files\iTunes
2012-05-16 04:20:50 . 2012-05-16 04:22:37 -------- d-----w- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-05-16 04:15:25 . 2012-05-16 04:15:25 -------- d-----w- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
2012-05-14 02:51:49 . 2012-05-14 02:52:13 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-05-14 02:01:26 . 2012-05-14 02:01:26 -------- d-----w- C:\Documents and Settings\Dan Gentner\Application Data\SUPERAntiSpyware.com
2012-05-14 02:00:37 . 2012-05-14 02:00:37  -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-13 15:32:55 . 2012-05-13 15:33:37 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-05-12 18:50:32 . 2012-05-14 00:48:09 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Adobe
2012-05-11 20:33:53 . 2012-05-11 20:35:03 -------- d-----w- C:\WINDOWS\system32\NtmsData
2012-05-10 22:53:57 . 2012-05-10 22:53:57 -------- d-----w- C:\Program Files\Common Files\Java
2012-05-10 22:53:19 . 2012-05-10 22:53:19 -------- d-----w- C:\Program Files\Oracle
2012-05-10 22:53:11 . 2012-05-10 22:53:11 -------- d-----w- C:\Documents and Settings\Dan Gentner\Application Data\Oracle
2012-05-10 22:53:08 . 2012-04-04 22:47:36 143872 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2012-05-10 22:53:08 . 2012-04-04 22:47:08 772504 ----a-w- C:\WINDOWS\system32\npDeployJava1.dll
2012-05-10 22:38:31 . 2012-05-10 22:38:31 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Sun
2012-05-10 04:24:41 . 2012-05-10 04:24:41 -------- d-sh--w- C:\WINDOWS\system32\config\systemprofile\PrivacIE
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-04-04 22:47:02 . 2011-11-23 16:39:39 687504 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2012-04-04 19:56:40 . 2011-11-19 15:00:25 22344 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2012-03-21 00:44:12 . 2012-03-21 00:44:12 171064 ----a-w- C:\WINDOWS\system32\drivers\MpFilter.sys
2012-02-29 20:05:40 . 2011-12-01 19:42:59 414368 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2012-05-09 23:15:40 . 2012-05-09 23:15:40 97208 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[7] 2008-04-14 00:12:39 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ERDNT\cache\winlogon.exe
[7] 2008-04-14 00:12:39 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12:08 . F0F80EBBEA05E110DF683248BAC3DE6C . 545280 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\winlogon.exe
[7] 2004-08-04 10:00:00 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[7] 2008-04-14 00:12:36 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\svchost.exe
[7] 2008-04-14 00:12:36 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12:08 . B8E14CBCD6D12F650A2F1DADE28BD0C0 . 39936 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\svchost.exe
[7] 2004-08-04 10:00:00 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

[7] 2008-04-14 00:12:19 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ERDNT\cache\explorer.exe
[7] 2008-04-14 00:12:19 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 00:12:08 . 6383977B0D5145ABCDF4C00A4B240908 . 1058816 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\explorer.exe
[-] 2007-06-13 11:26:03 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)] . . C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23:07 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] . . C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 10:00:00 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C80 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE" [2001-10-04 07:01:00 69632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-11-07 09:20:00 122940]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 19:51:42 177440]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 13:03:38 210472]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-05-16 23:01:20 30248]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 19:56:38 462408]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2012-03-26 21:08:12 931200]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 01:28:32 59240]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-03-27 09:09:24 421736]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 00:02:18 113024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54:14 551296 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MediaChecker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MediaChecker.lnk
backup=C:\WINDOWS\pss\MediaChecker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04:34 39792 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-06-01 01:05:00 344064 ----a-w- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15:44 63360 ----a-w- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25:06 1230704 ----a-w- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-05-16 22:59:04 46632 ----a-w- C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 20:50:42 221184 ----a-w- c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 20:15:20 81920 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09:24 421736 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]
2006-12-15 15:45:42 787096 ----a-w- C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38:18 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-22 22:20:44 339968 ----a-w- C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07:54 252296 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-01 16:48:04 3905920 ----a-w- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 PzWDM;PzWDM;C:\WINDOWS\system32\drivers\PzWDM.sys [6/5/2008 9:00:45 PM 15172]
R1 MpKsl9418e461;MpKsl9418e461;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1863A698-8CF9-45A7-B326-21808025724B}\MpKsl9418e461.sys [5/17/2012 11:03:23 PM 29904]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27:02 PM 12880]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55:22 PM 67664]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38:07 PM 116608]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [11/19/2011 11:00:29 AM 654408]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [11/19/2011 11:00:25 AM 22344]
S1 hyojmkut;hyojmkut;\??\C:\WINDOWS\system32\drivers\hyojmkut.sys --> C:\WINDOWS\system32\drivers\hyojmkut.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [5/9/2012 7:15:50 PM 129976]
S3 pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\drivers\pcouffin.sys [4/16/2009 6:52:18 PM 47360]
S3 TrueSight;TrueSight;C:\WINDOWS\system32\drivers\TrueSight.sys [11/10/2011 12:45:08 PM 111872]
S3 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" --> C:\Program Files\Viewpoint\Common\ViewpointService.exe [?]

Contents of the 'Scheduled Tasks' folder

2012-05-18 C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03:40 . 2012-03-26 21:03:40]

------- Supplementary Scan -------

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 71.89.132.13 71.89.132.59
FF - ProfilePath - C:\Documents and Settings\Dan Gentner\Application Data\Mozilla\Firefox\Profiles\cobodq9j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cbssports.com/
FF - prefs.js: network.proxy.type - 0

Also, a new desktop icon was created called catchme.log. Here are the contents:

File "C:\kitty\MT_winlogon.exe.tmp" added successfully


----------



## Cookiegal (Aug 27, 2003)

Before we proceed, there are a couple of files we need to check so please do the following:

Please go to *VirusTotal* and upload the following file for scanning.

Click *Browse*
Copy and paste the contents of the following code box into the text box next to *File name:* then click *Open* 

```
C:\WINDOWS\system32\winlogon.exe
```

Click *Send File*
If confronted with two options, choose *Reanalyse file now*
Wait for the scan to finish and then copy and paste the URL from your browser address bar in your next reply please.

Please do the same for this file also:

C:\WINDOWS\system32\svchost.exe


----------



## Dantana21 (Nov 1, 2009)

Hi cookiegal, as I mentioned in an earlier post, my internet has been spotty at best. Most of the time it doesnt work, even though the wireless is connected, signal strength is normal and transfer rate is excellent. I am posting this from a laptop using the same wireless connection with no problems at all. 

The internet on the infected computer worked this morning and I was able to visit this site. However, when I opened virustotal, the site was down for maintenance (hows that for timing?). Now, the infected computer isnt connecting so I cant access virustotal even if it is back up. 

I will keep trying the internet periodically and hopefully will get lucky long enough to bring up virustotal.


----------



## Cookiegal (Aug 27, 2003)

OK. We'll just go ahead and replace those patched files with clean copies.

Open Notepad and copy and paste the text in the code box below into it:


```
FCopy::
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe | C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\ServicePackFiles\i386\svchost.exe | C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ServicePackFiles\i386\explorer.exe | C:\WINDOWS\explorer.exe

Driver::
hyojmkut
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*


----------



## Dantana21 (Nov 1, 2009)

Well I was able to perform the above task of running combofix again, but when the computer rebooted itself, I received a message stating that windows explorer had encountered an error and needed to be closed. Upon clicking send/dont send error report, the screen stops when my background wallpaper is loaded....no icons, taskbar, etc. Tried restarting in safe mode and got the same message. 

So now that I cant access anything on the computer whatsoever, where do we go from here?


----------



## Cookiegal (Aug 27, 2003)

Reboot and call up the Task Manager (Ctrl-Alt-Del) and click on "File" then from the drop down menu select "New Task (Run...) then type in explorer.exe and click OK. This should start Windows explorer and give you back the desktop.


----------



## Dantana21 (Nov 1, 2009)

Ok, I did what you said and tried opening up explorer.exe three times in normal mode and once in safe mode through the task manager and each time I get the same message saying Windows Explorer has encountered a problem.


----------



## Cookiegal (Aug 27, 2003)

Do you still get a Start Menu? Are you able to retrieve the last ComboFix log?


----------



## Cookiegal (Aug 27, 2003)

OK then, we are going to use the Recovery Console to replace the explorer.exe file as it seems ComboFix may be having trouble doing it.

Please print these instructions as you will not be able to read them from the recovery console.

Now, restart your computer and select the Recovery Console from the options menu. If prompted to enter the administrator password so please do so. If there isn't one just hit Enter.

You should be presented with a command prompt that looks like this:

C:\Windows>

If it doesn't look like that, please do not proceed any further and report back to me what the command prompt is showing. You can type "exit" without the quotes to exit the recovery console and boot back to windows.

If you have the proper command prompt showing then please type the following command and then press Enter. You must be careful to type it exactly as shown, including the spaces.

*copy C:\WINDOWS\ServicePackFiles\i386\explorer.exe C:\WINDOWS\explorer.exe*

Reboot to Windows normally. Let me know how it goes please.


----------



## Dantana21 (Nov 1, 2009)

This is probably a dumb question but how do I access the recovery console? F8 OR F12? Or do I need a CD?

The only way I know how to access it is through safe mode.


----------



## Cookiegal (Aug 27, 2003)

Did you not install it using ComboFix as per the instructions in my post (no. 15)? It should be a boot option when you boot the machine where you have to either select the Recovery Console or Windows.


----------



## Dantana21 (Nov 1, 2009)

I clicked on yes/ok when Combofix asked to install the recovery console but apparently it didnt work. Upon turning the power on the computer starts up like it always has. No options for recovery console or windows.

Edit: Ok I tapped F8 to bring up that screen and then clicked on 'start windows normally' and got another message asking to select which operating system to start: Recovery Console, do not select this (debugger enabled) or XP Professional. Is this what you are talking about?


----------



## Cookiegal (Aug 27, 2003)

Yes, that's it. It flashes for only a second or two so you have to be quick to select it or the system defaults to Windows.


----------



## Dantana21 (Nov 1, 2009)

I made it to the command prompt through the recovery console. Below is the message/option I get:

1: C:\WINDOWS

Which Windows installation would you like to log onto (To cancel, press ENTER)?

It will only allow me to press one letter or number. Not sure what to do from here so I will wait until I receive further instructions from you.


----------



## Cookiegal (Aug 27, 2003)

You enter 1 there.


----------



## Dantana21 (Nov 1, 2009)

Hi cookiegal, I finally got through that and the desktop has returned. I will sit back and wait for further instructions.


----------



## Cookiegal (Aug 27, 2003)

Please run a new scan with ComboFix and post the log.


----------



## Dantana21 (Nov 1, 2009)

I hope this is what you are looking for. It took me three attempts with combofix before I could get it to complete. Still having the same issues with the internet as well.

ComboFix 12-05-17.05 - Dan Gentner 05/21/2012 13:10:22.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.610 [GMT -4:00]
Running from: C:\Documents and Settings\Dan Gentner\Desktop\kitty.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

---- Previous Run -------

C:\WINDOWS\OLD103.tmp
C:\WINDOWS\OLD10F.tmp
C:\WINDOWS\OLD11D.tmp
C:\WINDOWS\OLD127.tmp
C:\WINDOWS\OLD133.tmp
C:\WINDOWS\OLD13F.tmp
C:\WINDOWS\OLD14E.tmp
C:\WINDOWS\OLD159.tmp
C:\WINDOWS\OLD163.tmp
C:\WINDOWS\OLD16F.tmp
C:\WINDOWS\OLD17B.tmp
C:\WINDOWS\OLD187.tmp
C:\WINDOWS\OLD193.tmp
C:\WINDOWS\OLD19F.tmp
C:\WINDOWS\OLD1AB.tmp
C:\WINDOWS\OLD1B7.tmp
C:\WINDOWS\OLD1C3.tmp
C:\WINDOWS\OLD1CF.tmp
C:\WINDOWS\OLD1DB.tmp
C:\WINDOWS\OLD1E7.tmp
C:\WINDOWS\OLD1F.tmp
C:\WINDOWS\OLD1F3.tmp
C:\WINDOWS\OLD1FF.tmp
C:\WINDOWS\OLD20B.tmp
C:\WINDOWS\OLD217.tmp
C:\WINDOWS\OLD225.tmp
C:\WINDOWS\OLD22F.tmp
C:\WINDOWS\OLD23B.tmp
C:\WINDOWS\OLD247.tmp
C:\WINDOWS\OLD253.tmp
C:\WINDOWS\OLD25F.tmp
C:\WINDOWS\OLD26B.tmp
C:\WINDOWS\OLD279.tmp
C:\WINDOWS\OLD287.tmp
C:\WINDOWS\OLD293.tmp
C:\WINDOWS\OLD29F.tmp
C:\WINDOWS\OLD2AB.tmp
C:\WINDOWS\OLD2B.tmp
C:\WINDOWS\OLD2B7.tmp
C:\WINDOWS\OLD2C3.tmp
C:\WINDOWS\OLD2CF.tmp
C:\WINDOWS\OLD2DB.tmp
C:\WINDOWS\OLD2E7.tmp
C:\WINDOWS\OLD37.tmp
C:\WINDOWS\OLD45.tmp
C:\WINDOWS\OLD4F.tmp
C:\WINDOWS\OLD5B.tmp
C:\WINDOWS\OLD6B.tmp
C:\WINDOWS\OLD73.tmp
C:\WINDOWS\OLD7F.tmp
C:\WINDOWS\OLD8B.tmp
C:\WINDOWS\OLD97.tmp
C:\WINDOWS\OLDA3.tmp
C:\WINDOWS\OLDB1.tmp
C:\WINDOWS\OLDBB.tmp
C:\WINDOWS\OLDC7.tmp
C:\WINDOWS\OLDD3.tmp
C:\WINDOWS\OLDDF.tmp
C:\WINDOWS\OLDEF.tmp
C:\WINDOWS\OLDF7.tmp
C:\WINDOWS\system32\OLD101.tmp
C:\WINDOWS\system32\OLD10B.tmp
C:\WINDOWS\system32\OLD10D.tmp
C:\WINDOWS\system32\OLD117.tmp
C:\WINDOWS\system32\OLD11A.tmp
C:\WINDOWS\system32\OLD123.tmp
C:\WINDOWS\system32\OLD125.tmp
C:\WINDOWS\system32\OLD12F.tmp
C:\WINDOWS\system32\OLD131.tmp
C:\WINDOWS\system32\OLD13B.tmp
C:\WINDOWS\system32\OLD13D.tmp
C:\WINDOWS\system32\OLD147.tmp
C:\WINDOWS\system32\OLD149.tmp
C:\WINDOWS\system32\OLD153.tmp
C:\WINDOWS\system32\OLD155.tmp
C:\WINDOWS\system32\OLD15F.tmp
C:\WINDOWS\system32\OLD161.tmp
C:\WINDOWS\system32\OLD16B.tmp
C:\WINDOWS\system32\OLD16D.tmp
C:\WINDOWS\system32\OLD177.tmp
C:\WINDOWS\system32\OLD179.tmp
C:\WINDOWS\system32\OLD183.tmp
C:\WINDOWS\system32\OLD185.tmp
C:\WINDOWS\system32\OLD18F.tmp
C:\WINDOWS\system32\OLD19.tmp
C:\WINDOWS\system32\OLD191.tmp
C:\WINDOWS\system32\OLD19B.tmp
C:\WINDOWS\system32\OLD19D.tmp
C:\WINDOWS\system32\OLD1A7.tmp
C:\WINDOWS\system32\OLD1A9.tmp
C:\WINDOWS\system32\OLD1B3.tmp
C:\WINDOWS\system32\OLD1B5.tmp
C:\WINDOWS\system32\OLD1BF.tmp
C:\WINDOWS\system32\OLD1C.tmp
C:\WINDOWS\system32\OLD1C1.tmp
C:\WINDOWS\system32\OLD1CB.tmp
C:\WINDOWS\system32\OLD1CD.tmp
C:\WINDOWS\system32\OLD1D7.tmp
C:\WINDOWS\system32\OLD1D9.tmp
C:\WINDOWS\system32\OLD1E3.tmp
C:\WINDOWS\system32\OLD1E5.tmp
C:\WINDOWS\system32\OLD1EF.tmp
C:\WINDOWS\system32\OLD1F1.tmp
C:\WINDOWS\system32\OLD1FB.tmp
C:\WINDOWS\system32\OLD1FD.tmp
C:\WINDOWS\system32\OLD207.tmp
C:\WINDOWS\system32\OLD209.tmp
C:\WINDOWS\system32\OLD213.tmp
C:\WINDOWS\system32\OLD215.tmp
C:\WINDOWS\system32\OLD21F.tmp
C:\WINDOWS\system32\OLD222.tmp
C:\WINDOWS\system32\OLD22B.tmp
C:\WINDOWS\system32\OLD22D.tmp
C:\WINDOWS\system32\OLD237.tmp
C:\WINDOWS\system32\OLD239.tmp
C:\WINDOWS\system32\OLD243.tmp
C:\WINDOWS\system32\OLD245.tmp
C:\WINDOWS\system32\OLD24F.tmp
C:\WINDOWS\system32\OLD251.tmp
C:\WINDOWS\system32\OLD25B.tmp
C:\WINDOWS\system32\OLD25D.tmp
C:\WINDOWS\system32\OLD267.tmp
C:\WINDOWS\system32\OLD269.tmp
C:\WINDOWS\system32\OLD27.tmp
C:\WINDOWS\system32\OLD273.tmp
C:\WINDOWS\system32\OLD275.tmp
C:\WINDOWS\system32\OLD27F.tmp
C:\WINDOWS\system32\OLD281.tmp
C:\WINDOWS\system32\OLD28A.tmp
C:\WINDOWS\system32\OLD28D.tmp
C:\WINDOWS\system32\OLD29.tmp
C:\WINDOWS\system32\OLD295.tmp
C:\WINDOWS\system32\OLD297.tmp
C:\WINDOWS\system32\OLD2A1.tmp
C:\WINDOWS\system32\OLD2A3.tmp
C:\WINDOWS\system32\OLD2AD.tmp
C:\WINDOWS\system32\OLD2AF.tmp
C:\WINDOWS\system32\OLD2B9.tmp
C:\WINDOWS\system32\OLD2BE.tmp
C:\WINDOWS\system32\OLD2C5.tmp
C:\WINDOWS\system32\OLD2C7.tmp
C:\WINDOWS\system32\OLD2D1.tmp
C:\WINDOWS\system32\OLD2D3.tmp
C:\WINDOWS\system32\OLD2DD.tmp
C:\WINDOWS\system32\OLD2DF.tmp
C:\WINDOWS\system32\OLD2E9.tmp
C:\WINDOWS\system32\OLD2EB.tmp
C:\WINDOWS\system32\OLD33.tmp
C:\WINDOWS\system32\OLD35.tmp
C:\WINDOWS\system32\OLD3F.tmp
C:\WINDOWS\system32\OLD43.tmp
C:\WINDOWS\system32\OLD4B.tmp
C:\WINDOWS\system32\OLD4D.tmp
C:\WINDOWS\system32\OLD57.tmp
C:\WINDOWS\system32\OLD59.tmp
C:\WINDOWS\system32\OLD63.tmp
C:\WINDOWS\system32\OLD66.tmp
C:\WINDOWS\system32\OLD6F.tmp
C:\WINDOWS\system32\OLD71.tmp
C:\WINDOWS\system32\OLD7B.tmp
C:\WINDOWS\system32\OLD7D.tmp
C:\WINDOWS\system32\OLD87.tmp
C:\WINDOWS\system32\OLD89.tmp
C:\WINDOWS\system32\OLD93.tmp
C:\WINDOWS\system32\OLD95.tmp
C:\WINDOWS\system32\OLD9F.tmp
C:\WINDOWS\system32\OLDA1.tmp
C:\WINDOWS\system32\OLDAB.tmp
C:\WINDOWS\system32\OLDAE.tmp
C:\WINDOWS\system32\OLDB7.tmp
C:\WINDOWS\system32\OLDB9.tmp
C:\WINDOWS\system32\OLDC3.tmp
C:\WINDOWS\system32\OLDC5.tmp
C:\WINDOWS\system32\OLDCF.tmp
C:\WINDOWS\system32\OLDD1.tmp
C:\WINDOWS\system32\OLDDB.tmp
C:\WINDOWS\system32\OLDDD.tmp
C:\WINDOWS\system32\OLDE7.tmp
C:\WINDOWS\system32\OLDE9.tmp
C:\WINDOWS\system32\OLDF3.tmp
C:\WINDOWS\system32\OLDF5.tmp
C:\WINDOWS\system32\OLDFF.tmp
C:\WINDOWS\TEMP\win17.tmp

-- Previous Run --

Infected copy of C:\WINDOWS\system32\winlogon.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\winlogon.exe

Infected copy of C:\WINDOWS\system32\winlogon.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\winlogon.exe

Infected copy of C:\WINDOWS\system32\svchost.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\svchost.exe

Infected copy of C:\WINDOWS\system32\winlogon.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\winlogon.exe

Infected copy of C:\WINDOWS\system32\svchost.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\svchost.exe

C:\WINDOWS\explorer.exe . . . is infected!!

-- Previous Run --

Infected copy of C:\WINDOWS\system32\winlogon.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\winlogon.exe

Infected copy of C:\WINDOWS\system32\winlogon.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\winlogon.exe

Infected copy of C:\WINDOWS\system32\svchost.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\svchost.exe

Infected copy of C:\WINDOWS\system32\winlogon.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\winlogon.exe

Infected copy of C:\WINDOWS\system32\svchost.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\svchost.exe

C:\WINDOWS\explorer.exe . . . is infected!!

--------

Infected copy of C:\WINDOWS\system32\winlogon.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\winlogon.exe

-- Previous Run --

Infected copy of C:\WINDOWS\system32\winlogon.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\winlogon.exe

Infected copy of C:\WINDOWS\system32\winlogon.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\winlogon.exe

Infected copy of C:\WINDOWS\system32\svchost.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\svchost.exe

Infected copy of C:\WINDOWS\system32\winlogon.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\winlogon.exe

Infected copy of C:\WINDOWS\system32\svchost.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\svchost.exe

C:\WINDOWS\explorer.exe . . . is infected!!

--------

Infected copy of C:\WINDOWS\system32\winlogon.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\winlogon.exe

Infected copy of C:\WINDOWS\system32\svchost.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\svchost.exe

-- Previous Run --

Infected copy of C:\WINDOWS\system32\winlogon.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\winlogon.exe

Infected copy of C:\WINDOWS\system32\winlogon.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\winlogon.exe

Infected copy of C:\WINDOWS\system32\svchost.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\svchost.exe

Infected copy of C:\WINDOWS\system32\winlogon.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\winlogon.exe

Infected copy of C:\WINDOWS\system32\svchost.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\svchost.exe

C:\WINDOWS\explorer.exe . . . is infected!!

--------

Infected copy of C:\WINDOWS\system32\winlogon.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\winlogon.exe

Infected copy of C:\WINDOWS\system32\svchost.exe was found and disinfected 
Restored copy from - C:\WINDOWS\ERDNT\cache\svchost.exe

C:\WINDOWS\explorer.exe . . . is infected!!

--------

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hyojmkut

((((((((((((((((((((((((( Files Created from 2012-04-21 to 2012-05-21 )))))))))))))))))))))))))))))))

2012-05-21 17:06:22 . 2012-05-21 17:06:22 56200 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{591C70E0-47E3-41E4-8049-30250B1974E9}\offreg.dll
2012-05-21 17:06:01 . 2012-05-21 17:06:01 29904 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{591C70E0-47E3-41E4-8049-30250B1974E9}\MpKsl2a42088a.sys
2012-05-21 16:58:54 . 2012-05-08 16:40:12 6737808 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{591C70E0-47E3-41E4-8049-30250B1974E9}\mpengine.dll
2012-05-17 19:40:28 . 2012-05-08 16:40:12 6737808 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-16 04:34:36 . 2012-05-16 04:34:36 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\Apple Computer
2012-05-16 04:20:50 . 2012-05-16 04:22:37 -------- d-----w- C:\Program Files\iTunes
2012-05-16 04:20:50 . 2012-05-16 04:22:37 -------- d-----w- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-05-16 04:15:25 . 2012-05-16 04:15:25 -------- d-----w- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
2012-05-14 02:51:49 . 2012-05-14 02:52:13 --------  d-----w- C:\Program Files\SUPERAntiSpyware
2012-05-14 02:01:26 . 2012-05-14 02:01:26 -------- d-----w- C:\Documents and Settings\Dan Gentner\Application Data\SUPERAntiSpyware.com
2012-05-14 02:00:37 . 2012-05-14 02:00:37 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-13 15:32:55 . 2012-05-13 15:33:37 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-05-12 18:50:32 . 2012-05-14 00:48:09 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Adobe
2012-05-11 20:33:53 . 2012-05-11 20:35:03 -------- d-----w- C:\WINDOWS\system32\NtmsData
2012-05-10 22:53:57 . 2012-05-10 22:53:57 -------- d-----w- C:\Program Files\Common Files\Java
2012-05-10 22:53:19 . 2012-05-10 22:53:19 -------- d-----w- C:\Program Files\Oracle
2012-05-10 22:53:11 . 2012-05-10 22:53:11 -------- d-----w- C:\Documents and Settings\Dan Gentner\Application Data\Oracle
2012-05-10 22:53:08 . 2012-04-04 22:47:36 143872 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2012-05-10 22:53:08 . 2012-04-04 22:47:08 772504 ----a-w- C:\WINDOWS\system32\npDeployJava1.dll
2012-05-10 22:38:31 . 2012-05-10 22:38:31 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Sun
2012-05-10 04:24:41 . 2012-05-10 04:24:41 -------- d-sh--w- C:\WINDOWS\system32\config\systemprofile\PrivacIE
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-04-04 22:47:02 . 2011-11-23 16:39:39 687504 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2012-04-04 19:56:40 . 2011-11-19 15:00:25 22344 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2012-03-21 00:44:12 . 2012-03-21 00:44:12 171064 ----a-w- C:\WINDOWS\system32\drivers\MpFilter.sys
2012-02-29 20:05:40 . 2011-12-01 19:42:59 414368 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2012-05-09 23:15:40 . 2012-05-09 23:15:40 97208 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


----------



## Cookiegal (Aug 27, 2003)

That wasn't the complete log but for now, it doesn't matter. Please do the following:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
explorer.*
winlogon.*
svchost.*
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## Dantana21 (Nov 1, 2009)

SystemLook 30.07.11 by jpshortstuff
Log created at 19:00 on 21/05/2012 by Dan Gentner
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.*"
C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir --a---- 1058816 bytes [10:00 04/08/2004] [00:12 14/04/2008] 6383977B0D5145ABCDF4C00A4B240908
C:\WINDOWS\explorer.exe --a---- 1033728 bytes [15:35 04/09/2008] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923
C:\WINDOWS\explorer.scf --a---- 80 bytes [10:00 04/08/2004] [10:00 04/08/2004] A3975A7D2C98B30A2AE010754FFB9392
C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe --a---- 1033216 bytes [11:26 13/06/2007] [11:26 13/06/2007] 7712DF0CDDE3A5AC89843E61CD5B3658
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe -----c- 1033216 bytes [23:03 14/09/2008] [10:23 13/06/2007] 97BD6515465659FF8F3B7BE375B2EA87
C:\WINDOWS\$NtUninstallKB938828$\explorer.exe -----c- 1032192 bytes [04:15 07/06/2008] [10:00 04/08/2004] A0732187050030AE399B241436565E64
C:\WINDOWS\ERDNT\cache\explorer.exe --a---- 1033728 bytes [21:07 19/11/2009] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf --a---- 67512 bytes [03:32 18/05/2012] [12:40 19/05/2012] F4E7FB82C9869F39444049CFD74E81B6
C:\WINDOWS\ServicePackFiles\i386\explorer.exe ------- 1033728 bytes [15:35 04/09/2008] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923

Searching for "winlogon.*"
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe --a---- 199240 bytes [20:30 21/02/2012] [19:56 04/04/2012] 097D0E812D7A9A3101CE46CB2BE0474D
C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir --a---- 545280 bytes [10:00 04/08/2004] [00:12 14/04/2008] F0F80EBBEA05E110DF683248BAC3DE6C
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe -----c- 502272 bytes [23:02 14/09/2008] [10:00 04/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\ERDNT\cache\winlogon.exe --a---- 507904 bytes [21:07 19/11/2009] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe -----c- 507904 bytes [15:37 04/09/2008] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\system32\winlogon.exe --a---- 507904 bytes [10:00 04/08/2004] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E

Searching for "svchost.*"
C:\kitty\svchost.dat --a---- 555 bytes [00:00 31/08/2000] [00:00 31/08/2000] 75FCC9D372E19562BA0F254042739920
C:\kitty\svchost.vista.x64.dat --a---- 749 bytes [05:12 27/11/2010] [05:12 27/11/2010] 14CAA9E2E82256EC016BE799DE6498DB
C:\Program Files\AIM6\svchost.bin --a--c- 6944 bytes [19:21 31/10/2008] [19:21 31/10/2008] D6CB81C03BBA98DFAB3F8E18FB177D11
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe --a---- 199240 bytes [20:30 21/02/2012] [19:56 04/04/2012] 097D0E812D7A9A3101CE46CB2BE0474D
C:\Qoobox\Quarantine\C\WINDOWS\system32\svchost.exe.vir --a---- 39936 bytes [10:00 04/08/2004] [00:12 14/04/2008] B8E14CBCD6D12F650A2F1DADE28BD0C0
C:\WINDOWS\$NtServicePackUninstall$\svchost.exe -----c- 14336 bytes [23:02 14/09/2008] [10:00 04/08/2004] 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\ERDNT\cache\svchost.exe --a---- 14336 bytes [21:07 19/11/2009] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf --a---- 19038 bytes [14:49 17/05/2012] [22:59 21/05/2012] 8478A7DB37E2942B5CFA71AEE643DB68
C:\WINDOWS\ServicePackFiles\i386\svchost.exe -----c- 14336 bytes [15:37 04/09/2008] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\system32\svchost.exe --a---- 14336 bytes [10:00 04/08/2004] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

That's good. All of those files have now been replaced with clean copies.

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, Drivers32, NetSvcs, SafeBoot Minimal and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## Dantana21 (Nov 1, 2009)

The OTS scan ran without any issues. Log file is attached below.


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.


```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.]
[Files - No Company Name]
NY ->  t05kv0komxexml6l86yyf04 -> C:\Documents and Settings\Dan Gentner\Local Settings\Application Data\t05kv0komxexml6l86yyf04
NY ->  t05kv0komxexml6l86yyf04 -> C:\Documents and Settings\All Users\Application Data\t05kv0komxexml6l86yyf04
NY ->  qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5 -> C:\Documents and Settings\Dan Gentner\Local Settings\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
NY ->  qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5 -> C:\Documents and Settings\All Users\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]
```


----------



## Dantana21 (Nov 1, 2009)

Hi cookiegal, I'm having issues upon start up again. This time, once I type in my user password, the computer gets hung up at the screen saying "loading your personal settings...". I've rebooted three times and each times it hangs up at this spot. 

It does, however, load properly in safe mode. Can I run the OTS fix in safe mode?


----------



## Cookiegal (Aug 27, 2003)

Yes, you can run it in safe mode.


----------



## Dantana21 (Nov 1, 2009)

The computer eventually loaded after about 10 minutes so I was able to perform the scan in normal mode.

All Processes Killed
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
[Files - No Company Name]
C:\Documents and Settings\Dan Gentner\Local Settings\Application Data\t05kv0komxexml6l86yyf04 moved successfully.
C:\Documents and Settings\All Users\Application Data\t05kv0komxexml6l86yyf04 moved successfully.
C:\Documents and Settings\Dan Gentner\Local Settings\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5 moved successfully.
C:\Documents and Settings\All Users\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5 moved successfully.
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Dan Gentner
->Temp folder emptied: 53328 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5854524 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 25724 bytes
->Temporary Internet Files folder emptied: 14840836 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 550477 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 20.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Dan Gentner
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Dan Gentner
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 05222012_131446

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log moved successfully.
File\Folder C:\WINDOWS\temp\TMP0000000143E3A06AB77B8800 not found!

Registry entries deleted on Reboot...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:19:05 PM, on 5/22/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O6 "USB001" /M "Stylus C80"
O4 - HKUS\S-1-5-21-73586283-616249376-682003330-1003\..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O6 "USB001" /M "Stylus C80" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 6560 bytes


----------



## Cookiegal (Aug 27, 2003)

Please run the following on-line scanner. Note that you must use Internet Explorer to perform the scan.

Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\EsetOnlineScanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## Dantana21 (Nov 1, 2009)

I had to run the ESET scan three times as the first time I got an 'unexpected error 2002' message and the second got a 'can not get update. Is proxy configured' message. Both came during step 2 in the phase. The third time it appeared to finish.

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=36882
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=425727e6f26e5c4aabde5defdac033a2
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-22 06:30:38
# local_time=2012-05-22 02:30:38 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=0
# found=0
# cleaned=0
# scan_time=0


----------



## Cookiegal (Aug 27, 2003)

How are things with the system now?


----------



## Dantana21 (Nov 1, 2009)

It appears to be back to normal. MSEssentials isnt finding any more of the trojan sirefef threats and the internet is back up and running. The only issue I have is windows security center is saying that my virus protection is 'not found' even though I have MSEssentials?


----------



## Cookiegal (Aug 27, 2003)

I would uninstall and reinstall MSE. See if that corrects the problem.


----------



## Dantana21 (Nov 1, 2009)

Hi cookiegal, I will try that as soon as I can get my internet to work for more than a few minutes at a time. It works long enough to do a few things then spends the rest of the time 'connecting' or 'looking' for the page before I get either the server not found page or connection has timed out page. The actual connection/signal strength to the wireless adapter is fine and running at normal connectivity. I am writing this from a laptop using the same signal and having no issues whatsoever. I tried to repair the connection, unplugging the USB and re-entering the wireless key password to no avail. 

Do you have any suggestions?


----------



## Cookiegal (Aug 27, 2003)

Let's try this please. Hopefully, you will be able to download the database but if not try running it anyway as it might give us some insight.

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool (Vista/Windows 7 users - right click to run as administrator) and allow it to download the Avast database.

Click *Scan*.

Upon completion of the scan, click *Save log* then save it to your desktop and post that log in your next reply for review. 
*Note - do NOT attempt any Fix yet. *


----------



## Dantana21 (Nov 1, 2009)

The internet worked long enough for me to download aswMBR and also MSE. However, when I went to type up this post and hit reply, it had gone back out so I am back on the laptop again. Do you want me to proceed with the MSE install?

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-23 17:58:50
-----------------------------
17:58:50.859 OS Version: Windows 5.1.2600 Service Pack 3
17:58:50.859 Number of processors: 2 586 0x407
17:58:50.859 ComputerName: DAN UserName: 
17:58:51.781 Initialize success
18:05:38.203 AVAST engine defs: 12052301
18:19:27.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:19:27.328 Disk 0 Vendor: WDC_WD80 10.0 Size: 76293MB BusType: 3
18:19:27.328 Disk 0 MBR read successfully
18:19:27.328 Disk 0 MBR scan
18:19:27.453 Disk 0 Windows XP default MBR code
18:19:27.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
18:19:27.453 Disk 0 scanning sectors +156232125
18:19:27.562 Disk 0 scanning C:\WINDOWS\system32\drivers
18:19:51.171 Service scanning
18:20:23.171 Modules scanning
18:20:48.171 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
18:20:50.375 Disk 0 trace - called modules:
18:20:50.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
18:20:50.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8664cab8]
18:20:50.453 3 CLASSPNP.SYS[f74f2fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86f82030]
18:20:54.484 AVAST engine scan C:\WINDOWS
18:21:34.500 AVAST engine scan C:\WINDOWS\system32
18:26:47.281 AVAST engine scan C:\WINDOWS\system32\drivers
18:27:14.625 AVAST engine scan C:\Documents and Settings\Dan Gentner
18:36:55.937 AVAST engine scan C:\Documents and Settings\All Users
18:43:52.484 Scan finished successfully
18:44:43.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dan Gentner\Desktop\MBR.dat"
18:44:43.187 The log file has been saved successfully to "C:\Documents and Settings\Dan Gentner\Desktop\aswMBR.txt"


----------



## Dantana21 (Nov 1, 2009)

Hi cookiegal, I just wanted to give you a heads up that I will be out of town tonight until Tuesday for the Holiday weekend. I will check back here as soon as I get home and perform any needed actions.


Thanks again for all your help and have a great weekend!


----------



## Cookiegal (Aug 27, 2003)

Sorry I didn't get back to you sooner. Yes please install MSE.

Then do the following when you return please.

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## Dantana21 (Nov 1, 2009)

Hi cookiegal, I was able to complete the tasks before I head out. I installed MSE and still no change in the security center, it says my virus protection is not found.

Event Type: Error
Event Source: Microsoft Security Client
Event Category: None
Event ID: 5000
Date: 5/24/2012
Time: 7:39:54 PM
User: N/A
Computer: DAN
Description:
The description for Event ID ( 5000 ) in Source ( Microsoft Security Client ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: mssecurityclient, setup.exe, 4.0.1526.0, 0x8007007e, morrobootstraper__cinstallflow__internalrun - getenablefirewallaction, morrobootstraper__cflow__processflowactionresult, 0, security essentials, NIL, NIL, NIL.
Data:
0000: 6d 00 73 00 73 00 65 00 m.s.s.e.
0008: 63 00 75 00 72 00 69 00 c.u.r.i.
0010: 74 00 79 00 63 00 6c 00 t.y.c.l.
0018: 69 00 65 00 6e 00 74 00 i.e.n.t.
0020: 2c 00 20 00 73 00 65 00 ,. .s.e.
0028: 74 00 75 00 70 00 2e 00 t.u.p...
0030: 65 00 78 00 65 00 2c 00 e.x.e.,.
0038: 20 00 34 00 2e 00 30 00 .4...0.
0040: 2e 00 31 00 35 00 32 00 ..1.5.2.
0048: 36 00 2e 00 30 00 2c 00 6...0.,.
0050: 20 00 30 00 78 00 38 00 .0.x.8.
0058: 30 00 30 00 37 00 30 00 0.0.7.0.
0060: 30 00 37 00 65 00 2c 00 0.7.e.,.
0068: 20 00 6d 00 6f 00 72 00 .m.o.r.
0070: 72 00 6f 00 62 00 6f 00 r.o.b.o.
0078: 6f 00 74 00 73 00 74 00 o.t.s.t.
0080: 72 00 61 00 70 00 65 00 r.a.p.e.
0088: 72 00 5f 00 5f 00 63 00 r._._.c.
0090: 69 00 6e 00 73 00 74 00 i.n.s.t.
0098: 61 00 6c 00 6c 00 66 00 a.l.l.f.
00a0: 6c 00 6f 00 77 00 5f 00 l.o.w._.
00a8: 5f 00 69 00 6e 00 74 00 _.i.n.t.
00b0: 65 00 72 00 6e 00 61 00 e.r.n.a.
00b8: 6c 00 72 00 75 00 6e 00 l.r.u.n.
00c0: 20 00 2d 00 20 00 67 00 .-. .g.
00c8: 65 00 74 00 65 00 6e 00 e.t.e.n.
00d0: 61 00 62 00 6c 00 65 00 a.b.l.e.
00d8: 66 00 69 00 72 00 65 00 f.i.r.e.
00e0: 77 00 61 00 6c 00 6c 00 w.a.l.l.
00e8: 61 00 63 00 74 00 69 00 a.c.t.i.
00f0: 6f 00 6e 00 2c 00 20 00 o.n.,. .
00f8: 6d 00 6f 00 72 00 72 00 m.o.r.r.
0100: 6f 00 62 00 6f 00 6f 00 o.b.o.o.
0108: 74 00 73 00 74 00 72 00 t.s.t.r.
0110: 61 00 70 00 65 00 72 00 a.p.e.r.
0118: 5f 00 5f 00 63 00 66 00 _._.c.f.
0120: 6c 00 6f 00 77 00 5f 00 l.o.w._.
0128: 5f 00 70 00 72 00 6f 00 _.p.r.o.
0130: 63 00 65 00 73 00 73 00 c.e.s.s.
0138: 66 00 6c 00 6f 00 77 00 f.l.o.w.
0140: 61 00 63 00 74 00 69 00 a.c.t.i.
0148: 6f 00 6e 00 72 00 65 00 o.n.r.e.
0150: 73 00 75 00 6c 00 74 00 s.u.l.t.
0158: 2c 00 20 00 30 00 2c 00 ,. .0.,.
0160: 20 00 73 00 65 00 63 00 .s.e.c.
0168: 75 00 72 00 69 00 74 00 u.r.i.t.
0170: 79 00 20 00 65 00 73 00 y. .e.s.
0178: 73 00 65 00 6e 00 74 00 s.e.n.t.
0180: 69 00 61 00 6c 00 73 00 i.a.l.s.
0188: 2c 00 20 00 4e 00 49 00 ,. .N.I.
0190: 4c 00 2c 00 20 00 4e 00 L.,. .N.
0198: 49 00 4c 00 20 00 4e 00 I.L. .N.
01a0: 49 00 4c 00 0d 00 0a 00 I.L.....

Event Type: Error
Event Source: MPSampleSubmission
Event Category: None
Event ID: 5000
Date: 5/24/2012
Time: 7:39:49 PM
User: N/A
Computer: DAN
Description:
EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 70 00 74 00 65 00 m.p.t.e.
0008: 6c 00 65 00 6d 00 65 00 l.e.m.e.
0010: 74 00 72 00 79 00 2c 00 t.r.y.,.
0018: 20 00 30 00 78 00 38 00 .0.x.8.
0020: 30 00 30 00 37 00 30 00 0.0.7.0.
0028: 30 00 30 00 33 00 2c 00 0.0.3.,.
0030: 20 00 6d 00 6f 00 61 00 .m.o.a.
0038: 63 00 2c 00 20 00 63 00 c.,. .c.
0040: 61 00 63 00 68 00 65 00 a.c.h.e.
0048: 72 00 65 00 73 00 65 00 r.e.s.e.
0050: 74 00 2c 00 20 00 34 00 t.,. .4.
0058: 2e 00 30 00 2e 00 31 00 ..0...1.
0060: 35 00 32 00 36 00 2e 00 5.2.6...
0068: 30 00 2c 00 20 00 75 00 0.,. .u.
0070: 6e 00 73 00 70 00 65 00 n.s.p.e.
0078: 63 00 69 00 66 00 69 00 c.i.f.i.
0080: 65 00 64 00 2c 00 20 00 e.d.,. .
0088: 75 00 6e 00 73 00 70 00 u.n.s.p.
0090: 65 00 63 00 69 00 66 00 e.c.i.f.
0098: 69 00 65 00 64 00 2c 00 i.e.d.,.
00a0: 20 00 75 00 6e 00 73 00 .u.n.s.
00a8: 70 00 65 00 63 00 69 00 p.e.c.i.
00b0: 66 00 69 00 65 00 64 00 f.i.e.d.
00b8: 2c 00 20 00 4e 00 49 00 ,. .N.I.
00c0: 4c 00 2c 00 20 00 4e 00 L.,. .N.
00c8: 49 00 4c 00 20 00 4e 00 I.L. .N.
00d0: 49 00 4c 00 0d 00 0a 00 I.L.....

Event Type: Error
Event Source: SecurityCenter
Event Category: None
Event ID: 1802
Date: 5/24/2012
Time: 7:36:12 PM
User: N/A
Computer: DAN
Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7e 00 07 80 ~..&#128;

Event Type: Error
Event Source: WinMgmt
Event Category: None
Event ID: 28
Date: 5/24/2012
Time: 7:36:12 PM
User: N/A
Computer: DAN
Description:
WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: SecurityCenter
Event Category: None
Event ID: 1802
Date: 5/23/2012
Time: 5:53:47 PM
User: N/A
Computer: DAN
Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7e 00 07 80 ~..&#128;

Event Type: Error
Event Source: WinMgmt
Event Category: None
Event ID: 28
Date: 5/23/2012
Time: 5:53:47 PM
User: N/A
Computer: DAN
Description:
WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: SecurityCenter
Event Category: None
Event ID: 1802
Date: 5/23/2012
Time: 12:43:51 PM
User: N/A
Computer: DAN
Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7e 00 07 80 ~..&#128;

Event Type: Error
Event Source: WinMgmt
Event Category: None
Event ID: 28
Date: 5/23/2012
Time: 12:43:51 PM
User: N/A
Computer: DAN
Description:
WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: SecurityCenter
Event Category: None
Event ID: 1802
Date: 5/22/2012
Time: 11:35:41 PM
User: N/A
Computer: DAN
Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7e 00 07 80 ~..&#128;

Event Type: Error
Event Source: WinMgmt
Event Category: None
Event ID: 28
Date: 5/22/2012
Time: 11:35:41 PM
User: N/A
Computer: DAN
Description:
WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: WinMgmt
Event Category: None
Event ID: 28
Date: 5/22/2012
Time: 11:21:22 PM
User: N/A
Computer: DAN
Description:
WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 11
Date: 5/22/2012
Time: 1:41:59 PM
User: N/A
Computer: DAN
Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Right-click on My Computer and select "Properties" then click on the Advanced tab. Near the bottom, click on the button that says "Environment Variables". Under "System Variables" scroll down under the heading "Variable" to "path" and double-click on "path" and another box that says "Edit System Variable" will open up. You don't want to edit or change it but just copy and paste what is written there back in a reply here. Then click on "cancel" to back out of that box without making any changes.


----------



## Dantana21 (Nov 1, 2009)

Hi cookiegal, Im back! Here is what you have requested.

Variable name: path
Variable value: 
%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\DivX Shared;C:\Program Files\QuickTime\QTSystem


----------



## Cookiegal (Aug 27, 2003)

Do you have your XP installation CD?


----------



## Dantana21 (Nov 1, 2009)

Yes I have the installation CD.


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- *Run *and type in:

*sfc /scannow*

This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem. You may be prompted to insert the installation CD.

Let me know how that goes please.


----------



## Dantana21 (Nov 1, 2009)

I ran the scan and was asked for the CD. After inserting the disk the scan ran for about 15-20 minutes before it completed.


----------



## Cookiegal (Aug 27, 2003)

Were any files replaced?


----------



## Dantana21 (Nov 1, 2009)

I didnt receive any type of message or log file once it completed so Im not sure. It just asked for the CD in case it needed to replace any files.


----------



## Cookiegal (Aug 27, 2003)

Please check the Event Viewer again and post any new errors under both Application and System that have occurred since running the sfc /scannow command.


----------



## Dantana21 (Nov 1, 2009)

Here is the event viewer errors. Under applications, it is the same two errors (security center and winmgt) that occur each time the computer is started up. Under system, it is also the same two errors each time (ati2mtag and E100B).

Also, I checked my MSE history and noticed it found the trojan:sirefef again on 5/29. It hadnt found anything in roughly a week.

Event Type: Error
Event Source: SecurityCenter
Event Category: None
Event ID: 1802
Date: 5/30/2012
Time: 11:47:39 AM
User: N/A
Computer: DAN
Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7e 00 07 80 ~..&#128;

Event Type: Error
Event Source: WinMgmt
Event Category: None
Event ID: 28
Date: 5/30/2012
Time: 11:47:39 AM
User: N/A
Computer: DAN
Description:
WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: SecurityCenter
Event Category: None
Event ID: 1802
Date: 5/29/2012
Time: 7:05:45 PM
User: N/A
Computer: DAN
Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7e 00 07 80 ~..&#128;

Event Type: Error
Event Source: WinMgmt
Event Category: None
Event ID: 28
Date: 5/29/2012
Time: 7:05:45 PM
User: N/A
Computer: DAN
Description:
WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: SecurityCenter
Event Category: None
Event ID: 1802
Date: 5/29/2012
Time: 7:03:03 PM
User: N/A
Computer: DAN
Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7e 00 07 80 ~..&#128;

Event Type: Error
Event Source: WinMgmt
Event Category: None
Event ID: 28
Date: 5/29/2012
Time: 7:03:03 PM
User: N/A
Computer: DAN
Description:
WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: ati2mtag
Event Category: None
Event ID: 2
Date: 5/30/2012
Time: 11:47:25 AM
User: N/A
Computer: DAN
Description:
Unable to map required address ranges for graphics card.
Data:
0000: 0e 00 04 00 01 00 5e 00 ......^.
0008: 00 00 00 00 02 00 01 c1 .......Á
0010: 10 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 02 00 01 c1 ...Á

Event Type: Error
Event Source: E100B
Event Category: None
Event ID: 5003
Date: 5/30/2012
Time: 11:47:24 AM
User: N/A
Computer: DAN
Description:
Intel(R) PRO/100 VE Network Connection : Could not find an adapter.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 08 00 02 00 5c 00 ......\.
0008: 00 00 00 00 8b 13 00 c0 ....&#139;..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 10 00 00 00 00 00 00 00 ........

This last error hasnt popped up since 5/24 so it may have been fixed, but I noticed it had 13 errors on that date so I figured I would post it for you to look at.

Event Type: Error
Event Source: Microsoft Antimalware
Event Category: None
Event ID: 2001
Date: 5/24/2012
Time: 7:40:52 PM
User: N/A
Computer: DAN
Description:
Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Update Stage: Search
Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: 
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

What file is MSE flagging as sirefef?


----------



## Dantana21 (Nov 1, 2009)

MSE says it is the Trojan:Win32/Sirefef.P located in:

file:C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{998fed26-c012-69eb-09f0-a36acfb53e12}\n


----------



## Cookiegal (Aug 27, 2003)

Please run ComboFix again but first delete the copy you have by dragging it to the Recycle Bin and then grab a new one.

Please visit *Combofix Guide & Instructions * for instructions for downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.


----------



## Dantana21 (Nov 1, 2009)

ComboFix 12-05-30.04 - Dan Gentner 05/30/2012 17:09:01.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.651 [GMT -4:00]
Running from: c:\documents and settings\Dan Gentner\Desktop\puppy.exe.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\EventSystem.log
c:\windows\expl.dat
c:\windows\system32\dllc.dat
c:\windows\system32\svch.dat
c:\windows\system32\winl.dat
.
-- Previous Run --
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe 
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe 
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\svchost.exe 
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe 
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\svchost.exe 
.
c:\windows\explorer.exe . . . is infected!!
.
-- Previous Run --
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe 
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe 
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\svchost.exe 
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe 
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\svchost.exe 
.
c:\windows\explorer.exe . . . is infected!!
.
--------
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe 
.
-- Previous Run --
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe 
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe 
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\svchost.exe 
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe 
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\svchost.exe 
.
c:\windows\explorer.exe . . . is infected!!
.
--------
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe 
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\svchost.exe 
.
-- Previous Run --
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe 
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe 
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\svchost.exe 
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe 
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\svchost.exe 
.
c:\windows\explorer.exe . . . is infected!!
.
--------
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe 
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\svchost.exe 
.
c:\windows\explorer.exe . . . is infected!!
.
--------
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\atapi.sys 
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_hyojmkut
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
.
.
2012-05-29 23:19 . 2012-05-08 13:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8ACDF9F7-98C1-4FDD-BDE7-3636757FBC6B}\mpengine.dll
2012-05-28 20:55 . 2012-05-08 13:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-24 23:39 . 2012-05-24 23:39 -------- d-----w- c:\documents and settings\Dan Gentner\Local Settings\Application Data\PCHealth
2012-05-24 23:39 . 2012-05-24 23:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2012-05-24 23:39 . 2012-05-24 23:39 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-22 17:44 . 2012-05-22 17:44 -------- d-----w- c:\program files\ESET
2012-05-22 17:14 . 2012-05-22 17:14 -------- d-----w- C:\_OTS
2012-05-16 04:34 . 2012-05-16 04:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-05-16 04:20 . 2012-05-16 04:22 -------- d-----w- c:\program files\iTunes
2012-05-16 04:20 . 2012-05-16 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-05-16 04:15 . 2012-05-16 04:15 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2012-05-14 02:51 . 2012-05-14 02:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-14 02:01 . 2012-05-14 02:01 -------- d-----w- c:\documents and settings\Dan Gentner\Application Data\SUPERAntiSpyware.com
2012-05-14 02:00 . 2012-05-14 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-11 20:33 . 2012-05-11 20:35 -------- d-----w- c:\windows\system32\NtmsData
2012-05-10 22:53 . 2012-05-10 22:53 -------- d-----w- c:\program files\Common Files\Java
2012-05-10 22:53 . 2012-05-10 22:53 -------- d-----w- c:\program files\Oracle
2012-05-10 22:53 . 2012-05-10 22:53 -------- d-----w- c:\documents and settings\Dan Gentner\Application Data\Oracle
2012-05-10 22:53 . 2012-04-04 22:47 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-10 22:53 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-10 04:24 . 2012-05-10 04:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 22:47 . 2011-11-23 16:39 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2011-11-19 15:00 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 00:44 . 2012-03-21 00:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-05-09 23:15 . 2012-05-09 23:15 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_03.26.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 10:00 . 2008-04-14 00:12 14336 c:\windows\system32\svchost.exe
- 2011-11-12 22:58 . 2001-08-18 03:36 23040 c:\windows\system32\dllcache\xrxwbtmp.dll
+ 2011-11-12 22:58 . 2001-08-18 02:36 23040 c:\windows\system32\dllcache\xrxwbtmp.dll
+ 2011-11-12 22:58 . 2008-04-14 00:12 18944 c:\windows\system32\dllcache\xrxscnui.dll
- 2011-11-12 22:58 . 2008-04-14 01:12 18944 c:\windows\system32\dllcache\xrxscnui.dll
+ 2011-11-12 22:58 . 2001-08-18 02:37 27648 c:\windows\system32\dllcache\xrxftplt.exe
- 2011-11-12 22:58 . 2001-08-18 03:37 27648 c:\windows\system32\dllcache\xrxftplt.exe
+ 2011-11-12 22:57 . 2001-08-18 02:37 99865 c:\windows\system32\dllcache\xlog.exe
- 2011-11-12 22:57 . 2001-08-18 03:37 99865 c:\windows\system32\dllcache\xlog.exe
- 2011-11-12 22:57 . 2001-08-17 17:11 16970 c:\windows\system32\dllcache\xem336n5.sys
+ 2011-11-12 22:57 . 2001-08-17 16:11 16970 c:\windows\system32\dllcache\xem336n5.sys
+ 2011-11-12 22:57 . 2004-08-04 02:29 19455 c:\windows\system32\dllcache\wvchntxx.sys
- 2011-11-12 22:57 . 2004-08-04 03:29 19455 c:\windows\system32\dllcache\wvchntxx.sys
+ 2011-11-12 22:57 . 2008-04-13 18:46 19200 c:\windows\system32\dllcache\wstcodec.sys
- 2011-11-12 22:57 . 2008-04-13 19:46 19200 c:\windows\system32\dllcache\wstcodec.sys
- 2011-11-12 22:57 . 2004-08-04 03:29 12063 c:\windows\system32\dllcache\wsiintxx.sys
+ 2011-11-12 22:57 . 2004-08-04 02:29 12063 c:\windows\system32\dllcache\wsiintxx.sys
+ 2011-11-12 22:56 . 2001-08-17 16:12 34890 c:\windows\system32\dllcache\wlandrv2.sys
- 2011-11-12 22:56 . 2001-08-17 17:12 34890 c:\windows\system32\dllcache\wlandrv2.sys
+ 2011-11-12 22:56 . 2001-08-18 02:36 53760 c:\windows\system32\dllcache\wiamsmud.dll
- 2011-11-12 22:56 . 2001-08-18 03:36 53760 c:\windows\system32\dllcache\wiamsmud.dll
- 2011-11-12 22:56 . 2001-08-18 03:36 87040 c:\windows\system32\dllcache\wiafbdrv.dll
+ 2011-11-12 22:56 . 2001-08-18 02:36 87040 c:\windows\system32\dllcache\wiafbdrv.dll
- 2011-11-12 22:56 . 2004-08-04 03:29 23615 c:\windows\system32\dllcache\wch7xxnt.sys
+ 2011-11-12 22:56 . 2004-08-04 02:29 23615 c:\windows\system32\dllcache\wch7xxnt.sys
+ 2011-11-12 22:56 . 2008-04-13 18:45 31744 c:\windows\system32\dllcache\wceusbsh.sys
- 2011-11-12 22:56 . 2008-04-13 19:45 31744 c:\windows\system32\dllcache\wceusbsh.sys
+ 2011-11-12 22:56 . 2001-08-17 16:10 35871 c:\windows\system32\dllcache\wbfirdma.sys
- 2011-11-12 22:56 . 2001-08-17 17:10 35871 c:\windows\system32\dllcache\wbfirdma.sys
+ 2011-11-12 22:56 . 2004-08-04 02:29 33599 c:\windows\system32\dllcache\watv04nt.sys
- 2011-11-12 22:56 . 2004-08-04 03:29 33599 c:\windows\system32\dllcache\watv04nt.sys
- 2011-11-12 22:56 . 2004-08-04 03:29 19551 c:\windows\system32\dllcache\watv02nt.sys
+ 2011-11-12 22:56 . 2004-08-04 02:29 19551 c:\windows\system32\dllcache\watv02nt.sys
- 2011-11-12 22:56 . 2004-08-04 03:29 29311 c:\windows\system32\dllcache\watv01nt.sys
+ 2011-11-12 22:56 . 2004-08-04 02:29 29311 c:\windows\system32\dllcache\watv01nt.sys
- 2011-11-12 22:56 . 2004-08-04 03:29 11775 c:\windows\system32\dllcache\wadv05nt.sys
+ 2011-11-12 22:56 . 2004-08-04 02:29 11775 c:\windows\system32\dllcache\wadv05nt.sys
- 2011-11-12 22:56 . 2004-08-04 03:29 12127 c:\windows\system32\dllcache\wadv02nt.sys
+ 2011-11-12 22:56 . 2004-08-04 02:29 12127 c:\windows\system32\dllcache\wadv02nt.sys
- 2011-11-12 22:56 . 2004-08-04 03:29 12415 c:\windows\system32\dllcache\wadv01nt.sys
+ 2011-11-12 22:56 . 2004-08-04 02:29 12415 c:\windows\system32\dllcache\wadv01nt.sys
+ 2011-11-12 22:55 . 2001-08-17 16:13 16925 c:\windows\system32\dllcache\w940nd.sys
- 2011-11-12 22:55 . 2001-08-17 17:13 16925 c:\windows\system32\dllcache\w940nd.sys
- 2011-11-12 22:55 . 2001-08-17 17:13 19016 c:\windows\system32\dllcache\w926nd.sys
+ 2011-11-12 22:55 . 2001-08-17 16:13 19016 c:\windows\system32\dllcache\w926nd.sys
- 2011-11-12 22:55 . 2001-08-17 17:13 19528 c:\windows\system32\dllcache\w840nd.sys
+ 2011-11-12 22:55 . 2001-08-17 16:13 19528 c:\windows\system32\dllcache\w840nd.sys
- 2011-11-12 22:55 . 2001-08-17 18:28 64605 c:\windows\system32\dllcache\vvoice.sys
+ 2011-11-12 22:55 . 2001-08-17 17:28 64605 c:\windows\system32\dllcache\vvoice.sys
- 2011-11-12 22:55 . 2001-08-17 18:49 24576 c:\windows\system32\dllcache\viairda.sys
+ 2011-11-12 22:55 . 2001-08-17 17:49 24576 c:\windows\system32\dllcache\viairda.sys
- 2011-11-12 22:55 . 2008-04-14 01:12 53760 c:\windows\system32\dllcache\vfwwdm32.dll
+ 2011-11-12 22:55 . 2008-04-14 00:12 53760 c:\windows\system32\dllcache\vfwwdm32.dll
+ 2011-11-12 22:54 . 2008-04-13 18:45 26112 c:\windows\system32\dllcache\usbser.sys
- 2011-11-12 22:54 . 2008-04-13 19:45 26112 c:\windows\system32\dllcache\usbser.sys
+ 2011-11-12 22:54 . 2008-04-13 18:45 17152 c:\windows\system32\dllcache\usbohci.sys
- 2011-11-12 22:54 . 2008-04-13 19:45 17152 c:\windows\system32\dllcache\usbohci.sys
+ 2011-11-12 22:54 . 2008-04-13 18:45 60032 c:\windows\system32\dllcache\usbaudio.sys
- 2011-11-12 22:54 . 2008-04-13 19:45 60032 c:\windows\system32\dllcache\usbaudio.sys
+ 2011-11-12 22:54 . 2004-08-04 02:31 32384 c:\windows\system32\dllcache\usb101et.sys
- 2011-11-12 22:54 . 2004-08-04 03:31 32384 c:\windows\system32\dllcache\usb101et.sys
- 2011-11-12 22:54 . 2001-08-18 03:36 94720 c:\windows\system32\dllcache\umaxud32.dll
+ 2011-11-12 22:54 . 2001-08-18 02:36 94720 c:\windows\system32\dllcache\umaxud32.dll
- 2011-11-12 22:54 . 2001-08-18 03:36 28160 c:\windows\system32\dllcache\umaxu40.dll
+ 2011-11-12 22:54 . 2001-08-18 02:36 28160 c:\windows\system32\dllcache\umaxu40.dll
- 2011-11-12 22:54 . 2001-08-18 03:36 26624 c:\windows\system32\dllcache\umaxu22.dll
+ 2011-11-12 22:54 . 2001-08-18 02:36 26624 c:\windows\system32\dllcache\umaxu22.dll
+ 2011-11-12 22:54 . 2001-08-18 02:36 69632 c:\windows\system32\dllcache\umaxu12.dll
- 2011-11-12 22:54 . 2001-08-18 03:36 69632 c:\windows\system32\dllcache\umaxu12.dll
+ 2011-11-12 22:54 . 2001-08-18 02:36 50688 c:\windows\system32\dllcache\umaxscan.dll
- 2011-11-12 22:54 . 2001-08-18 03:36 50688 c:\windows\system32\dllcache\umaxscan.dll
+ 2011-11-12 22:54 . 2001-08-17 17:58 22912 c:\windows\system32\dllcache\umaxpcls.sys
- 2011-11-12 22:54 . 2001-08-17 18:58 22912 c:\windows\system32\dllcache\umaxpcls.sys
- 2011-11-12 22:54 . 2001-08-18 03:36 50176 c:\windows\system32\dllcache\umaxp60.dll
+ 2011-11-12 22:54 . 2001-08-18 02:36 50176 c:\windows\system32\dllcache\umaxp60.dll
+ 2011-11-12 22:54 . 2001-08-18 02:36 47616 c:\windows\system32\dllcache\umaxcam.dll
- 2011-11-12 22:54 . 2001-08-18 03:36 47616 c:\windows\system32\dllcache\umaxcam.dll
- 2011-11-12 22:54 . 2001-08-17 18:52 36736 c:\windows\system32\dllcache\ultra.sys
+ 2011-11-12 22:54 . 2001-08-17 17:52 36736 c:\windows\system32\dllcache\ultra.sys
+ 2011-11-12 22:53 . 2001-08-17 17:48 11520 c:\windows\system32\dllcache\twotrack.sys
- 2011-11-12 22:53 . 2001-08-17 18:48 11520 c:\windows\system32\dllcache\twotrack.sys
+ 2011-11-12 22:53 . 2001-08-17 16:12 34375 c:\windows\system32\dllcache\tpro4.sys
- 2011-11-12 22:53 . 2001-08-17 17:12 34375 c:\windows\system32\dllcache\tpro4.sys
- 2011-11-12 22:53 . 2001-08-18 03:35 42496 c:\windows\system32\dllcache\tp4res.dll
+ 2011-11-12 22:53 . 2001-08-18 02:35 42496 c:\windows\system32\dllcache\tp4res.dll
- 2011-11-12 22:53 . 2008-04-14 01:12 82944 c:\windows\system32\dllcache\tp4mon.exe
+ 2011-11-12 22:53 . 2008-04-14 00:12 82944 c:\windows\system32\dllcache\tp4mon.exe
- 2011-11-12 22:53 . 2001-08-18 03:36 31744 c:\windows\system32\dllcache\tp4.dll
+ 2011-11-12 22:53 . 2001-08-18 02:36 31744 c:\windows\system32\dllcache\tp4.dll
- 2011-11-12 22:52 . 2001-08-17 17:10 28232 c:\windows\system32\dllcache\tos4mo.sys
+ 2011-11-12 22:52 . 2001-08-17 16:10 28232 c:\windows\system32\dllcache\tos4mo.sys
+ 2011-11-12 22:52 . 2001-08-17 18:56 81408 c:\windows\system32\dllcache\tgiul50.dll
- 2011-11-12 22:52 . 2001-08-17 19:56 81408 c:\windows\system32\dllcache\tgiul50.dll
- 2011-11-12 22:52 . 2001-08-17 17:13 17129 c:\windows\system32\dllcache\tdkcd31.sys
+ 2011-11-12 22:52 . 2001-08-17 16:13 17129 c:\windows\system32\dllcache\tdkcd31.sys
- 2011-11-12 22:52 . 2001-08-17 17:13 37961 c:\windows\system32\dllcache\tdk100b.sys
+ 2011-11-12 22:52 . 2001-08-17 16:13 37961 c:\windows\system32\dllcache\tdk100b.sys
+ 2011-11-12 22:52 . 2001-08-17 17:49 30464 c:\windows\system32\dllcache\tbatm155.sys
- 2011-11-12 22:52 . 2001-08-17 18:49 30464 c:\windows\system32\dllcache\tbatm155.sys
- 2011-11-12 22:52 . 2001-08-17 17:50 36640 c:\windows\system32\dllcache\t2r4mini.sys
+ 2011-11-12 22:52 . 2001-08-17 16:50 36640  c:\windows\system32\dllcache\t2r4mini.sys
- 2011-11-12 22:52 . 2001-08-17 19:07 32640 c:\windows\system32\dllcache\symc8xx.sys
+ 2011-11-12 22:52 . 2001-08-17 18:07 32640 c:\windows\system32\dllcache\symc8xx.sys
- 2011-11-12 22:52 . 2001-08-17 19:07 16256 c:\windows\system32\dllcache\symc810.sys
+ 2011-11-12 22:52 . 2001-08-17 18:07 16256 c:\windows\system32\dllcache\symc810.sys
+ 2011-11-12 22:52 . 2001-08-17 18:07 30688 c:\windows\system32\dllcache\sym_u3.sys
- 2011-11-12 22:52 . 2001-08-17 19:07 30688 c:\windows\system32\dllcache\sym_u3.sys
- 2011-11-12 22:51 . 2001-08-17 19:07 28384 c:\windows\system32\dllcache\sym_hi.sys
+ 2011-11-12 22:51 . 2001-08-17 18:07 28384 c:\windows\system32\dllcache\sym_hi.sys
- 2011-11-12 22:51 . 2001-08-18 03:36 94293 c:\windows\system32\dllcache\sxports.dll
+ 2011-11-12 22:51 . 2001-08-18 02:36 94293 c:\windows\system32\dllcache\sxports.dll
- 2011-11-12 22:51 . 2001-08-18 03:36 10240 c:\windows\system32\dllcache\swpidflt.dll
+ 2011-11-12 22:51 . 2001-08-18 02:36 10240 c:\windows\system32\dllcache\swpidflt.dll
+ 2011-11-12 22:51 . 2001-08-18 02:36 10240 c:\windows\system32\dllcache\swpdflt2.dll
- 2011-11-12 22:51 . 2001-08-18 03:36 10240 c:\windows\system32\dllcache\swpdflt2.dll
+ 2011-11-12 22:51 . 2001-08-18 02:36 53760 c:\windows\system32\dllcache\sw_wheel.dll
- 2011-11-12 22:51 . 2001-08-18 03:36 53760 c:\windows\system32\dllcache\sw_wheel.dll
- 2011-11-12 22:51 . 2001-08-18 03:36 41472 c:\windows\system32\dllcache\sw_effct.dll
+ 2011-11-12 22:51 . 2001-08-18 02:36 41472 c:\windows\system32\dllcache\sw_effct.dll
+ 2004-08-04 10:00 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\svchost.exe
- 2011-11-12 22:51 . 2008-04-13 19:46 15232 c:\windows\system32\dllcache\streamip.sys
+ 2011-11-12 22:51 . 2008-04-13 18:46 15232 c:\windows\system32\dllcache\streamip.sys
+ 2011-11-12 22:51 . 2001-08-18 02:36 53248 c:\windows\system32\dllcache\stlncoin.dll
- 2011-11-12 22:51 . 2001-08-18 03:36 53248 c:\windows\system32\dllcache\stlncoin.dll
- 2011-11-12 22:51 . 2001-08-17 18:51 16896 c:\windows\system32\dllcache\stcusb.sys
+ 2011-11-12 22:51 . 2001-08-17 17:51 16896 c:\windows\system32\dllcache\stcusb.sys
- 2011-11-12 22:51 . 2001-08-17 17:11 48736 c:\windows\system32\dllcache\srwlnd5.sys
+ 2011-11-12 22:51 . 2001-08-17 16:11 48736 c:\windows\system32\dllcache\srwlnd5.sys
- 2011-11-12 22:51 . 2001-08-18 03:36 99328 c:\windows\system32\dllcache\srusd.dll
+ 2011-11-12 22:51 . 2001-08-18 02:36 99328 c:\windows\system32\dllcache\srusd.dll
- 2011-11-12 22:51 . 2001-08-18 03:36 24660 c:\windows\system32\dllcache\spxupchk.dll
+ 2011-11-12 22:51 . 2001-08-18 02:36 24660 c:\windows\system32\dllcache\spxupchk.dll
- 2011-11-12 22:50 . 2001-08-17 18:51 61824 c:\windows\system32\dllcache\speed.sys
+ 2011-11-12 22:50 . 2001-08-17 17:51 61824 c:\windows\system32\dllcache\speed.sys
+ 2011-11-12 22:50 . 2001-08-17 18:07 19072 c:\windows\system32\dllcache\sparrow.sys
- 2011-11-12 22:50 . 2001-08-17 19:07 19072 c:\windows\system32\dllcache\sparrow.sys
- 2011-11-12 22:50 . 2001-08-17 17:51 37040 c:\windows\system32\dllcache\sonypi.sys
+ 2011-11-12 22:50 . 2001-08-17 16:51 37040 c:\windows\system32\dllcache\sonypi.sys
- 2011-11-12 22:50 . 2001-08-17 17:51 20752 c:\windows\system32\dllcache\sonync.sys
+ 2011-11-12 22:50 . 2001-08-17 16:51 20752 c:\windows\system32\dllcache\sonync.sys
- 2011-11-12 22:50 . 2001-08-17 17:51 58368 c:\windows\system32\dllcache\smiminib.sys
+ 2011-11-12 22:50 . 2001-08-17 16:51 58368 c:\windows\system32\dllcache\smiminib.sys
+ 2011-11-12 22:50 . 2001-08-17 16:12 25034 c:\windows\system32\dllcache\smcpwr2n.sys
- 2011-11-12 22:50 . 2001-08-17 17:12 25034 c:\windows\system32\dllcache\smcpwr2n.sys
- 2011-11-12 22:50 . 2001-08-17 17:10 35913 c:\windows\system32\dllcache\smcirda.sys
+ 2011-11-12 22:50 . 2001-08-17 16:10 35913 c:\windows\system32\dllcache\smcirda.sys
+ 2011-11-12 22:50 . 2001-08-17 16:12 24576 c:\windows\system32\dllcache\smc8000n.sys
- 2011-11-12 22:50 . 2001-08-17 17:12 24576 c:\windows\system32\dllcache\smc8000n.sys
- 2011-11-12 22:49 . 2008-04-13 19:36 16000 c:\windows\system32\dllcache\smbbatt.sys
+ 2011-11-12 22:49 . 2008-04-13 18:36 16000 c:\windows\system32\dllcache\smbbatt.sys
+ 2011-11-12 22:49 . 2001-08-18 02:36 45568 c:\windows\system32\dllcache\smb3w.dll
- 2011-11-12 22:49 . 2001-08-18 03:36 45568 c:\windows\system32\dllcache\smb3w.dll
- 2011-11-12 22:49 . 2001-08-18 03:36 33792 c:\windows\system32\dllcache\smb0w.dll
+ 2011-11-12 22:49 . 2001-08-18 02:36 33792 c:\windows\system32\dllcache\smb0w.dll
- 2011-11-12 22:49 . 2001-08-18 03:36 28672 c:\windows\system32\dllcache\sma0w.dll
+ 2011-11-12 22:49 . 2001-08-18 02:36 28672 c:\windows\system32\dllcache\sma0w.dll
+ 2011-11-12 22:49 . 2001-08-18 02:36 28160 c:\windows\system32\dllcache\sm91w.dll
- 2011-11-12 22:49 . 2001-08-18 03:36 28160 c:\windows\system32\dllcache\sm91w.dll
- 2011-11-12 22:49 . 2008-04-13 19:46 11136 c:\windows\system32\dllcache\slip.sys
+ 2011-11-12 22:49 . 2008-04-13 18:46 11136 c:\windows\system32\dllcache\slip.sys
+ 2011-11-12 22:49 . 2004-08-04 02:31 63547 c:\windows\system32\dllcache\sla30nd5.sys
- 2011-11-12 22:49 . 2004-08-04 03:31 63547 c:\windows\system32\dllcache\sla30nd5.sys
- 2011-11-12 22:49 . 2001-08-17 17:12 91294 c:\windows\system32\dllcache\skfpwin.sys
+ 2011-11-12 22:49 . 2001-08-17 16:12 91294 c:\windows\system32\dllcache\skfpwin.sys
- 2011-11-12 22:49 . 2001-08-17 17:12 94698 c:\windows\system32\dllcache\sk98xwin.sys
+ 2011-11-12 22:49 . 2001-08-17 16:12 94698 c:\windows\system32\dllcache\sk98xwin.sys
+ 2011-11-12 22:49 . 2001-08-17 16:50 50432 c:\windows\system32\dllcache\sisv.sys
- 2011-11-12 22:49 . 2001-08-17 17:50 50432 c:\windows\system32\dllcache\sisv.sys
+ 2011-11-12 22:49 . 2004-08-04 02:31 32768 c:\windows\system32\dllcache\sisnic.sys
- 2011-11-12 22:49 . 2004-08-04 03:31 32768 c:\windows\system32\dllcache\sisnic.sys
- 2011-11-12 22:49 . 2001-08-17 17:50 68608 c:\windows\system32\dllcache\sis6306p.sys
+ 2011-11-12 22:49 . 2001-08-17 16:50 68608 c:\windows\system32\dllcache\sis6306p.sys
- 2011-11-12 22:48 . 2001-07-21 19:29 18400 c:\windows\system32\dllcache\sgsmld.sys
+ 2011-11-12 22:48 . 2001-07-21 18:29 18400 c:\windows\system32\dllcache\sgsmld.sys
- 2011-11-12 22:48 . 2001-08-17 17:51 98080 c:\windows\system32\dllcache\sgiulnt5.sys
+ 2011-11-12 22:48 . 2001-08-17 16:51 98080 c:\windows\system32\dllcache\sgiulnt5.sys
- 2011-11-12 22:48 . 2001-08-17 17:19 36480 c:\windows\system32\dllcache\sfmanm.sys
+ 2011-11-12 22:48 . 2001-08-17 16:19 36480 c:\windows\system32\dllcache\sfmanm.sys
- 2011-11-12 22:48 . 2001-08-17 18:48 17664 c:\windows\system32\dllcache\sermouse.sys
+ 2011-11-12 22:48 . 2001-08-17 17:48 17664 c:\windows\system32\dllcache\sermouse.sys
- 2011-11-12 22:48 . 2008-04-13 19:45 11520 c:\windows\system32\dllcache\scsiscan.sys
+ 2011-11-12 22:48 . 2008-04-13 18:45 11520 c:\windows\system32\dllcache\scsiscan.sys
+ 2011-11-12 22:48 . 2001-08-17 17:52 11648 c:\windows\system32\dllcache\scsiprnt.sys
- 2011-11-12 22:48 . 2001-08-17 18:52 11648 c:\windows\system32\dllcache\scsiprnt.sys
+ 2011-11-12 22:48 . 2001-08-17 17:51 17280 c:\windows\system32\dllcache\scr111.sys
- 2011-11-12 22:48 . 2001-08-17 18:51 17280 c:\windows\system32\dllcache\scr111.sys
- 2011-11-12 22:48 . 2001-08-17 18:51 16640 c:\windows\system32\dllcache\scmstcs.sys
+ 2011-11-12 22:48 . 2001-08-17 17:51 16640 c:\windows\system32\dllcache\scmstcs.sys
+ 2011-11-12 22:48 . 2001-08-17 17:51 23936 c:\windows\system32\dllcache\sccmusbm.sys
- 2011-11-12 22:48 . 2001-08-17 18:51 23936 c:\windows\system32\dllcache\sccmusbm.sys
+ 2011-11-12 22:48 . 2001-08-17 17:51 23936 c:\windows\system32\dllcache\sccmn50m.sys
- 2011-11-12 22:48 . 2001-08-17 18:51 23936 c:\windows\system32\dllcache\sccmn50m.sys
- 2011-11-12 22:48 . 2008-04-13 19:40 43904 c:\windows\system32\dllcache\sbp2port.sys
+ 2011-11-12 22:48 . 2008-04-13 18:40 43904 c:\windows\system32\dllcache\sbp2port.sys
+ 2011-11-12 22:47 . 2001-08-17 16:50 75392 c:\windows\system32\dllcache\s3savmxm.sys
- 2011-11-12 22:47 . 2001-08-17 17:50 75392 c:\windows\system32\dllcache\s3savmxm.sys
+ 2011-11-12 22:47 . 2001-08-17 16:50 77824 c:\windows\system32\dllcache\s3sav4m.sys
- 2011-11-12 22:47 . 2001-08-17 17:50 77824 c:\windows\system32\dllcache\s3sav4m.sys
+ 2011-11-12 22:47 . 2001-08-17 16:50 61504 c:\windows\system32\dllcache\s3sav3dm.sys
- 2011-11-12 22:47 . 2001-08-17 17:50 61504 c:\windows\system32\dllcache\s3sav3dm.sys
+ 2011-11-12 22:47 . 2001-08-18 02:36 62496 c:\windows\system32\dllcache\s3mtrio.dll
- 2011-11-12 22:47 . 2001-08-18 03:36 62496 c:\windows\system32\dllcache\s3mtrio.dll
+ 2011-11-12 22:47 . 2001-08-17 16:50 41216 c:\windows\system32\dllcache\s3mt3d.sys
- 2011-11-12 22:47 . 2001-08-17 17:50 41216 c:\windows\system32\dllcache\s3mt3d.sys
+ 2011-11-12 22:47 . 2001-08-17 17:57 65664 c:\windows\system32\dllcache\s3legacy.sys
- 2011-11-12 22:47 . 2001-08-17 18:57 65664 c:\windows\system32\dllcache\s3legacy.sys
- 2011-11-12 22:28 . 2001-08-17 19:56 66048 c:\windows\system32\dllcache\s3legacy.dll
+ 2011-11-12 22:28 . 2001-08-17 18:56 66048 c:\windows\system32\dllcache\s3legacy.dll
- 2011-11-12 22:47 . 2001-08-18 03:36 82432 c:\windows\system32\dllcache\rwia450.dll
+ 2011-11-12 22:47 . 2001-08-18 02:36 82432 c:\windows\system32\dllcache\rwia450.dll
- 2011-11-12 22:47 . 2001-08-18 03:36 79872 c:\windows\system32\dllcache\rwia430.dll
+ 2011-11-12 22:47 . 2001-08-18 02:36 79872 c:\windows\system32\dllcache\rwia430.dll
+ 2011-11-12 22:47 . 2008-04-14 00:12 29696 c:\windows\system32\dllcache\rw450ext.dll
- 2011-11-12 22:47 . 2008-04-14 01:12 29696 c:\windows\system32\dllcache\rw450ext.dll
+ 2011-11-12 22:47 . 2008-04-14 00:12 27648 c:\windows\system32\dllcache\rw430ext.dll
- 2011-11-12 22:47 . 2008-04-14 01:12  27648 c:\windows\system32\dllcache\rw430ext.dll
+ 2011-11-12 22:47 . 2004-08-04 02:31 20992 c:\windows\system32\dllcache\rtl8139.sys
- 2011-11-12 22:47 . 2004-08-04 03:31 20992 c:\windows\system32\dllcache\rtl8139.sys
- 2011-11-12 22:47 . 2001-08-17 17:12 19017 c:\windows\system32\dllcache\rtl8029.sys
+ 2011-11-12 22:47 . 2001-08-17 16:12 19017 c:\windows\system32\dllcache\rtl8029.sys
- 2011-11-12 22:46 . 2001-08-17 17:19 30720 c:\windows\system32\dllcache\rthwcls.sys
+ 2011-11-12 22:46 . 2001-08-17 16:19 30720 c:\windows\system32\dllcache\rthwcls.sys
- 2011-11-12 22:46 . 2008-04-13 19:40 79104 c:\windows\system32\dllcache\rocket.sys
+ 2011-11-12 22:46 . 2008-04-13 18:40 79104 c:\windows\system32\dllcache\rocket.sys
- 2011-11-12 22:46 . 2001-08-17 17:12 37563 c:\windows\system32\dllcache\rlnet5.sys
+ 2011-11-12 22:46 . 2001-08-17 16:12 37563 c:\windows\system32\dllcache\rlnet5.sys
+ 2011-11-12 22:46 . 2001-08-18 02:36 86097 c:\windows\system32\dllcache\reslog32.dll
- 2011-11-12 22:46 . 2001-08-18 03:36 86097 c:\windows\system32\dllcache\reslog32.dll
- 2011-11-12 22:46 . 2001-08-17 18:51 19584 c:\windows\system32\dllcache\rasirda.sys
+ 2011-11-12 22:46 . 2001-08-17 17:51 19584 c:\windows\system32\dllcache\rasirda.sys
+ 2011-11-12 22:46 . 2001-08-18 02:36 41472 c:\windows\system32\dllcache\qvusd.dll
- 2011-11-12 22:46 . 2001-08-18 03:36 41472 c:\windows\system32\dllcache\qvusd.dll
+ 2011-11-12 22:46 . 2001-08-17 17:52 49024 c:\windows\system32\dllcache\ql1280.sys
- 2011-11-12 22:46 . 2001-08-17 18:52 49024 c:\windows\system32\dllcache\ql1280.sys
+ 2011-11-12 22:45 . 2001-08-17 17:52 40448 c:\windows\system32\dllcache\ql1240.sys
- 2011-11-12 22:45 . 2001-08-17 18:52 40448 c:\windows\system32\dllcache\ql1240.sys
- 2011-11-12 22:45 . 2001-08-17 18:52 45312 c:\windows\system32\dllcache\ql12160.sys
+ 2011-11-12 22:45 . 2001-08-17 17:52 45312 c:\windows\system32\dllcache\ql12160.sys
+ 2011-11-12 22:45 . 2001-08-17 17:52 33152 c:\windows\system32\dllcache\ql10wnt.sys
- 2011-11-12 22:45 . 2001-08-17 18:52 33152 c:\windows\system32\dllcache\ql10wnt.sys
- 2011-11-12 22:45 . 2001-08-17 18:52 40320 c:\windows\system32\dllcache\ql1080.sys
+ 2011-11-12 22:45 . 2001-08-17 17:52 40320 c:\windows\system32\dllcache\ql1080.sys
+ 2011-11-12 22:45 . 2001-08-18 02:36 35328 c:\windows\system32\dllcache\psisload.dll
- 2011-11-12 22:45 . 2001-08-18 03:36 35328 c:\windows\system32\dllcache\psisload.dll
- 2011-11-12 22:45 . 2001-08-17 18:51 16128 c:\windows\system32\dllcache\pscr.sys
+ 2011-11-12 22:45 . 2001-08-17 17:51 16128 c:\windows\system32\dllcache\pscr.sys
+ 2011-11-12 22:45 . 2008-04-13 18:41 17664 c:\windows\system32\dllcache\ppa3.sys
- 2011-11-12 22:45 . 2008-04-13 19:41 17664 c:\windows\system32\dllcache\ppa3.sys
+ 2011-11-12 22:45 . 2001-08-17 17:53 17792 c:\windows\system32\dllcache\ppa.sys
- 2011-11-12 22:45 . 2001-08-17 18:53 17792 c:\windows\system32\dllcache\ppa.sys
- 2011-11-12 22:45 . 2001-08-17 19:07 19840 c:\windows\system32\dllcache\philtune.sys
+ 2011-11-12 22:45 . 2001-08-17 18:07 19840 c:\windows\system32\dllcache\philtune.sys
+ 2011-11-12 22:44 . 2001-08-17 18:04 92416 c:\windows\system32\dllcache\phildec.sys
- 2011-11-12 22:44 . 2001-08-17 19:04 92416 c:\windows\system32\dllcache\phildec.sys
+ 2011-11-12 22:44 . 2001-08-17 18:04 75776 c:\windows\system32\dllcache\philcam1.sys
- 2011-11-12 22:44 . 2001-08-17 19:04 75776 c:\windows\system32\dllcache\philcam1.sys
+ 2011-11-12 22:44 . 2001-08-18 02:36 16384 c:\windows\system32\dllcache\philcam1.dll
- 2011-11-12 22:44 . 2001-08-18 03:36 16384 c:\windows\system32\dllcache\philcam1.dll
+ 2011-11-12 22:44 . 2008-04-13 18:44 28032 c:\windows\system32\dllcache\perm3.sys
- 2011-11-12 22:44 . 2008-04-13 19:44 28032 c:\windows\system32\dllcache\perm3.sys
- 2011-11-12 22:44 . 2008-04-13 19:44 27904 c:\windows\system32\dllcache\perm2.sys
+ 2011-11-12 22:44 . 2008-04-13 18:44 27904 c:\windows\system32\dllcache\perm2.sys
+ 2011-11-12 22:44 . 2001-08-17 18:07 27296 c:\windows\system32\dllcache\perc2.sys
- 2011-11-12 22:44 . 2001-08-17 19:07 27296 c:\windows\system32\dllcache\perc2.sys
- 2011-11-12 22:44 . 2001-08-18 03:36 86016 c:\windows\system32\dllcache\pctspk.exe
+ 2011-11-12 22:44 . 2001-08-18 02:36 86016 c:\windows\system32\dllcache\pctspk.exe
- 2011-11-12 22:44 . 2001-08-17 17:11 35328 c:\windows\system32\dllcache\pcntpci5.sys
+ 2011-11-12 22:44 . 2001-08-17 16:11 35328 c:\windows\system32\dllcache\pcntpci5.sys
- 2011-11-12 22:44 . 2001-08-17 17:11 29769 c:\windows\system32\dllcache\pcntn5m.sys
+ 2011-11-12 22:44 . 2001-08-17 16:11 29769 c:\windows\system32\dllcache\pcntn5m.sys
+ 2011-11-12 22:44 . 2001-08-17 16:11 30282 c:\windows\system32\dllcache\pcntn5hl.sys
- 2011-11-12 22:44 . 2001-08-17 17:11 30282 c:\windows\system32\dllcache\pcntn5hl.sys
+ 2011-11-12 22:44 . 2001-08-17 16:12 26153 c:\windows\system32\dllcache\pcmlm56.sys
- 2011-11-12 22:44 . 2001-08-17 17:12 26153 c:\windows\system32\dllcache\pcmlm56.sys
+ 2011-11-12 22:44 . 2004-08-04 02:31 29502 c:\windows\system32\dllcache\pca200e.sys
- 2011-11-12 22:44 . 2004-08-04 03:31 29502 c:\windows\system32\dllcache\pca200e.sys
- 2011-11-12 22:44 . 2001-08-17 17:12 30495 c:\windows\system32\dllcache\pc100nds.sys
+ 2011-11-12 22:44 . 2001-08-17 16:12 30495 c:\windows\system32\dllcache\pc100nds.sys
- 2011-11-12 22:43 . 2001-08-18 03:36 41984 c:\windows\system32\dllcache\ovui2rc.dll
+ 2011-11-12 22:43 . 2001-08-18 02:36 41984 c:\windows\system32\dllcache\ovui2rc.dll
+ 2011-11-12 22:43 . 2001-08-18 02:36 44544 c:\windows\system32\dllcache\ovui2.dll
- 2011-11-12 22:43 . 2001-08-18 03:36 44544 c:\windows\system32\dllcache\ovui2.dll
- 2011-11-12 22:43 . 2001-08-17 19:05 25216 c:\windows\system32\dllcache\ovsound2.sys
+ 2011-11-12 22:43 . 2001-08-17 18:05 25216 c:\windows\system32\dllcache\ovsound2.sys
- 2011-11-12 22:43 . 2001-08-18 03:36 39424 c:\windows\system32\dllcache\ovcoms.exe
+ 2011-11-12 22:43 . 2001-08-18 02:36 39424 c:\windows\system32\dllcache\ovcoms.exe
- 2011-11-12 22:43 . 2001-08-18 03:36 20480 c:\windows\system32\dllcache\ovcomc.dll
+ 2011-11-12 22:43 . 2001-08-18 02:36 20480 c:\windows\system32\dllcache\ovcomc.dll
+ 2011-11-12 22:43 . 2001-08-17 18:05 31872 c:\windows\system32\dllcache\ovce.sys
- 2011-11-12 22:43 . 2001-08-17 19:05 31872 c:\windows\system32\dllcache\ovce.sys
+ 2011-11-12 22:43 . 2001-08-17 18:05 28032 c:\windows\system32\dllcache\ovcd.sys
- 2011-11-12 22:43 . 2001-08-17 19:05 28032 c:\windows\system32\dllcache\ovcd.sys
- 2011-11-12 22:43 . 2001-08-17 19:05  48000 c:\windows\system32\dllcache\ovcam2.sys
+ 2011-11-12 22:43 . 2001-08-17 18:05 48000 c:\windows\system32\dllcache\ovcam2.sys
- 2011-11-12 22:43 . 2001-08-17 19:05 25088 c:\windows\system32\dllcache\ovca.sys
+ 2011-11-12 22:43 . 2001-08-17 18:05 25088 c:\windows\system32\dllcache\ovca.sys
+ 2011-11-12 22:43 . 2001-08-17 17:28 54186 c:\windows\system32\dllcache\otcsercb.sys
- 2011-11-12 22:43 . 2001-08-17 18:28 54186 c:\windows\system32\dllcache\otcsercb.sys
+ 2011-11-12 22:43 . 2001-08-17 16:12 43689 c:\windows\system32\dllcache\otceth5.sys
- 2011-11-12 22:43 . 2001-08-17 17:12 43689 c:\windows\system32\dllcache\otceth5.sys
- 2011-11-12 22:43 . 2001-08-17 17:12 27209 c:\windows\system32\dllcache\otc06x5.sys
+ 2011-11-12 22:43 . 2001-08-17 16:12 27209 c:\windows\system32\dllcache\otc06x5.sys
- 2011-11-12 22:43 . 2001-08-17 17:20 54528 c:\windows\system32\dllcache\opl3sax.sys
+ 2011-11-12 22:43 . 2001-08-17 16:20 54528 c:\windows\system32\dllcache\opl3sax.sys
+ 2011-11-12 22:42 . 2001-08-17 16:49 51552 c:\windows\system32\dllcache\ntgrip.sys
- 2011-11-12 22:42 . 2001-08-17 17:49 51552 c:\windows\system32\dllcache\ntgrip.sys
+ 2011-11-12 22:42 . 2008-04-13 18:54 28672 c:\windows\system32\dllcache\nscirda.sys
- 2011-11-12 22:42 . 2008-04-13 19:54 28672 c:\windows\system32\dllcache\nscirda.sys
- 2011-11-12 22:42 . 2001-08-17 17:20 87040 c:\windows\system32\dllcache\nm6wdm.sys
+ 2011-11-12 22:42 . 2001-08-17 16:20 87040 c:\windows\system32\dllcache\nm6wdm.sys
+ 2011-11-12 22:42 . 2001-08-17 16:12 32840 c:\windows\system32\dllcache\ngrpci.sys
- 2011-11-12 22:42 . 2001-08-17 17:12 32840 c:\windows\system32\dllcache\ngrpci.sys
- 2011-11-12 22:42 . 2001-08-17 17:11 65278 c:\windows\system32\dllcache\netflx3.sys
+ 2011-11-12 22:42 . 2001-08-17 16:11 65278 c:\windows\system32\dllcache\netflx3.sys
+ 2011-11-12 22:42 . 2001-08-17 16:50 39264 c:\windows\system32\dllcache\neo20xx.sys
- 2011-11-12 22:42 . 2001-08-17 17:50 39264 c:\windows\system32\dllcache\neo20xx.sys
+ 2011-11-12 22:42 . 2001-08-18 02:36 60480 c:\windows\system32\dllcache\neo20xx.dll
- 2011-11-12 22:42 . 2001-08-18 03:36 60480 c:\windows\system32\dllcache\neo20xx.dll
- 2011-11-12 22:42 . 2001-08-17 18:49 15872 c:\windows\system32\dllcache\ne2000.sys
+ 2011-11-12 22:42 . 2001-08-17 17:49 15872 c:\windows\system32\dllcache\ne2000.sys
+ 2011-11-12 22:42 . 2008-04-13 18:46 10880 c:\windows\system32\dllcache\ndisip.sys
- 2011-11-12 22:42 . 2008-04-13 19:46 10880 c:\windows\system32\dllcache\ndisip.sys
+ 2011-11-12 22:42 . 2008-04-13 18:46 85248 c:\windows\system32\dllcache\nabtsfec.sys
- 2011-11-12 22:42 . 2008-04-13 19:46 85248 c:\windows\system32\dllcache\nabtsfec.sys
+ 2011-11-12 22:42 . 2001-08-17 18:56 91488 c:\windows\system32\dllcache\n9i3disp.dll
- 2011-11-12 22:42 . 2001-08-17 19:56 91488 c:\windows\system32\dllcache\n9i3disp.dll
+ 2011-11-12 22:42 . 2001-08-17 16:50 27936 c:\windows\system32\dllcache\n9i3d.sys
- 2011-11-12 22:42 . 2001-08-17 17:50 27936 c:\windows\system32\dllcache\n9i3d.sys
- 2011-11-12 22:42 . 2001-08-17 17:50 33088 c:\windows\system32\dllcache\n9i128v2.sys
+ 2011-11-12 22:42 . 2001-08-17 16:50 33088 c:\windows\system32\dllcache\n9i128v2.sys
+ 2011-11-12 22:42 . 2001-08-18 02:36 59104 c:\windows\system32\dllcache\n9i128v2.dll
- 2011-11-12 22:42 . 2001-08-18 03:36 59104 c:\windows\system32\dllcache\n9i128v2.dll
+ 2011-11-12 22:41 . 2001-08-17 16:50 13664 c:\windows\system32\dllcache\n9i128.sys
- 2011-11-12 22:41 . 2001-08-17 17:50 13664 c:\windows\system32\dllcache\n9i128.sys
+ 2011-11-12 22:41 . 2001-08-17 18:56 35392 c:\windows\system32\dllcache\n9i128.dll
- 2011-11-12 22:41 . 2001-08-17 19:56 35392 c:\windows\system32\dllcache\n9i128.dll
+ 2011-11-12 22:41 . 2001-08-17 16:11 52255 c:\windows\system32\dllcache\n1000nt5.sys
- 2011-11-12 22:41 . 2001-08-17 17:11 52255 c:\windows\system32\dllcache\n1000nt5.sys
+ 2011-11-12 22:41 . 2001-08-17 17:50 75520 c:\windows\system32\dllcache\mxport.sys
- 2011-11-12 22:41 . 2001-08-17 18:50 75520 c:\windows\system32\dllcache\mxport.sys
+ 2011-11-12 22:41 . 2001-08-17 17:49 19968 c:\windows\system32\dllcache\mxnic.sys
- 2011-11-12 22:41 . 2001-08-17 18:49 19968 c:\windows\system32\dllcache\mxnic.sys
- 2011-11-12 22:41 . 2001-08-18 03:36 19968 c:\windows\system32\dllcache\mxicfg.dll
+ 2011-11-12 22:41 . 2001-08-18 02:36 19968 c:\windows\system32\dllcache\mxicfg.dll
- 2011-11-12 22:41 . 2001-08-17 18:50 21888 c:\windows\system32\dllcache\mxcard.sys
+ 2011-11-12 22:41 . 2001-08-17 17:50 21888 c:\windows\system32\dllcache\mxcard.sys
- 2011-11-12 22:41 . 2008-04-13 19:46 49024 c:\windows\system32\dllcache\mstape.sys
+ 2011-11-12 22:41 . 2008-04-13 18:46 49024 c:\windows\system32\dllcache\mstape.sys
- 2011-11-12 22:41 . 2001-08-17 18:48 12416 c:\windows\system32\dllcache\msriffwv.sys
+ 2011-11-12 22:41 . 2001-08-17 17:48 12416 c:\windows\system32\dllcache\msriffwv.sys
+ 2011-11-12 22:41 . 2008-04-13 18:54 22016 c:\windows\system32\dllcache\msircomm.sys
- 2011-11-12 22:41 . 2008-04-13 19:54 22016 c:\windows\system32\dllcache\msircomm.sys
- 2011-11-12 22:40 . 2001-08-17 19:02 35200 c:\windows\system32\dllcache\msgame.sys
+ 2011-11-12 22:40 . 2001-08-17 18:02 35200 c:\windows\system32\dllcache\msgame.sys
+ 2011-11-12 22:40 . 2008-04-13 18:46 51200 c:\windows\system32\dllcache\msdv.sys
- 2011-11-12 22:40 . 2008-04-13 19:46 51200 c:\windows\system32\dllcache\msdv.sys
+ 2011-11-12 22:40 . 2001-08-17 17:52 17280 c:\windows\system32\dllcache\mraid35x.sys
- 2011-11-12 22:40 . 2001-08-17 18:52 17280 c:\windows\system32\dllcache\mraid35x.sys
- 2011-11-12 22:40 . 2008-04-13 19:46 15232 c:\windows\system32\dllcache\mpe.sys
+ 2011-11-12 22:40 . 2008-04-13 18:46 15232 c:\windows\system32\dllcache\mpe.sys
- 2011-11-12 22:40 . 2001-08-17 18:57 16128 c:\windows\system32\dllcache\modemcsa.sys
+ 2011-11-12 22:40 . 2001-08-17 17:57 16128 c:\windows\system32\dllcache\modemcsa.sys
+ 2011-11-12 22:40 . 2008-04-13 18:41 26112 c:\windows\system32\dllcache\memstpci.sys
- 2011-11-12 22:40 . 2008-04-13 19:41 26112 c:\windows\system32\dllcache\memstpci.sys
+ 2011-11-12 22:40 . 2001-08-18 02:36 47616 c:\windows\system32\dllcache\memgrp.dll
- 2011-11-12 22:40 . 2001-08-18 03:36 47616 c:\windows\system32\dllcache\memgrp.dll
+ 2011-11-12 22:39 . 2001-08-17 16:19 48768 c:\windows\system32\dllcache\maestro.sys
- 2011-11-12 22:39 . 2001-08-17 17:19 48768 c:\windows\system32\dllcache\maestro.sys
+ 2011-11-12 22:39 . 2001-08-18 02:36 58880 c:\windows\system32\dllcache\m3092dc.dll
- 2011-11-12 22:39 . 2001-08-18 03:36 58880 c:\windows\system32\dllcache\m3092dc.dll
- 2011-11-12 22:39 . 2001-08-18 03:36 58368 c:\windows\system32\dllcache\m3091dc.dll
+ 2011-11-12 22:39 . 2001-08-18 02:36 58368 c:\windows\system32\dllcache\m3091dc.dll
- 2011-11-12 22:39 . 2001-08-17 17:49 22848 c:\windows\system32\dllcache\lwusbhid.sys
+ 2011-11-12 22:39 . 2001-08-17 16:49 22848 c:\windows\system32\dllcache\lwusbhid.sys
- 2011-11-12 22:39 . 2004-08-04 03:39 20864 c:\windows\system32\dllcache\lwadihid.sys
+ 2011-11-12 22:39 . 2004-08-04 02:39 20864 c:\windows\system32\dllcache\lwadihid.sys
- 2011-11-12 22:39 . 2001-08-17 17:12 70730 c:\windows\system32\dllcache\lne100tx.sys
+ 2011-11-12 22:39 . 2001-08-17 16:12 70730 c:\windows\system32\dllcache\lne100tx.sys
+ 2011-11-12 22:39 . 2001-08-17 16:12 20573 c:\windows\system32\dllcache\lne100.sys
- 2011-11-12 22:39 . 2001-08-17 17:12 20573 c:\windows\system32\dllcache\lne100.sys
- 2011-11-12 22:39 . 2001-08-17 17:11 25065 c:\windows\system32\dllcache\lmndis3.sys
+ 2011-11-12 22:39 . 2001-08-17 16:11 25065 c:\windows\system32\dllcache\lmndis3.sys
- 2011-11-12 22:39 . 2001-08-17 18:51 15744 c:\windows\system32\dllcache\lit220p.sys
+ 2011-11-12 22:39 . 2001-08-17 17:51 15744 c:\windows\system32\dllcache\lit220p.sys
- 2011-11-12 22:39 . 2008-04-13 19:40 34688 c:\windows\system32\dllcache\lbrtfdc.sys
+ 2011-11-12 22:39 . 2008-04-13 18:40 34688 c:\windows\system32\dllcache\lbrtfdc.sys
+ 2011-11-12 22:39 . 2001-08-17 16:12 26442 c:\windows\system32\dllcache\lanepic5.sys
- 2011-11-12 22:39 . 2001-08-17 17:12 26442 c:\windows\system32\dllcache\lanepic5.sys
+ 2011-11-12 22:39 . 2001-08-17 16:12 19016 c:\windows\system32\dllcache\ktc111.sys
- 2011-11-12 22:39 . 2001-08-17 17:12 19016 c:\windows\system32\dllcache\ktc111.sys
+ 2011-11-12 22:38 . 2001-08-18 02:36 37376 c:\windows\system32\dllcache\kousd.dll
- 2011-11-12 22:38 . 2001-08-18 03:36 37376 c:\windows\system32\dllcache\kousd.dll
- 2011-11-12 22:38 . 2008-04-14 01:11 48640 c:\windows\system32\dllcache\kdsui.dll
+ 2011-11-12 22:38 . 2008-04-14 00:11 48640 c:\windows\system32\dllcache\kdsui.dll
+ 2011-11-12 22:38 . 2001-08-17 17:49 26624 c:\windows\system32\dllcache\irstusb.sys
- 2011-11-12 22:38 . 2001-08-17 18:49 26624 c:\windows\system32\dllcache\irstusb.sys
+ 2011-11-12 22:38 . 2001-08-17 17:51 18688 c:\windows\system32\dllcache\irsir.sys
- 2011-11-12 22:38 . 2001-08-17 18:51 18688 c:\windows\system32\dllcache\irsir.sys
+ 2011-11-12 22:38 . 2008-04-14 00:11 28160 c:\windows\system32\dllcache\irmon.dll
- 2011-11-12 22:38 . 2008-04-14 01:11 28160 c:\windows\system32\dllcache\irmon.dll
+ 2011-11-12 22:38 . 2001-08-17 17:49 23552 c:\windows\system32\dllcache\irmk7.sys
- 2011-11-12 22:38 . 2001-08-17 18:49 23552 c:\windows\system32\dllcache\irmk7.sys
+ 2011-11-12 22:38 . 2008-04-13 18:54 88192 c:\windows\system32\dllcache\irda.sys
- 2011-11-12 22:38 . 2008-04-13 19:54 88192 c:\windows\system32\dllcache\irda.sys
- 2011-11-12 22:38 . 2001-08-17 17:12 45632 c:\windows\system32\dllcache\ip5515.sys
+ 2011-11-12 22:38 . 2001-08-17 16:12 45632 c:\windows\system32\dllcache\ip5515.sys
+ 2011-11-12 22:37 . 2001-08-18 02:36 90200 c:\windows\system32\dllcache\io8ports.dll
- 2011-11-12 22:37 . 2001-08-18 03:36 90200 c:\windows\system32\dllcache\io8ports.dll
- 2011-11-12 22:37 . 2001-08-17 18:50 38784 c:\windows\system32\dllcache\io8.sys
+ 2011-11-12 22:37 . 2001-08-17 17:50 38784 c:\windows\system32\dllcache\io8.sys
+ 2011-11-12 22:37 . 2001-08-17 17:47 13056 c:\windows\system32\dllcache\inport.sys
- 2011-11-12 22:37 . 2001-08-17 18:47 13056 c:\windows\system32\dllcache\inport.sys
- 2011-11-12 22:37 . 2001-08-17 18:52 16000 c:\windows\system32\dllcache\ini910u.sys
+ 2011-11-12 22:37 . 2001-08-17 17:52 16000 c:\windows\system32\dllcache\ini910u.sys
- 2004-08-04 10:00 . 2008-04-13 18:40 42112 c:\windows\system32\dllcache\imapi.sys
+ 2011-11-13 21:03 . 2008-04-13 18:40 42112 c:\windows\system32\dllcache\imapi.sys
+ 2011-11-12 22:37 . 2001-08-18 02:36 20480 c:\windows\system32\dllcache\icam5ext.dll
- 2011-11-12 22:37 . 2001-08-18 03:36 20480 c:\windows\system32\dllcache\icam5ext.dll
- 2011-11-12 22:37 . 2001-08-18 03:36 45056 c:\windows\system32\dllcache\icam5com.dll
+ 2011-11-12 22:37 . 2001-08-18 02:36 45056 c:\windows\system32\dllcache\icam5com.dll
+ 2011-11-12 22:37 . 2001-08-18 02:36 61952 c:\windows\system32\dllcache\icam4ext.dll
- 2011-11-12 22:37 . 2001-08-18 03:36 61952 c:\windows\system32\dllcache\icam4ext.dll
+ 2011-11-12 22:37 . 2001-08-18 02:36 91136 c:\windows\system32\dllcache\icam4com.dll
- 2011-11-12 22:37 . 2001-08-18 03:36 91136 c:\windows\system32\dllcache\icam4com.dll
+ 2011-11-12 22:37 . 2001-08-18 02:36 26624 c:\windows\system32\dllcache\icam3ext.dll
- 2011-11-12 22:37 . 2001-08-18 03:36 26624 c:\windows\system32\dllcache\icam3ext.dll
- 2011-11-12 22:37 . 2001-08-17 19:06 38528 c:\windows\system32\dllcache\ibmvcap.sys
+ 2011-11-12 22:37 . 2001-08-17 18:06 38528 c:\windows\system32\dllcache\ibmvcap.sys
+ 2011-11-12 22:36 . 2001-08-17 16:11 28700 c:\windows\system32\dllcache\ibmexmp.sys
- 2011-11-12 22:36 . 2001-08-17 17:11 28700 c:\windows\system32\dllcache\ibmexmp.sys
+ 2011-11-12 22:36 . 2001-08-17 16:49 58592 c:\windows\system32\dllcache\i740nt5.sys
- 2011-11-12 22:36 . 2001-08-17 17:49 58592 c:\windows\system32\dllcache\i740nt5.sys
- 2011-11-12 22:36 . 2008-04-13 19:41 18560 c:\windows\system32\dllcache\i2omp.sys
+ 2011-11-12 22:36 . 2008-04-13 18:41 18560 c:\windows\system32\dllcache\i2omp.sys
- 2011-11-12 22:36 . 2001-08-17 18:28 50751 c:\windows\system32\dllcache\hsf_tone.sys
+ 2011-11-12 22:36 . 2001-08-17 17:28 50751 c:\windows\system32\dllcache\hsf_tone.sys
+ 2011-11-12 22:36 . 2001-08-17 17:28 73279 c:\windows\system32\dllcache\hsf_spkp.sys
- 2011-11-12 22:36 . 2001-08-17 18:28 73279 c:\windows\system32\dllcache\hsf_spkp.sys
- 2011-11-12 22:36 . 2001-08-17 18:28 44863 c:\windows\system32\dllcache\hsf_soar.sys
+ 2011-11-12 22:36 . 2001-08-17 17:28 44863 c:\windows\system32\dllcache\hsf_soar.sys
- 2011-11-12 22:36 . 2001-08-17 18:28 57471 c:\windows\system32\dllcache\hsf_samp.sys
+ 2011-11-12 22:36 . 2001-08-17 17:28 57471 c:\windows\system32\dllcache\hsf_samp.sys
+ 2011-11-12 22:35 . 2001-08-17 17:28 67167 c:\windows\system32\dllcache\hsf_bsc2.sys
- 2011-11-12 22:35 . 2001-08-17 18:28 67167 c:\windows\system32\dllcache\hsf_bsc2.sys
+ 2011-11-12 22:35 . 2001-08-18 02:36 19456 c:\windows\system32\dllcache\hr1w.dll
- 2011-11-12 22:35 . 2001-08-18 03:36 19456 c:\windows\system32\dllcache\hr1w.dll
- 2011-11-12 22:35 . 2001-08-18 03:36 13312 c:\windows\system32\dllcache\hpsjmcro.dll
+ 2011-11-12 22:35 . 2001-08-18 02:36 13312 c:\windows\system32\dllcache\hpsjmcro.dll
- 2011-11-12 22:35 . 2001-08-17 19:07 25952 c:\windows\system32\dllcache\hpn.sys
+ 2011-11-12 22:35 . 2001-08-17 18:07 25952 c:\windows\system32\dllcache\hpn.sys
+ 2011-11-12 22:35 . 2001-08-18 02:36 32768 c:\windows\system32\dllcache\hpgtmcro.dll
- 2011-11-12 22:35 . 2001-08-18 03:36 32768 c:\windows\system32\dllcache\hpgtmcro.dll
- 2011-11-12 22:35 . 2001-08-18 03:36 68608 c:\windows\system32\dllcache\hpgt53tk.dll
+ 2011-11-12 22:35 . 2001-08-18 02:36 68608 c:\windows\system32\dllcache\hpgt53tk.dll
- 2011-11-12 22:35 . 2001-08-18 03:36 31232 c:\windows\system32\dllcache\hpgt42tk.dll
+ 2011-11-12 22:35 . 2001-08-18 02:36 31232 c:\windows\system32\dllcache\hpgt42tk.dll
+ 2011-11-12 22:35 . 2001-08-18 02:36 93696 c:\windows\system32\dllcache\hpgt42.dll
- 2011-11-12 22:35 . 2001-08-18 03:36 93696 c:\windows\system32\dllcache\hpgt42.dll
+ 2011-11-12 22:35 . 2001-08-18 02:36 48128 c:\windows\system32\dllcache\hpgt33tk.dll
- 2011-11-12 22:35 . 2001-08-18 03:36 48128 c:\windows\system32\dllcache\hpgt33tk.dll
+ 2011-11-12 22:35 . 2001-08-18 02:36 89088 c:\windows\system32\dllcache\hpgt33.dll
- 2011-11-12 22:35 . 2001-08-18 03:36 89088 c:\windows\system32\dllcache\hpgt33.dll
+ 2011-11-12 22:35 . 2001-08-18 02:36 83968 c:\windows\system32\dllcache\hpgt21.dll
- 2011-11-12 22:35 . 2001-08-18 03:36 83968 c:\windows\system32\dllcache\hpgt21.dll
- 2011-11-12 22:35 . 2008-04-14 01:11 21504 c:\windows\system32\dllcache\hidserv.dll
+ 2011-11-12 22:35 . 2008-04-14 00:11 21504 c:\windows\system32\dllcache\hidserv.dll
+ 2011-11-12 22:35 . 2008-04-13 18:36 20352 c:\windows\system32\dllcache\hidbatt.sys
- 2011-11-12 22:35 . 2008-04-13 19:36 20352 c:\windows\system32\dllcache\hidbatt.sys
- 2011-11-12 22:34 . 2008-04-13 19:40 28288 c:\windows\system32\dllcache\grserial.sys
+ 2011-11-12 22:34 . 2008-04-13 18:40 28288 c:\windows\system32\dllcache\grserial.sys
+ 2011-11-12 22:34 . 2001-08-17 17:51 82304 c:\windows\system32\dllcache\grclass.sys
- 2011-11-12 22:34 . 2001-08-17 18:51 82304 c:\windows\system32\dllcache\grclass.sys
+ 2011-11-12 22:34 . 2001-08-17 17:51 17408 c:\windows\system32\dllcache\gpr400.sys
- 2011-11-12 22:34 . 2001-08-17 18:51 17408 c:\windows\system32\dllcache\gpr400.sys
- 2011-11-12 22:34 . 2008-04-13 19:45 59136 c:\windows\system32\dllcache\gckernel.sys
+ 2011-11-12 22:34 . 2008-04-13 18:45 59136 c:\windows\system32\dllcache\gckernel.sys
- 2011-11-12 22:34 . 2008-04-13 19:45 10624 c:\windows\system32\dllcache\gameenum.sys
+ 2011-11-12 22:34 . 2008-04-13 18:45 10624 c:\windows\system32\dllcache\gameenum.sys
- 2011-11-12 22:34 . 2001-08-18 03:36 92160 c:\windows\system32\dllcache\fuusd.dll
+ 2011-11-12 22:34 . 2001-08-18 02:36 92160 c:\windows\system32\dllcache\fuusd.dll
- 2011-11-12 22:34 . 2004-08-04 03:31 34173 c:\windows\system32\dllcache\forehe.sys
+ 2011-11-12 22:34 . 2004-08-04 02:31 34173 c:\windows\system32\dllcache\forehe.sys
+ 2011-11-12 22:34 . 2001-08-18 02:36 71680 c:\windows\system32\dllcache\fnfilter.dll
- 2011-11-12 22:34 . 2001-08-18 03:36 71680 c:\windows\system32\dllcache\fnfilter.dll
+ 2011-11-12 22:34 . 2001-08-17 16:13 27165 c:\windows\system32\dllcache\fetnd5.sys
- 2011-11-12 22:34 . 2001-08-17 17:13 27165 c:\windows\system32\dllcache\fetnd5.sys
+ 2011-11-12 22:34 . 2001-08-17 16:10 22090 c:\windows\system32\dllcache\fem556n5.sys
- 2011-11-12 22:34 . 2001-08-17 17:10 22090 c:\windows\system32\dllcache\fem556n5.sys
+ 2011-11-12 22:33 . 2001-08-17 16:12 24618 c:\windows\system32\dllcache\fa410nd5.sys
- 2011-11-12 22:33 . 2001-08-17 17:12 24618 c:\windows\system32\dllcache\fa410nd5.sys
+ 2011-11-12 22:33 . 2001-08-17 16:12 16074 c:\windows\system32\dllcache\fa312nd5.sys
- 2011-11-12 22:33 . 2001-08-17 17:12 16074 c:\windows\system32\dllcache\fa312nd5.sys
- 2011-11-12 22:33 . 2001-08-17 17:11 11850 c:\windows\system32\dllcache\f3ab18xj.sys
+ 2011-11-12 22:33 . 2001-08-17 16:11 11850 c:\windows\system32\dllcache\f3ab18xj.sys
- 2011-11-12 22:33 . 2001-08-17 17:11 12362 c:\windows\system32\dllcache\f3ab18xi.sys
+ 2011-11-12 22:33 . 2001-08-17 16:11 12362 c:\windows\system32\dllcache\f3ab18xi.sys
+ 2008-06-05 22:47 . 2001-08-18 02:36 12288 c:\windows\system32\dllcache\EXCH_smtpctrs.dll
- 2008-06-05 22:47 . 2001-08-18 03:36 12288 c:\windows\system32\dllcache\EXCH_smtpctrs.dll
- 2008-06-05 22:47 . 2001-08-18 03:36 26112 c:\windows\system32\dllcache\EXCH_seos.dll
+ 2008-06-05 22:47 . 2001-08-18 02:36 26112 c:\windows\system32\dllcache\EXCH_seos.dll
+ 2008-06-05 22:47 . 2001-08-18 02:36 57856 c:\windows\system32\dllcache\EXCH_scripto.dll
- 2008-06-05 22:47 . 2001-08-18 03:36 57856 c:\windows\system32\dllcache\EXCH_scripto.dll
+ 2008-06-05 22:47 . 2001-08-18 02:36 23040 c:\windows\system32\dllcache\EXCH_regtrace.exe
- 2008-06-05 22:47 . 2001-08-18 03:36 23040 c:\windows\system32\dllcache\EXCH_regtrace.exe
- 2008-06-05 22:47 . 2001-08-18 03:36 38912 c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
+ 2008-06-05 22:47 . 2001-08-18 02:36 38912 c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
+ 2008-06-05 22:46 . 2001-08-18 02:36 65536 c:\windows\system32\dllcache\EXCH_mailmsg.dll
- 2008-06-05 22:46 . 2001-08-18 03:36 65536 c:\windows\system32\dllcache\EXCH_mailmsg.dll
+ 2008-06-05 22:46 . 2001-08-18 02:36 43520 c:\windows\system32\dllcache\EXCH_fcachdll.dll
- 2008-06-05 22:46 . 2001-08-18 03:36 43520 c:\windows\system32\dllcache\EXCH_fcachdll.dll
- 2008-06-05 22:46 . 2001-08-18 03:36 45056 c:\windows\system32\dllcache\EXCH_aqadmin.dll
+ 2008-06-05 22:46 . 2001-08-18 02:36 45056 c:\windows\system32\dllcache\EXCH_aqadmin.dll
+ 2011-11-12 22:33 . 2001-08-17 16:12 16998 c:\windows\system32\dllcache\ex10.sys
- 2011-11-12 22:33 . 2001-08-17 17:12 16998 c:\windows\system32\dllcache\ex10.sys
+ 2011-11-12 22:33 . 2001-08-18 02:36 45568 c:\windows\system32\dllcache\esunib.dll
- 2011-11-12 22:33 . 2001-08-18 03:36 45568 c:\windows\system32\dllcache\esunib.dll
+ 2011-11-12 22:33 . 2001-08-18 02:36 45568 c:\windows\system32\dllcache\esuni.dll
- 2011-11-12 22:33 . 2001-08-18 03:36 45568 c:\windows\system32\dllcache\esuni.dll
+ 2011-11-12 22:33 . 2001-08-18 02:36 34816 c:\windows\system32\dllcache\esuimg.dll
- 2011-11-12 22:33 . 2001-08-18 03:36 34816 c:\windows\system32\dllcache\esuimg.dll
- 2011-11-12 22:33 . 2001-08-18 03:36 43008 c:\windows\system32\dllcache\esucm.dll
+ 2011-11-12 22:33 . 2001-08-18 02:36 43008 c:\windows\system32\dllcache\esucm.dll
+ 2011-11-12 22:33 . 2001-08-17 16:19 63360 c:\windows\system32\dllcache\ess.sys
- 2011-11-12 22:33 . 2001-08-17 17:19 63360 c:\windows\system32\dllcache\ess.sys
+ 2011-11-12 22:33 . 2001-08-17 16:19 72192 c:\windows\system32\dllcache\es1969.sys
- 2011-11-12 22:33 . 2001-08-17 17:19 72192 c:\windows\system32\dllcache\es1969.sys
+ 2011-11-12 22:33 . 2001-08-17 16:19 40704 c:\windows\system32\dllcache\es1371mp.sys
- 2011-11-12 22:33 . 2001-08-17 17:19 40704 c:\windows\system32\dllcache\es1371mp.sys
- 2011-11-12 22:33 . 2001-08-17 17:19 37120 c:\windows\system32\dllcache\es1370mp.sys
+ 2011-11-12 22:33 . 2001-08-17 16:19 37120 c:\windows\system32\dllcache\es1370mp.sys
- 2011-11-12 22:33 . 2001-08-18 03:36 61952 c:\windows\system32\dllcache\eqnloop.exe
+ 2011-11-12 22:33 . 2001-08-18 02:36 61952 c:\windows\system32\dllcache\eqnloop.exe
- 2011-11-12 22:33 . 2001-08-18 03:36 51200 c:\windows\system32\dllcache\eqnlogr.exe
+ 2011-11-12 22:33 . 2001-08-18 02:36 51200 c:\windows\system32\dllcache\eqnlogr.exe
- 2011-11-12 22:33 . 2001-08-18 03:36 53248 c:\windows\system32\dllcache\eqndiag.exe
+ 2011-11-12 22:33 . 2001-08-18 02:36 53248 c:\windows\system32\dllcache\eqndiag.exe
+ 2011-11-12 22:33 . 2001-08-17 16:12 18503 c:\windows\system32\dllcache\epro4.sys
- 2011-11-12 22:33 . 2001-08-17 17:12 18503 c:\windows\system32\dllcache\epro4.sys
+ 2011-11-12 22:32 . 2001-08-17 16:10 19996 c:\windows\system32\dllcache\em556n4.sys
- 2011-11-12 22:32 . 2001-08-17 17:10 19996 c:\windows\system32\dllcache\em556n4.sys
- 2011-11-12 22:32 . 2001-08-17 17:10 25159 c:\windows\system32\dllcache\elnk3.sys
+ 2011-11-12 22:32 . 2001-08-17 16:10 25159 c:\windows\system32\dllcache\elnk3.sys
- 2011-11-12 22:32 . 2001-08-17 17:11 70174 c:\windows\system32\dllcache\el98xn5.sys
+ 2011-11-12 22:32 . 2001-08-17 16:11 70174 c:\windows\system32\dllcache\el98xn5.sys
+ 2011-11-12 22:32 . 2001-08-17 16:11 66591 c:\windows\system32\dllcache\el90xbc5.sys
- 2011-11-12 22:32 . 2001-08-17 17:11 66591 c:\windows\system32\dllcache\el90xbc5.sys
- 2011-11-12 22:32 . 2001-08-17 17:11 77386 c:\windows\system32\dllcache\el656nd5.sys
+ 2011-11-12 22:32 . 2001-08-17 16:11 77386 c:\windows\system32\dllcache\el656nd5.sys
+ 2011-11-12 22:32 . 2001-08-17 16:11 69194 c:\windows\system32\dllcache\el656cd5.sys
- 2011-11-12 22:32 . 2001-08-17 17:11 69194 c:\windows\system32\dllcache\el656cd5.sys
- 2011-11-12 22:32 . 2001-08-17 17:10 26141 c:\windows\system32\dllcache\el589nd5.sys
+ 2011-11-12 22:32 . 2001-08-17 16:10 26141 c:\windows\system32\dllcache\el589nd5.sys
- 2011-11-12 22:32 . 2001-08-17 17:10 69692 c:\windows\system32\dllcache\el575nd5.sys
+ 2011-11-12 22:32 . 2001-08-17 16:10 69692 c:\windows\system32\dllcache\el575nd5.sys
+ 2011-11-12 22:32 . 2001-08-17 16:10 24653 c:\windows\system32\dllcache\el574nd4.sys
- 2011-11-12 22:32 . 2001-08-17 17:10 24653 c:\windows\system32\dllcache\el574nd4.sys
+ 2011-11-12 22:32 . 2001-08-17 16:10 55999 c:\windows\system32\dllcache\el556nd5.sys
- 2011-11-12 22:32 . 2001-08-17 17:10 55999 c:\windows\system32\dllcache\el556nd5.sys
+ 2011-11-12 22:32 . 2001-08-17 16:10 44103 c:\windows\system32\dllcache\el515.sys
- 2011-11-12 22:32 . 2001-08-17 17:10 44103 c:\windows\system32\dllcache\el515.sys
+ 2011-11-12 22:32 . 2001-08-17 16:12 19594 c:\windows\system32\dllcache\e100isa4.sys
- 2011-11-12 22:32 . 2001-08-17 17:12 19594 c:\windows\system32\dllcache\e100isa4.sys
+ 2011-11-12 22:32 . 2001-08-17 16:12 50719 c:\windows\system32\dllcache\e1000nt5.sys
- 2011-11-12 22:32 . 2001-08-17 17:12 50719 c:\windows\system32\dllcache\e1000nt5.sys
- 2011-11-12 22:32 . 2001-08-17 19:07 20192 c:\windows\system32\dllcache\dpti2o.sys
+ 2011-11-12 22:32 . 2001-08-17 18:07 20192 c:\windows\system32\dllcache\dpti2o.sys
- 2011-11-12 22:32 . 2001-08-17 17:12 28062 c:\windows\system32\dllcache\dp83820.sys
+ 2011-11-12 22:32 . 2001-08-17 16:12 28062 c:\windows\system32\dllcache\dp83820.sys
- 2011-11-12 22:32 . 2001-08-17 18:47 23808 c:\windows\system32\dllcache\dot4usb.sys
+ 2011-11-12 22:32 . 2001-08-17 17:47 23808 c:\windows\system32\dllcache\dot4usb.sys
+ 2011-11-12 22:32 . 2001-08-17 17:47 12928 c:\windows\system32\dllcache\dot4prt.sys
- 2011-11-12 22:32 . 2001-08-17 18:47 12928 c:\windows\system32\dllcache\dot4prt.sys
- 2011-11-12 22:32 . 2001-08-17 17:11 29696 c:\windows\system32\dllcache\dm9pci5.sys
+ 2011-11-12 22:32 . 2001-08-17 16:11 29696 c:\windows\system32\dllcache\dm9pci5.sys
+ 2011-11-12 22:32 . 2001-08-17 16:11 26698 c:\windows\system32\dllcache\dlh5xnd5.sys
- 2011-11-12 22:32 . 2001-08-17 17:11 26698 c:\windows\system32\dllcache\dlh5xnd5.sys
+ 2011-11-12 22:32 . 2001-08-18 02:36 29768 c:\windows\system32\dllcache\divasu.dll
- 2011-11-12 22:32 . 2001-08-18 03:36 29768 c:\windows\system32\dllcache\divasu.dll
+ 2011-11-12 22:32 . 2001-08-18 02:36 37962 c:\windows\system32\dllcache\divaprop.dll
- 2011-11-12 22:32 . 2001-08-18 03:36 37962 c:\windows\system32\dllcache\divaprop.dll
- 2011-11-12 22:32 . 2001-08-18 03:36 38985 c:\windows\system32\dllcache\disrvsu.dll
+ 2011-11-12 22:32 . 2001-08-18 02:36 38985 c:\windows\system32\dllcache\disrvsu.dll
- 2011-11-12 22:31 . 2001-08-18 03:36 31305 c:\windows\system32\dllcache\disrvpp.dll
+ 2011-11-12 22:31 . 2001-08-18 02:36 31305 c:\windows\system32\dllcache\disrvpp.dll
+ 2011-11-12 22:31 . 2001-08-17 16:13 91305 c:\windows\system32\dllcache\dimaint.sys
- 2011-11-12 22:31 . 2001-08-17 17:13 91305 c:\windows\system32\dllcache\dimaint.sys
+ 2011-11-12 22:31 . 2001-08-17 16:17 42432 c:\windows\system32\dllcache\digirlpt.sys
- 2011-11-12 22:31 . 2001-08-17 17:17 42432 c:\windows\system32\dllcache\digirlpt.sys
+ 2011-11-12 22:31 . 2001-08-17 16:14 21606  c:\windows\system32\dllcache\digiisdn.sys
- 2011-11-12 22:31 . 2001-08-17 17:14 21606 c:\windows\system32\dllcache\digiisdn.sys
- 2011-11-12 22:31 . 2001-08-18 03:36 41046 c:\windows\system32\dllcache\digiisdn.dll
+ 2011-11-12 22:31 . 2001-08-18 02:36 41046 c:\windows\system32\dllcache\digiisdn.dll
- 2011-11-12 22:31 . 2001-08-17 17:17 90525 c:\windows\system32\dllcache\digifep5.sys
+ 2011-11-12 22:31 . 2001-08-17 16:17 90525 c:\windows\system32\dllcache\digifep5.sys
- 2011-11-12 22:31 . 2001-08-17 17:13 37735 c:\windows\system32\dllcache\digiasyn.sys
+ 2011-11-12 22:31 . 2001-08-17 16:13 37735 c:\windows\system32\dllcache\digiasyn.sys
+ 2011-11-12 22:31 . 2001-08-18 02:36 65622 c:\windows\system32\dllcache\digiasyn.dll
- 2011-11-12 22:31 . 2001-08-18 03:36 65622 c:\windows\system32\dllcache\digiasyn.dll
+ 2011-11-12 22:30 . 2001-08-18 02:36 32256 c:\windows\system32\dllcache\diapi2NT.dll
- 2011-11-12 22:30 . 2001-08-18 03:36 32256 c:\windows\system32\dllcache\diapi2NT.dll
+ 2011-11-12 22:31 . 2001-08-17 16:17 29531 c:\windows\system32\dllcache\dgapci.sys
- 2011-11-12 22:31 . 2001-08-17 17:17 29531 c:\windows\system32\dllcache\dgapci.sys
+ 2011-11-12 22:31 . 2001-08-17 16:11 24649 c:\windows\system32\dllcache\dfe650d.sys
- 2011-11-12 22:31 . 2001-08-17 17:11 24649 c:\windows\system32\dllcache\dfe650d.sys
- 2011-11-12 22:31 . 2001-08-17 17:11 24648 c:\windows\system32\dllcache\dfe650.sys
+ 2011-11-12 22:31 . 2001-08-17 16:11 24648 c:\windows\system32\dllcache\dfe650.sys
+ 2011-11-12 22:31 . 2001-08-18 02:36 24064 c:\windows\system32\dllcache\devldr32.exe
- 2011-11-12 22:31 . 2001-08-18 03:36 24064 c:\windows\system32\dllcache\devldr32.exe
- 2011-11-12 22:31 . 2001-08-17 17:11 20928 c:\windows\system32\dllcache\defpa.sys
+ 2011-11-12 22:31 . 2001-08-17 16:11 20928 c:\windows\system32\dllcache\defpa.sys
+ 2011-11-12 22:31 . 2001-08-18 02:36 86016 c:\windows\system32\dllcache\dc240usd.dll
- 2011-11-12 22:31 . 2001-08-18 03:36 86016 c:\windows\system32\dllcache\dc240usd.dll
- 2011-11-12 22:31 . 2001-08-17 17:12 63208 c:\windows\system32\dllcache\dc21x4.sys
+ 2011-11-12 22:31 . 2001-08-17 16:12 63208 c:\windows\system32\dllcache\dc21x4.sys
- 2011-11-12 22:31 . 2001-08-18 03:36 80896 c:\windows\system32\dllcache\dc210usd.dll
+ 2011-11-12 22:31 . 2001-08-18 02:36 80896 c:\windows\system32\dllcache\dc210usd.dll
- 2011-11-12 22:31 . 2001-08-18 03:36 25600 c:\windows\system32\dllcache\dc210_32.dll
+ 2011-11-12 22:31 . 2001-08-18 02:36 25600 c:\windows\system32\dllcache\dc210_32.dll
+ 2011-11-12 22:31 . 2001-08-17 17:52 14720 c:\windows\system32\dllcache\dac960nt.sys
- 2011-11-12 22:31 . 2001-08-17 18:52 14720 c:\windows\system32\dllcache\dac960nt.sys
- 2011-11-12 22:31 . 2001-08-18 03:36 27648 c:\windows\system32\dllcache\cyzports.dll
+ 2011-11-12 22:31 . 2001-08-18 02:36 27648 c:\windows\system32\dllcache\cyzports.dll
+ 2011-11-12 22:31 . 2001-08-17 17:50 49792 c:\windows\system32\dllcache\cyzport.sys
- 2011-11-12 22:31 . 2001-08-17 18:50 49792 c:\windows\system32\dllcache\cyzport.sys
+ 2011-11-12 22:31 . 2001-08-18 02:36 27136 c:\windows\system32\dllcache\cyzcoins.dll
- 2011-11-12 22:31 . 2001-08-18 03:36 27136 c:\windows\system32\dllcache\cyzcoins.dll
- 2011-11-12 22:31 . 2001-08-18 03:36 27648 c:\windows\system32\dllcache\cyyports.dll
+ 2011-11-12 22:31 . 2001-08-18 02:36 27648 c:\windows\system32\dllcache\cyyports.dll
+ 2011-11-12 22:31 . 2001-08-17 17:50 50176 c:\windows\system32\dllcache\cyyport.sys
- 2011-11-12 22:31 . 2001-08-17 18:50 50176 c:\windows\system32\dllcache\cyyport.sys
+ 2011-11-12 22:31 . 2001-08-18 02:36 28672 c:\windows\system32\dllcache\cyycoins.dll
- 2011-11-12 22:31 . 2001-08-18 03:36 28672 c:\windows\system32\dllcache\cyycoins.dll
- 2011-11-12 22:31 . 2001-08-17 18:50 14848 c:\windows\system32\dllcache\cyclom-y.sys
+ 2011-11-12 22:31 . 2001-08-17 17:50 14848 c:\windows\system32\dllcache\cyclom-y.sys
- 2011-11-12 22:31 . 2001-08-17 18:50 17152 c:\windows\system32\dllcache\cyclad-z.sys
+ 2011-11-12 22:31 . 2001-08-17 17:50 17152 c:\windows\system32\dllcache\cyclad-z.sys
- 2011-11-12 22:31 . 2004-08-04 03:32 48640 c:\windows\system32\dllcache\cwrwdm.sys
+ 2011-11-12 22:31 . 2004-08-04 02:32 48640 c:\windows\system32\dllcache\cwrwdm.sys
+ 2011-11-12 22:31 . 2001-08-17 16:19 93952 c:\windows\system32\dllcache\cwcwdm.sys
- 2011-11-12 22:31 . 2001-08-17 17:19 93952 c:\windows\system32\dllcache\cwcwdm.sys
- 2011-11-12 22:31 . 2001-08-17 17:19 72832 c:\windows\system32\dllcache\cwbwdm.sys
+ 2011-11-12 22:31 . 2001-08-17 16:19 72832 c:\windows\system32\dllcache\cwbwdm.sys
- 2011-11-12 22:31 . 2001-08-17 17:19 96256 c:\windows\system32\dllcache\ctlsb16.sys
+ 2011-11-12 22:31 . 2001-08-17 16:19 96256 c:\windows\system32\dllcache\ctlsb16.sys
- 2011-11-12 22:30 . 2001-08-17 17:19 42112 c:\windows\system32\dllcache\crtaud.sys
+ 2011-11-12 22:30 . 2001-08-17 16:19 42112 c:\windows\system32\dllcache\crtaud.sys
+ 2011-11-12 22:30 . 2001-08-17 16:11 60970 c:\windows\system32\dllcache\cpqtrnd5.sys
- 2011-11-12 22:30 . 2001-08-17 17:11 60970 c:\windows\system32\dllcache\cpqtrnd5.sys
+ 2011-11-12 22:30 . 2001-08-17 16:13 21533 c:\windows\system32\dllcache\cpqndis5.sys
- 2011-11-12 22:30 . 2001-08-17 17:13 21533 c:\windows\system32\dllcache\cpqndis5.sys
+ 2011-11-12 22:30 . 2001-08-17 17:52 14976 c:\windows\system32\dllcache\cpqarray.sys
- 2011-11-12 22:30 . 2001-08-17 18:52 14976 c:\windows\system32\dllcache\cpqarray.sys
+ 2011-11-12 22:30 . 2008-04-13 18:36 10240 c:\windows\system32\dllcache\compbatt.sys
- 2011-11-12 22:30 . 2008-04-13 19:36 10240 c:\windows\system32\dllcache\compbatt.sys
+ 2011-11-12 22:30 . 2001-08-17 16:11 39936 c:\windows\system32\dllcache\cnxt1803.sys
- 2011-11-12 22:30 . 2001-08-17 17:11 39936 c:\windows\system32\dllcache\cnxt1803.sys
+ 2011-11-12 22:30 . 2001-08-18 02:36 44032 c:\windows\system32\dllcache\cnusd.dll
- 2011-11-12 22:30 . 2001-08-18 03:36 44032 c:\windows\system32\dllcache\cnusd.dll
- 2011-11-12 22:30 . 2001-08-17 18:51 20736 c:\windows\system32\dllcache\cmbp0wdm.sys
+ 2011-11-12 22:30 . 2001-08-17 17:51 20736 c:\windows\system32\dllcache\cmbp0wdm.sys
- 2011-11-12 22:30 . 2008-04-13 19:36 13952 c:\windows\system32\dllcache\cmbatt.sys
+ 2011-11-12 22:30 . 2008-04-13 18:36 13952 c:\windows\system32\dllcache\cmbatt.sys
- 2011-11-12 22:30 . 2001-08-17 18:57 45696 c:\windows\system32\dllcache\cirrus.sys
+ 2011-11-12 22:30 . 2001-08-17 17:57 45696 c:\windows\system32\dllcache\cirrus.sys
- 2011-11-12 22:30 . 2001-08-17 19:56 91264 c:\windows\system32\dllcache\cirrus.dll
+ 2011-11-12 22:30 . 2001-08-17 18:56 91264 c:\windows\system32\dllcache\cirrus.dll
- 2011-11-12 22:30 . 2001-08-17 17:13 49182 c:\windows\system32\dllcache\cem56n5.sys
+ 2011-11-12 22:30 . 2001-08-17 16:13 49182 c:\windows\system32\dllcache\cem56n5.sys
+ 2011-11-12 22:30 . 2001-08-17 16:13 22044 c:\windows\system32\dllcache\cem33n5.sys
- 2011-11-12 22:30 . 2001-08-17 17:13 22044 c:\windows\system32\dllcache\cem33n5.sys
+ 2011-11-12 22:30 . 2001-08-17 16:13 22044 c:\windows\system32\dllcache\cem28n5.sys
- 2011-11-12 22:30 . 2001-08-17 17:13 22044 c:\windows\system32\dllcache\cem28n5.sys
+ 2011-11-12 22:30 . 2001-08-17 16:13 27164 c:\windows\system32\dllcache\ce3n5.sys
- 2011-11-12 22:30 . 2001-08-17 17:13 27164 c:\windows\system32\dllcache\ce3n5.sys
+ 2011-11-12 22:30 . 2001-08-17 16:13 21530 c:\windows\system32\dllcache\ce2n5.sys
- 2011-11-12 22:30 . 2001-08-17 17:13 21530 c:\windows\system32\dllcache\ce2n5.sys
+ 2011-11-12 22:30 . 2008-04-13 18:46 17024 c:\windows\system32\dllcache\ccdecode.sys
- 2011-11-12 22:30 . 2008-04-13 19:46 17024 c:\windows\system32\dllcache\ccdecode.sys
+ 2011-11-12 22:30 . 2001-08-17 16:13 46108 c:\windows\system32\dllcache\cben5.sys
- 2011-11-12 22:30 . 2001-08-17 17:13 46108 c:\windows\system32\dllcache\cben5.sys
+ 2011-11-12 22:30 . 2001-08-17 16:12 39680 c:\windows\system32\dllcache\cb325.sys
- 2011-11-12 22:30 . 2001-08-17 17:12 39680 c:\windows\system32\dllcache\cb325.sys
- 2011-11-12 22:30 . 2001-08-17 17:12 37916 c:\windows\system32\dllcache\cb102.sys
+ 2011-11-12 22:30 . 2001-08-17 16:12 37916 c:\windows\system32\dllcache\cb102.sys
- 2011-11-12 22:30 . 2001-08-18 03:36 74240 c:\windows\system32\dllcache\camexo20.dll
+ 2011-11-12 22:30 . 2001-08-18 02:36 74240 c:\windows\system32\dllcache\camexo20.dll
+ 2011-11-12 22:29 . 2001-08-17 17:51 13824 c:\windows\system32\dllcache\bulltlp3.sys
- 2011-11-12 22:29 . 2001-08-17 18:51 13824 c:\windows\system32\dllcache\bulltlp3.sys
- 2011-11-12 22:29 . 2001-08-17 17:11 31529 c:\windows\system32\dllcache\brzwlan.sys
+ 2011-11-12 22:29 . 2001-08-17 16:11 31529 c:\windows\system32\dllcache\brzwlan.sys
+ 2011-11-12 22:29 . 2001-08-17 17:12 10368 c:\windows\system32\dllcache\brusbscn.sys
- 2011-11-12 22:29 . 2001-08-17 18:12 10368 c:\windows\system32\dllcache\brusbscn.sys
+ 2011-11-12 22:29 . 2001-08-17 17:12 11008 c:\windows\system32\dllcache\brusbmdm.sys
- 2011-11-12 22:29 . 2001-08-17 18:12 11008 c:\windows\system32\dllcache\brusbmdm.sys
+ 2011-11-12 22:29 . 2001-08-17 17:12 60416 c:\windows\system32\dllcache\brserwdm.sys
- 2011-11-12 22:29 . 2001-08-17 18:12 60416 c:\windows\system32\dllcache\brserwdm.sys
- 2011-11-12 22:29 . 2001-08-17 18:12 39552 c:\windows\system32\dllcache\brparwdm.sys
+ 2011-11-12 22:29 . 2001-08-17 17:12 39552 c:\windows\system32\dllcache\brparwdm.sys
+ 2011-11-12 22:29 . 2001-08-18 02:36 41472 c:\windows\system32\dllcache\brmfusb.dll
- 2011-11-12 22:29 . 2001-08-18 03:36 41472 c:\windows\system32\dllcache\brmfusb.dll
+ 2011-11-12 22:29 . 2001-08-18 02:36 32256 c:\windows\system32\dllcache\brmfrsmg.exe
- 2011-11-12 22:29 . 2001-08-18 03:36 32256 c:\windows\system32\dllcache\brmfrsmg.exe
- 2011-11-12 22:29 . 2001-08-18 03:36 29696 c:\windows\system32\dllcache\brmflpt.dll
+ 2011-11-12 22:29 . 2001-08-18 02:36 29696 c:\windows\system32\dllcache\brmflpt.dll
- 2011-11-12 22:29 . 2001-08-18 03:36 81408 c:\windows\system32\dllcache\brmfcwia.dll
+ 2011-11-12 22:29 . 2001-08-18 02:36 81408 c:\windows\system32\dllcache\brmfcwia.dll
- 2011-11-12 22:29 . 2001-08-18 03:36 15360 c:\windows\system32\dllcache\brmfbidi.dll
+ 2011-11-12 22:29 . 2001-08-18 02:36 15360 c:\windows\system32\dllcache\brmfbidi.dll
- 2011-11-12 22:29 . 2001-08-17 18:12 12160 c:\windows\system32\dllcache\brfiltlo.sys
+ 2011-11-12 22:29 . 2001-08-17 17:12 12160 c:\windows\system32\dllcache\brfiltlo.sys
- 2011-11-12 22:29 . 2001-08-18 03:36 12800 c:\windows\system32\dllcache\brevif.dll
+ 2011-11-12 22:29 . 2001-08-18 02:36 12800 c:\windows\system32\dllcache\brevif.dll
- 2011-11-12 22:29 . 2001-08-18 03:36 19456 c:\windows\system32\dllcache\brbidiif.dll
+ 2011-11-12 22:29 . 2001-08-18 02:36 19456 c:\windows\system32\dllcache\brbidiif.dll
- 2011-11-12 22:29 . 2008-04-13 19:46 11776 c:\windows\system32\dllcache\bdasup.sys
+ 2011-11-12 22:29 . 2008-04-13 18:46 11776 c:\windows\system32\dllcache\bdasup.sys
+ 2011-11-12 22:29 . 2001-08-17 16:11 26568 c:\windows\system32\dllcache\bcm4e5.sys
- 2011-11-12 22:29 . 2001-08-17 17:11 26568 c:\windows\system32\dllcache\bcm4e5.sys
+ 2011-11-12 22:29 . 2001-08-17 16:11 54271 c:\windows\system32\dllcache\bcm42xx5.sys
- 2011-11-12 22:29 . 2001-08-17 17:11 54271 c:\windows\system32\dllcache\bcm42xx5.sys
+ 2011-11-12 22:29 . 2001-08-17 16:11 66557 c:\windows\system32\dllcache\bcm42u.sys
- 2011-11-12 22:29 . 2001-08-17 17:11 66557 c:\windows\system32\dllcache\bcm42u.sys
+ 2011-11-12 22:29 . 2008-04-13 18:36 14208 c:\windows\system32\dllcache\battc.sys
- 2011-11-12 22:29 . 2008-04-13 19:36 14208 c:\windows\system32\dllcache\battc.sys
+ 2011-11-12 22:29 . 2001-08-17 16:48 36128 c:\windows\system32\dllcache\banshee.sys
- 2011-11-12 22:29 . 2001-08-17 17:48 36128 c:\windows\system32\dllcache\banshee.sys
- 2011-11-12 22:29 . 2001-08-17 17:11 96640 c:\windows\system32\dllcache\b57xp32.sys
+ 2011-11-12 22:29 . 2001-08-17 16:11 96640 c:\windows\system32\dllcache\b57xp32.sys
- 2011-11-12 22:29 . 2001-08-17 17:13 89952 c:\windows\system32\dllcache\b1cbase.sys
+ 2011-11-12 22:29 . 2001-08-17 16:13 89952 c:\windows\system32\dllcache\b1cbase.sys
- 2011-11-12 22:29 . 2001-08-17 17:19 36992 c:\windows\system32\dllcache\aztw2320.sys
+ 2011-11-12 22:29 . 2001-08-17 16:19 36992 c:\windows\system32\dllcache\aztw2320.sys
- 2011-11-12 22:29 . 2001-08-17 17:13 37568 c:\windows\system32\dllcache\avmwan.sys
+ 2011-11-12 22:29 . 2001-08-17 16:13 37568 c:\windows\system32\dllcache\avmwan.sys
+ 2011-11-12 22:29 . 2001-08-18 02:36 87552 c:\windows\system32\dllcache\avmcoxp.dll
- 2011-11-12 22:29 . 2001-08-18 03:36 87552 c:\windows\system32\dllcache\avmcoxp.dll
- 2011-11-12 22:29 . 2008-04-13 19:46 13696 c:\windows\system32\dllcache\avcstrm.sys
+ 2011-11-12 22:29 . 2008-04-13 18:46 13696 c:\windows\system32\dllcache\avcstrm.sys
- 2011-11-12 22:29 . 2001-08-17 19:01 36096 c:\windows\system32\dllcache\avcaudio.sys
+ 2011-11-12 22:29 . 2001-08-17 18:01 36096 c:\windows\system32\dllcache\avcaudio.sys
+ 2011-11-12 22:29 . 2008-04-13 18:46 38912 c:\windows\system32\dllcache\avc.sys
- 2011-11-12 22:29 . 2008-04-13 19:46 38912 c:\windows\system32\dllcache\avc.sys
+ 2011-11-12 22:29 . 2001-08-17 16:49 23552 c:\windows\system32\dllcache\atixbar.sys
- 2011-11-12 22:29 . 2001-08-17 17:49 23552 c:\windows\system32\dllcache\atixbar.sys
+ 2011-11-12 22:29 . 2001-08-17 16:49 26624 c:\windows\system32\dllcache\ativxbar.sys
- 2011-11-12 22:29 . 2001-08-17 17:49 26624 c:\windows\system32\dllcache\ativxbar.sys
+ 2011-11-12 22:29 . 2001-08-17 16:49 19456 c:\windows\system32\dllcache\ativttxx.sys
- 2011-11-12 22:29 . 2001-08-17 17:49 19456 c:\windows\system32\dllcache\ativttxx.sys
+ 2011-11-12 22:29 . 2001-08-17 16:49 17152 c:\windows\system32\dllcache\atitvsnd.sys
- 2011-11-12 22:29 . 2001-08-17 17:49 17152 c:\windows\system32\dllcache\atitvsnd.sys
- 2011-11-12 22:29 . 2001-08-17 17:49 17152 c:\windows\system32\dllcache\atitunep.sys
+ 2011-11-12 22:29 . 2001-08-17 16:49 17152 c:\windows\system32\dllcache\atitunep.sys
+ 2011-11-12 22:29 . 2001-08-17 16:49 26880 c:\windows\system32\dllcache\atirtsnd.sys
- 2011-11-12 22:29 . 2001-08-17 17:49 26880 c:\windows\system32\dllcache\atirtsnd.sys
+ 2011-11-12 22:29 . 2001-08-17 16:49 49920 c:\windows\system32\dllcache\atirtcap.sys
- 2011-11-12 22:29 . 2001-08-17 17:49 49920 c:\windows\system32\dllcache\atirtcap.sys
- 2011-11-12 22:29 . 2001-08-17 17:48 70528 c:\windows\system32\dllcache\atiragem.sys
+ 2011-11-12 22:29 . 2001-08-17 16:48 70528 c:\windows\system32\dllcache\atiragem.sys
- 2011-11-12 22:29 . 2001-08-17 17:49 10240 c:\windows\system32\dllcache\atipcxxx.sys
+ 2011-11-12 22:29 . 2001-08-17 16:49 10240 c:\windows\system32\dllcache\atipcxxx.sys
+ 2011-11-12 22:29 . 2001-08-17 16:49 75136 c:\windows\system32\dllcache\atimpae.sys
- 2011-11-12 22:29 . 2001-08-17 17:49 75136 c:\windows\system32\dllcache\atimpae.sys
- 2011-11-12 22:29 . 2001-08-18 03:36 37376 c:\windows\system32\dllcache\atievxx.exe
+ 2011-11-12 22:29 . 2001-08-18 02:36 37376 c:\windows\system32\dllcache\atievxx.exe
- 2011-11-12 22:29 . 2001-08-17 17:49 46464 c:\windows\system32\dllcache\atibt829.sys
+ 2011-11-12 22:29 . 2001-08-17 16:49 46464 c:\windows\system32\dllcache\atibt829.sys
- 2011-11-12 22:29 . 2001-08-17 18:57 77568 c:\windows\system32\dllcache\ati.sys
+ 2011-11-12 22:29 . 2001-08-17 17:57 77568 c:\windows\system32\dllcache\ati.sys
- 2011-11-12 22:29 . 2001-08-17 19:55 96128 c:\windows\system32\dllcache\ati.dll
+ 2011-11-12 22:29 . 2001-08-17 18:55 96128 c:\windows\system32\dllcache\ati.dll
+ 2011-11-12 22:29 . 2001-08-17 16:12 97354 c:\windows\system32\dllcache\aspndis3.sys
- 2011-11-12 22:29 . 2001-08-17 17:12 97354 c:\windows\system32\dllcache\aspndis3.sys
- 2011-11-12 22:29 . 2001-08-17 18:51 14848 c:\windows\system32\dllcache\asc3550.sys
+ 2011-11-12 22:29 . 2001-08-17 17:51 14848 c:\windows\system32\dllcache\asc3550.sys
+ 2011-11-12 22:29 . 2001-08-17 17:52 22400 c:\windows\system32\dllcache\asc3350p.sys
- 2011-11-12 22:29 . 2001-08-17 18:52 22400 c:\windows\system32\dllcache\asc3350p.sys
+ 2011-11-12 22:29 . 2001-08-17 17:52 26496 c:\windows\system32\dllcache\asc.sys
- 2011-11-12 22:29 . 2001-08-17 18:52 26496 c:\windows\system32\dllcache\asc.sys
- 2011-11-12 22:29 . 2004-08-04 03:31 36224 c:\windows\system32\dllcache\an983.sys
+ 2011-11-12 22:29 . 2004-08-04 02:31 36224 c:\windows\system32\dllcache\an983.sys
- 2011-11-12 22:29 . 2001-08-17 18:52 12032 c:\windows\system32\dllcache\amsint.sys
+ 2011-11-12 22:29 . 2001-08-17 17:52 12032 c:\windows\system32\dllcache\amsint.sys
- 2011-11-12 22:29 . 2001-08-17 17:11 16969 c:\windows\system32\dllcache\amb8002.sys
+ 2011-11-12 22:29 . 2001-08-17 16:11 16969 c:\windows\system32\dllcache\amb8002.sys
- 2011-11-12 22:29 . 2001-08-17 18:49 26624 c:\windows\system32\dllcache\alifir.sys
+ 2011-11-12 22:29 . 2001-08-17 17:49 26624 c:\windows\system32\dllcache\alifir.sys
- 2011-11-12 22:29 . 2001-08-17 17:11 27678 c:\windows\system32\dllcache\ali5261.sys
+ 2011-11-12 22:29 . 2001-08-17 16:11 27678 c:\windows\system32\dllcache\ali5261.sys
+ 2011-11-12 22:29 . 2001-08-17 18:07 56960 c:\windows\system32\dllcache\aic78xx.sys
- 2011-11-12 22:29 . 2001-08-17 19:07 56960 c:\windows\system32\dllcache\aic78xx.sys
+ 2011-11-12 22:29 . 2001-08-17 18:07 55168 c:\windows\system32\dllcache\aic78u2.sys
- 2011-11-12 22:29 . 2001-08-17 19:07 55168 c:\windows\system32\dllcache\aic78u2.sys
+ 2011-11-12 22:29 . 2001-08-17 17:52 12800 c:\windows\system32\dllcache\aha154x.sys
- 2011-11-12 22:29 . 2001-08-17 18:52 12800 c:\windows\system32\dllcache\aha154x.sys
+ 2011-11-12 22:28 . 2001-08-17 16:11 46112 c:\windows\system32\dllcache\adptsf50.sys
- 2011-11-12 22:28 . 2001-08-17 17:11 46112 c:\windows\system32\dllcache\adptsf50.sys
+ 2011-11-12 22:28 . 2004-08-04 02:32 10880 c:\windows\system32\dllcache\admjoy.sys
- 2011-11-12 22:28 . 2004-08-04 03:32 10880 c:\windows\system32\dllcache\admjoy.sys
- 2011-11-12 22:28 . 2001-08-17 17:11 20160 c:\windows\system32\dllcache\adm8511.sys
+ 2011-11-12 22:28 . 2001-08-17 16:11 20160 c:\windows\system32\dllcache\adm8511.sys
+ 2011-11-12 22:28 . 2001-08-18 02:36 61440 c:\windows\system32\dllcache\acerscad.dll
- 2011-11-12 22:28 . 2001-08-18 03:36 61440 c:\windows\system32\dllcache\acerscad.dll
- 2011-11-12 22:28 . 2004-08-04 03:32 84480 c:\windows\system32\dllcache\ac97via.sys
+ 2011-11-12 22:28 . 2004-08-04 02:32 84480 c:\windows\system32\dllcache\ac97via.sys
- 2011-11-12 22:28 . 2001-08-17 17:20 96256 c:\windows\system32\dllcache\ac97intc.sys
+ 2011-11-12 22:28 . 2001-08-17 16:20 96256 c:\windows\system32\dllcache\ac97intc.sys
- 2011-11-12 22:28 . 2001-08-17 18:52 23552 c:\windows\system32\dllcache\abp480n5.sys
+ 2011-11-12 22:28 . 2001-08-17 17:52 23552 c:\windows\system32\dllcache\abp480n5.sys
+ 2011-11-12 22:28 . 2001-08-18 02:36 98304 c:\windows\system32\dllcache\a3d.dll
- 2011-11-12 22:28 . 2001-08-18 03:36 98304 c:\windows\system32\dllcache\a3d.dll
+ 2011-11-12 22:28 . 2001-08-17 18:55 38400 c:\windows\system32\dllcache\8514a.dll
- 2011-11-12 22:28 . 2001-08-17 19:55 38400 c:\windows\system32\dllcache\8514a.dll
- 2011-11-12 22:28 . 2008-04-13 19:46 48128 c:\windows\system32\dllcache\61883.sys
+ 2011-11-12 22:28 . 2008-04-13 18:46 48128 c:\windows\system32\dllcache\61883.sys
+ 2011-11-12 22:28 . 2008-04-13 18:40 12288 c:\windows\system32\dllcache\4mmdat.sys
- 2011-11-12 22:28 . 2008-04-13 19:40 12288 c:\windows\system32\dllcache\4mmdat.sys
- 2011-11-12 22:28 . 2001-08-17 19:06 11264 c:\windows\system32\dllcache\1394vdbg.sys
+ 2011-11-12 22:28 . 2001-08-17 18:06 11264 c:\windows\system32\dllcache\1394vdbg.sys
+ 2012-05-18 15:53 . 2012-05-19 03:29 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012051820120519\index.dat
+ 2012-05-18 17:00 . 2012-05-18 17:00 24576 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{E9C4D98A-A10A-11E1-8BB5-001150BB0681}.dat
+ 2012-05-10 04:24 . 2012-05-19 03:29 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
- 2012-05-10 04:24 . 2012-05-17 22:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
- 2011-11-12 22:57 . 2001-08-18 03:37 4608 c:\windows\system32\dllcache\xrxflnch.exe
+ 2011-11-12 22:57 . 2001-08-18 02:37 4608 c:\windows\system32\dllcache\xrxflnch.exe
- 2011-11-12 22:57 . 2008-04-14 01:12 8192 c:\windows\system32\dllcache\wshirda.dll
+ 2011-11-12 22:57 . 2008-04-14 00:12 8192 c:\windows\system32\dllcache\wshirda.dll
- 2011-11-12 22:56 . 2008-04-13 19:36 8832 c:\windows\system32\dllcache\wmiacpi.sys
+ 2011-11-12 22:56 . 2008-04-13 18:36 8832 c:\windows\system32\dllcache\wmiacpi.sys
+ 2011-11-12 22:55 . 2008-04-13 18:40 5376 c:\windows\system32\dllcache\viaide.sys
- 2011-11-12 22:55 . 2008-04-13 19:40 5376 c:\windows\system32\dllcache\viaide.sys
- 2011-11-12 22:55 . 2001-08-17 18:28 7556 c:\windows\system32\dllcache\usroslba.sys
+ 2011-11-12 22:55 . 2001-08-17 17:28 7556 c:\windows\system32\dllcache\usroslba.sys
- 2011-11-12 22:53 . 2001-08-17 18:51 4992 c:\windows\system32\dllcache\toside.sys
+ 2011-11-12 22:53 . 2001-08-17 17:51 4992 c:\windows\system32\dllcache\toside.sys
- 2011-11-12 22:52 . 2001-08-17 18:52 7040 c:\windows\system32\dllcache\tandqic.sys
+ 2011-11-12 22:52 . 2001-08-17 17:52 7040 c:\windows\system32\dllcache\tandqic.sys
+ 2011-11-12 22:51 . 2001-08-17 18:02 3968 c:\windows\system32\dllcache\swusbflt.sys
- 2011-11-12 22:51 . 2001-08-17 19:02 3968 c:\windows\system32\dllcache\swusbflt.sys
+ 2011-11-12 22:50 . 2001-08-17 17:56 7552 c:\windows\system32\dllcache\sonypvu1.sys
- 2011-11-12 22:50 . 2001-08-17 18:56 7552 c:\windows\system32\dllcache\sonypvu1.sys
+ 2011-11-12 22:50 . 2001-08-17 17:53 9600 c:\windows\system32\dllcache\sonymc.sys
- 2011-11-12 22:50 . 2001-08-17 18:53 9600 c:\windows\system32\dllcache\sonymc.sys
+ 2011-11-12 22:50 . 2008-04-13 18:40 7552 c:\windows\system32\dllcache\sonyait.sys
- 2011-11-12 22:50 . 2008-04-13 19:40 7552 c:\windows\system32\dllcache\sonyait.sys
+ 2011-11-12 22:50 . 2001-08-17 17:53 7040 c:\windows\system32\dllcache\snyaitmc.sys
- 2011-11-12 22:50 . 2001-08-17 18:53 7040  c:\windows\system32\dllcache\snyaitmc.sys
- 2011-11-12 22:50 . 2001-08-17 18:57 6784 c:\windows\system32\dllcache\smbhc.sys
+ 2011-11-12 22:50 . 2001-08-17 17:57 6784 c:\windows\system32\dllcache\smbhc.sys
+ 2011-11-12 22:49 . 2008-04-13 18:36 6912 c:\windows\system32\dllcache\smbclass.sys
- 2011-11-12 22:49 . 2008-04-13 19:36 6912 c:\windows\system32\dllcache\smbclass.sys
- 2011-11-12 22:48 . 2001-08-17 18:53 6784 c:\windows\system32\dllcache\serscan.sys
+ 2011-11-12 22:48 . 2001-08-17 17:53 6784 c:\windows\system32\dllcache\serscan.sys
- 2011-11-12 22:48 . 2001-08-17 18:53 6912 c:\windows\system32\dllcache\seaddsmc.sys
+ 2011-11-12 22:48 . 2001-08-17 17:53 6912 c:\windows\system32\dllcache\seaddsmc.sys
- 2011-11-12 22:46 . 2001-08-18 03:36 9216 c:\windows\system32\dllcache\rsmgrstr.dll
+ 2011-11-12 22:46 . 2001-08-18 02:36 9216 c:\windows\system32\dllcache\rsmgrstr.dll
+ 2011-11-12 22:46 . 2001-08-17 16:19 3840 c:\windows\system32\dllcache\rpfun.sys
- 2011-11-12 22:46 . 2001-08-17 17:19 3840 c:\windows\system32\dllcache\rpfun.sys
+ 2011-11-12 22:46 . 2001-08-17 17:53 3328 c:\windows\system32\dllcache\qv2kux.sys
- 2011-11-12 22:46 . 2001-08-17 18:53 3328 c:\windows\system32\dllcache\qv2kux.sys
- 2011-11-12 22:45 . 2008-04-13 19:40 6016 c:\windows\system32\dllcache\qic157.sys
+ 2011-11-12 22:45 . 2008-04-13 18:40 6016 c:\windows\system32\dllcache\qic157.sys
- 2011-11-12 22:45 . 2001-08-18 03:36 5632 c:\windows\system32\dllcache\ptpusb.dll
+ 2011-11-12 22:45 . 2001-08-18 02:36 5632 c:\windows\system32\dllcache\ptpusb.dll
- 2011-11-12 22:45 . 2008-04-13 19:40 8832 c:\windows\system32\dllcache\powerfil.sys
+ 2011-11-12 22:45 . 2008-04-13 18:40 8832 c:\windows\system32\dllcache\powerfil.sys
- 2011-11-12 22:45 . 2001-08-17 18:53 7168 c:\windows\system32\dllcache\pnrmc.sys
+ 2011-11-12 22:45 . 2001-08-17 17:53 7168 c:\windows\system32\dllcache\pnrmc.sys
+ 2011-11-12 22:44 . 2001-08-17 18:07 5504 c:\windows\system32\dllcache\perc2hib.sys
- 2011-11-12 22:44 . 2001-08-17 19:07 5504 c:\windows\system32\dllcache\perc2hib.sys
+ 2011-11-12 22:42 . 2001-08-17 17:47 9344 c:\windows\system32\dllcache\ntapm.sys
- 2011-11-12 22:42 . 2001-08-17 18:47 9344 c:\windows\system32\dllcache\ntapm.sys
+ 2011-11-12 22:42 . 2001-08-17 17:53 7552 c:\windows\system32\dllcache\nsmmc.sys
- 2011-11-12 22:42 . 2001-08-17 18:53 7552 c:\windows\system32\dllcache\nsmmc.sys
+ 2011-11-12 22:41 . 2001-08-18 02:36 7168 c:\windows\system32\dllcache\mxport.dll
- 2011-11-12 22:41 . 2001-08-18 03:36 7168 c:\windows\system32\dllcache\mxport.dll
+ 2011-11-12 22:41 . 2008-04-13 18:39 5504 c:\windows\system32\dllcache\mstee.sys
- 2011-11-12 22:41 . 2008-04-13 19:39 5504 c:\windows\system32\dllcache\mstee.sys
- 2011-11-12 22:41 . 2001-08-17 19:00 2944 c:\windows\system32\dllcache\msmpu401.sys
+ 2011-11-12 22:41 . 2001-08-17 18:00 2944 c:\windows\system32\dllcache\msmpu401.sys
- 2011-11-12 22:40 . 2001-08-17 18:48 6016 c:\windows\system32\dllcache\msfsio.sys
+ 2011-11-12 22:40 . 2001-08-17 17:48 6016 c:\windows\system32\dllcache\msfsio.sys
- 2011-11-12 22:40 . 2001-08-17 18:52 6528 c:\windows\system32\dllcache\miniqic.sys
+ 2011-11-12 22:40 . 2001-08-17 17:52 6528 c:\windows\system32\dllcache\miniqic.sys
- 2011-11-12 22:40 . 2001-08-17 18:58  8320 c:\windows\system32\dllcache\memcard.sys
+ 2011-11-12 22:40 . 2001-08-17 17:58 8320 c:\windows\system32\dllcache\memcard.sys
+ 2011-11-12 22:39 . 2001-08-17 17:52 7424 c:\windows\system32\dllcache\mammoth.sys
- 2011-11-12 22:39 . 2001-08-17 18:52 7424 c:\windows\system32\dllcache\mammoth.sys
+ 2011-11-12 22:39 . 2008-04-13 18:40 7040 c:\windows\system32\dllcache\ltotape.sys
- 2011-11-12 22:39 . 2008-04-13 19:40 7040 c:\windows\system32\dllcache\ltotape.sys
- 2011-11-12 22:39 . 2001-08-17 18:53 4992 c:\windows\system32\dllcache\loop.sys
+ 2011-11-12 22:39 . 2001-08-17 17:53 4992 c:\windows\system32\dllcache\loop.sys
- 2011-11-12 22:38 . 2001-08-18 03:36 8192 c:\windows\system32\dllcache\kbdkor.dll
+ 2011-11-12 22:38 . 2001-08-18 02:36 8192 c:\windows\system32\dllcache\kbdkor.dll
+ 2011-11-12 22:38 . 2001-08-18 02:36 8704 c:\windows\system32\dllcache\kbdjpn.dll
- 2011-11-12 22:38 . 2001-08-18 03:36 8704 c:\windows\system32\dllcache\kbdjpn.dll
- 2011-11-12 22:38 . 2008-04-14 01:09 6144 c:\windows\system32\dllcache\kbd106.dll
+ 2011-11-12 22:38 . 2008-04-14 00:09 6144 c:\windows\system32\dllcache\kbd106.dll
- 2011-11-12 22:38 . 2001-08-17 19:55 5632 c:\windows\system32\dllcache\kbd103.dll
+ 2011-11-12 22:38 . 2001-08-17 18:55 5632 c:\windows\system32\dllcache\kbd103.dll
- 2011-11-12 22:38 . 2001-08-17 19:55 6144 c:\windows\system32\dllcache\kbd101c.dll
+ 2011-11-12 22:38 . 2001-08-17 18:55 6144 c:\windows\system32\dllcache\kbd101c.dll
+ 2011-11-12 22:38 . 2001-08-17 18:55 6144 c:\windows\system32\dllcache\kbd101b.dll
- 2011-11-12 22:38 . 2001-08-17 19:55 6144 c:\windows\system32\dllcache\kbd101b.dll
+ 2011-11-12 22:37 . 2008-04-13 18:40 5504 c:\windows\system32\dllcache\intelide.sys
- 2011-11-12 22:37 . 2008-04-13 19:40 5504 c:\windows\system32\dllcache\intelide.sys
+ 2011-11-12 22:36 . 2001-08-18 02:34 9216 c:\windows\system32\dllcache\ibmsgnet.dll
- 2011-11-12 22:36 . 2001-08-18 03:34 9216 c:\windows\system32\dllcache\ibmsgnet.dll
+ 2011-11-12 22:36 . 2008-04-13 18:41 8576 c:\windows\system32\dllcache\i2omgmt.sys
- 2011-11-12 22:36 . 2008-04-13 19:41 8576 c:\windows\system32\dllcache\i2omgmt.sys
- 2011-11-12 22:35 . 2001-08-18 03:36 9759 c:\windows\system32\dllcache\hsf_inst.dll
+ 2011-11-12 22:35 . 2001-08-18 02:36 9759 c:\windows\system32\dllcache\hsf_inst.dll
+ 2011-11-12 22:35 . 2001-08-17 17:52 5760 c:\windows\system32\dllcache\hpt4qic.sys
- 2011-11-12 22:35 . 2001-08-17 18:52 5760 c:\windows\system32\dllcache\hpt4qic.sys
+ 2011-11-12 22:35 . 2001-08-17 18:02 2688 c:\windows\system32\dllcache\hidswvd.sys
- 2011-11-12 22:35 . 2001-08-17 19:02 2688 c:\windows\system32\dllcache\hidswvd.sys
- 2011-11-12 22:35 . 2001-08-17 19:02 8576 c:\windows\system32\dllcache\hidgame.sys
+ 2011-11-12 22:35 . 2001-08-17 18:02 8576 c:\windows\system32\dllcache\hidgame.sys
- 2008-06-05 22:47 . 2001-08-18 03:36 7168 c:\windows\system32\dllcache\EXCH_snprfdll.dll
+ 2008-06-05 22:47 . 2001-08-18 02:36 7168 c:\windows\system32\dllcache\EXCH_snprfdll.dll
+ 2008-06-05 22:46 . 2001-08-18 02:36 5632 c:\windows\system32\dllcache\EXCH_adsiisex.dll
- 2008-06-05 22:46 . 2001-08-18 03:36 5632 c:\windows\system32\dllcache\EXCH_adsiisex.dll
- 2011-11-12 22:33 . 2001-08-17 18:52 7040 c:\windows\system32\dllcache\exabyte2.sys
+ 2011-11-12 22:33 . 2001-08-17 17:52 7040 c:\windows\system32\dllcache\exabyte2.sys
+ 2011-11-12 22:32 . 2001-08-17 17:53 7296 c:\windows\system32\dllcache\elmsmc.sys
- 2011-11-12 22:32 . 2001-08-17 18:53 7296 c:\windows\system32\dllcache\elmsmc.sys
- 2011-11-12 22:32 . 2001-08-17 18:47 8704 c:\windows\system32\dllcache\dot4scan.sys
+ 2011-11-12 22:32 . 2001-08-17 17:47 8704 c:\windows\system32\dllcache\dot4scan.sys
+ 2011-11-12 22:32 . 2008-04-13 18:40 8320 c:\windows\system32\dllcache\dlttape.sys
- 2011-11-12 22:32 . 2008-04-13 19:40 8320 c:\windows\system32\dllcache\dlttape.sys
+ 2011-11-12 22:32 . 2001-08-18 02:36 6216 c:\windows\system32\dllcache\divaci.dll
- 2011-11-12 22:32 . 2001-08-18 03:36 6216 c:\windows\system32\dllcache\divaci.dll
+ 2011-11-12 22:31 . 2001-08-18 02:36 6729 c:\windows\system32\dllcache\disrvci.dll
- 2011-11-12 22:31 . 2001-08-18 03:36 6729 c:\windows\system32\dllcache\disrvci.dll
- 2011-11-12 22:31 . 2001-08-17 18:52 7424 c:\windows\system32\dllcache\ddsmc.sys
+ 2011-11-12 22:31 . 2001-08-17 17:52 7424 c:\windows\system32\dllcache\ddsmc.sys
+ 2011-11-12 22:31 . 2001-08-17 16:19 3584 c:\windows\system32\dllcache\cwcosnt5.sys
- 2011-11-12 22:31 . 2001-08-17 17:19 3584 c:\windows\system32\dllcache\cwcosnt5.sys
- 2011-11-12 22:31 . 2001-08-17 17:19 3072 c:\windows\system32\dllcache\cwbmidi.sys
+ 2011-11-12 22:31 . 2001-08-17 16:19 3072 c:\windows\system32\dllcache\cwbmidi.sys
+ 2011-11-12 22:31 . 2001-08-17 16:19 3072 c:\windows\system32\dllcache\cwbase.sys
- 2011-11-12 22:31 . 2001-08-17 17:19 3072 c:\windows\system32\dllcache\cwbase.sys
- 2011-11-12 22:31 . 2001-08-18 03:36 4096 c:\windows\system32\dllcache\ctwdm32.dll
+ 2011-11-12 22:31 . 2001-08-18 02:36 4096 c:\windows\system32\dllcache\ctwdm32.dll
+ 2011-11-12 22:30 . 2001-08-17 16:19 3712 c:\windows\system32\dllcache\ctljystk.sys
- 2011-11-12 22:30 . 2001-08-17 17:19 3712 c:\windows\system32\dllcache\ctljystk.sys
+ 2011-11-12 22:30 . 2001-08-17 16:19 6912 c:\windows\system32\dllcache\ctlfacem.sys
- 2011-11-12 22:30 . 2001-08-17 17:19 6912 c:\windows\system32\dllcache\ctlfacem.sys
+ 2011-11-12 22:30 . 2001-08-17 17:51 6656 c:\windows\system32\dllcache\cmdide.sys
- 2011-11-12 22:30 . 2001-08-17 18:51 6656 c:\windows\system32\dllcache\cmdide.sys
- 2011-11-12 22:30 . 2008-04-13 19:40 8192 c:\windows\system32\dllcache\changer.sys
+ 2011-11-12 22:30 . 2008-04-13 18:40 8192 c:\windows\system32\dllcache\changer.sys
+ 2011-11-12 22:30 . 2001-08-17 17:52 7680 c:\windows\system32\dllcache\cd20xrnt.sys
- 2011-11-12 22:30 . 2001-08-17 18:52 7680 c:\windows\system32\dllcache\cd20xrnt.sys
+ 2011-11-12 22:29 . 2001-08-18 02:36 9728 c:\windows\system32\dllcache\brserif.dll
- 2011-11-12 22:29 . 2001-08-18 03:36 9728 c:\windows\system32\dllcache\brserif.dll
+ 2011-11-12 22:29 . 2001-08-18 02:36 5120 c:\windows\system32\dllcache\brscnrsm.dll
- 2011-11-12 22:29 . 2001-08-18 03:36 5120 c:\windows\system32\dllcache\brscnrsm.dll
- 2011-11-12 22:29 . 2001-08-17 18:12 3168 c:\windows\system32\dllcache\brparimg.sys
+ 2011-11-12 22:29 . 2001-08-17 17:12 3168 c:\windows\system32\dllcache\brparimg.sys
- 2011-11-12 22:29 . 2001-08-17 18:12 3968 c:\windows\system32\dllcache\brfiltup.sys
+ 2011-11-12 22:29 . 2001-08-17 17:12 3968 c:\windows\system32\dllcache\brfiltup.sys
+ 2011-11-12 22:29 . 2001-08-17 17:12 2944 c:\windows\system32\dllcache\brfilt.sys
- 2011-11-12 22:29 . 2001-08-17 18:12 2944 c:\windows\system32\dllcache\brfilt.sys
- 2011-11-12 22:29 . 2001-08-18 03:36 9728 c:\windows\system32\dllcache\brcoinst.dll
+ 2011-11-12 22:29 . 2001-08-18 02:36 9728 c:\windows\system32\dllcache\brcoinst.dll
- 2011-11-12 22:29 . 2001-08-17 17:49 9472 c:\windows\system32\dllcache\ativmdcd.sys
+ 2011-11-12 22:29 . 2001-08-17 16:49 9472 c:\windows\system32\dllcache\ativmdcd.sys
- 2011-11-12 22:29 . 2001-08-17 18:47 6272 c:\windows\system32\dllcache\apmbatt.sys
+ 2011-11-12 22:29 . 2001-08-17 17:47 6272 c:\windows\system32\dllcache\apmbatt.sys
- 2011-11-12 22:29 . 2001-08-17 18:51 5248 c:\windows\system32\dllcache\aliide.sys
+ 2011-11-12 22:29 . 2001-08-17 17:51 5248 c:\windows\system32\dllcache\aliide.sys
- 2011-11-12 22:28 . 2001-08-17 18:53 7424 c:\windows\system32\dllcache\adicvls.sys
+ 2011-11-12 22:28 . 2001-08-17 17:53 7424 c:\windows\system32\dllcache\adicvls.sys
+ 2012-05-18 17:00 . 2012-05-18 17:00 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{E9C4D993-A10A-11E1-8BB5-001150BB0681}.dat
+ 2012-05-18 17:00 . 2012-05-18 17:00 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{E9C4D991-A10A-11E1-8BB5-001150BB0681}.dat
+ 2012-05-18 17:00 . 2012-05-18 17:00 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{E9C4D98E-A10A-11E1-8BB5-001150BB0681}.dat
+ 2012-05-18 17:00 . 2012-05-18 17:00 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{E9C4D98B-A10A-11E1-8BB5-001150BB0681}.dat
+ 2012-05-18 17:00 . 2012-05-18 17:00 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{E9C4D989-A10A-11E1-8BB5-001150BB0681}.dat
+ 2012-05-18 17:00 . 2012-05-18 17:00 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{E9C4D988-A10A-11E1-8BB5-001150BB0681}.dat
+ 2012-05-18 17:00 . 2012-05-18 17:00 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{E9C4D986-A10A-11E1-8BB5-001150BB0681}.dat
+ 2012-05-18 17:00 . 2012-05-18 17:00 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{E9C4D984-A10A-11E1-8BB5-001150BB0681}.dat
- 2012-05-17 21:50 . 2012-05-17 22:41 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{45606BB8-A06A-11E1-8BB0-001150BB0681}.dat
+ 2012-05-17 21:50 . 2012-05-19 03:30 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{45606BB8-A06A-11E1-8BB0-001150BB0681}.dat
+ 2012-05-19 03:30 . 2012-05-19 03:30 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{F278AD8C-A162-11E1-8BB8-001150BB0681}.dat
+ 2012-05-18 17:00 . 2012-05-18 17:00 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{E9C4D994-A10A-11E1-8BB5-001150BB0681}.dat
+ 2012-05-18 17:00 . 2012-05-18 17:00 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{E9C4D992-A10A-11E1-8BB5-001150BB0681}.dat
+ 2012-05-18 17:00 . 2012-05-18 17:00 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{E9C4D990-A10A-11E1-8BB5-001150BB0681}.dat
+ 2012-05-18 17:00 . 2012-05-18 17:00 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{E9C4D98F-A10A-11E1-8BB5-001150BB0681}.dat
+ 2012-05-18 17:00 . 2012-05-18 17:00 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{E9C4D98D-A10A-11E1-8BB5-001150BB0681}.dat
+ 2012-05-18 17:00 . 2012-05-18 17:00 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{E9C4D98C-A10A-11E1-8BB5-001150BB0681}.dat
+ 2012-05-18 17:00 . 2012-05-18 17:00 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{E9C4D985-A10A-11E1-8BB5-001150BB0681}.dat
+ 2012-05-18 16:39 . 2012-05-18 16:39 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{0BF61538-A108-11E1-8BB5-001150BB0681}.dat
+ 2012-05-18 16:46 . 2012-05-18 16:46 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{08BDA754-A109-11E1-8BB5-001150BB0681}.dat
+ 2012-05-18 16:39 . 2012-05-18 16:44 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0BF61539-A108-11E1-8BB5-001150BB0681}.dat
+ 2012-05-18 16:46 . 2012-05-18 16:49 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{08BDA755-A109-11E1-8BB5-001150BB0681}.dat
+ 2004-08-04 10:00 . 2008-04-14 00:12 507904 c:\windows\system32\winlogon.exe
+ 2008-06-05 23:05 . 2001-08-17 16:12 117760 c:\windows\system32\drivers\e100b325.sys
+ 2008-06-05 23:00 . 2004-08-04 02:29 701440 c:\windows\system32\drivers\ati2mtag.sys
+ 2011-11-12 22:58 . 2008-04-14 00:12 116224 c:\windows\system32\dllcache\xrxwiadr.dll
- 2011-11-12 22:58 . 2008-04-14 01:12 116224 c:\windows\system32\dllcache\xrxwiadr.dll
- 2011-11-12 22:56 . 2004-08-04 03:31 154624 c:\windows\system32\dllcache\wlluc48.sys
+ 2011-11-12 22:56 . 2004-08-04 02:31 154624 c:\windows\system32\dllcache\wlluc48.sys
+ 2004-08-04 10:00 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\winlogon.exe
+ 2011-11-12 22:56 . 2001-08-17 17:28 771581 c:\windows\system32\dllcache\winacisa.sys
- 2011-11-12 22:56 . 2001-08-17 18:28 771581 c:\windows\system32\dllcache\winacisa.sys
- 2011-11-12 22:56 . 2001-08-17 18:28 701386 c:\windows\system32\dllcache\wdhaalba.sys
+ 2011-11-12 22:56 . 2001-08-17 17:28 701386 c:\windows\system32\dllcache\wdhaalba.sys
- 2011-11-12 22:55 . 2001-08-17 18:28 397502 c:\windows\system32\dllcache\vpctcom.sys
+ 2011-11-12 22:55 . 2001-08-17 17:28 397502 c:\windows\system32\dllcache\vpctcom.sys
+ 2011-11-12 22:55 . 2001-08-17 17:28 604253 c:\windows\system32\dllcache\vmodem.sys
- 2011-11-12 22:55 . 2001-08-17 18:28 604253 c:\windows\system32\dllcache\vmodem.sys
- 2011-11-12 22:55 . 2001-08-17 17:14 249402 c:\windows\system32\dllcache\vinwm.sys
+ 2011-11-12 22:55 . 2001-08-17 16:14 249402 c:\windows\system32\dllcache\vinwm.sys
- 2011-11-12 22:55 . 2001-08-17 18:28 687999 c:\windows\system32\dllcache\usrwdxjs.sys
+ 2011-11-12 22:55 . 2001-08-17 17:28 687999 c:\windows\system32\dllcache\usrwdxjs.sys
+ 2011-11-12 22:55 . 2001-08-17 17:28 765884 c:\windows\system32\dllcache\usrti.sys
- 2011-11-12 22:55 . 2001-08-17 18:28 765884 c:\windows\system32\dllcache\usrti.sys
+ 2011-11-12 22:55 . 2001-08-17 17:28 113762 c:\windows\system32\dllcache\usrpda.sys
- 2011-11-12 22:55 . 2001-08-17 18:28 113762 c:\windows\system32\dllcache\usrpda.sys
+ 2011-11-12 22:54 . 2001-08-17 17:28 224802 c:\windows\system32\dllcache\usr1807a.sys
- 2011-11-12 22:54 . 2001-08-17 18:28 224802 c:\windows\system32\dllcache\usr1807a.sys
- 2011-11-12 22:54 . 2001-08-17 18:28 794399 c:\windows\system32\dllcache\usr1806v.sys
+ 2011-11-12 22:54 . 2001-08-17 17:28 794399 c:\windows\system32\dllcache\usr1806v.sys
- 2011-11-12 22:54 . 2001-08-17 18:28 793598 c:\windows\system32\dllcache\usr1806.sys
+ 2011-11-12 22:54 . 2001-08-17 17:28 793598 c:\windows\system32\dllcache\usr1806.sys
- 2011-11-12 22:54 . 2001-08-17 18:28 794654 c:\windows\system32\dllcache\usr1801.sys
+ 2011-11-12 22:54 . 2001-08-17 17:28 794654 c:\windows\system32\dllcache\usr1801.sys
+ 2011-11-12 22:54 . 2001-08-18 02:36 211968 c:\windows\system32\dllcache\um54scan.dll
- 2011-11-12 22:54 . 2001-08-18 03:36 211968 c:\windows\system32\dllcache\um54scan.dll
- 2011-11-12 22:54 . 2001-08-18 03:36 216064 c:\windows\system32\dllcache\um34scan.dll
+ 2011-11-12 22:54 . 2001-08-18 02:36 216064 c:\windows\system32\dllcache\um34scan.dll
- 2011-11-12 22:53 . 2001-08-17 17:51 166784 c:\windows\system32\dllcache\tridxpm.sys
+ 2011-11-12 22:53 . 2001-08-17 16:51 166784 c:\windows\system32\dllcache\tridxpm.sys
+ 2011-11-12 22:53 . 2001-08-18 02:36 525568 c:\windows\system32\dllcache\tridxp.dll
- 2011-11-12 22:53 . 2001-08-18 03:36 525568 c:\windows\system32\dllcache\tridxp.dll
+ 2011-11-12 22:53 . 2001-08-17 16:51 159232 c:\windows\system32\dllcache\tridkbm.sys
- 2011-11-12 22:53 . 2001-08-17 17:51 159232 c:\windows\system32\dllcache\tridkbm.sys
+ 2011-11-12 22:53 . 2001-08-17 18:56 440576 c:\windows\system32\dllcache\tridkb.dll
- 2011-11-12 22:53 . 2001-08-17 19:56 440576 c:\windows\system32\dllcache\tridkb.dll
- 2011-11-12 22:53 . 2001-08-17 17:51 222336 c:\windows\system32\dllcache\trid3dm.sys
+ 2011-11-12 22:53 . 2001-08-17 16:51 222336 c:\windows\system32\dllcache\trid3dm.sys
+ 2011-11-12 22:53 . 2001-08-17 18:56 315520 c:\windows\system32\dllcache\trid3d.dll
- 2011-11-12 22:53 . 2001-08-17 19:56 315520 c:\windows\system32\dllcache\trid3d.dll
- 2011-11-12 22:53 . 2001-08-17 19:02 230912 c:\windows\system32\dllcache\tosdvd03.sys
+ 2011-11-12 22:53 . 2001-08-17 18:02 230912 c:\windows\system32\dllcache\tosdvd03.sys
- 2011-11-12 22:53 . 2001-08-17 19:01 241664 c:\windows\system32\dllcache\tosdvd02.sys
+ 2011-11-12 22:53 . 2001-08-17 18:01 241664 c:\windows\system32\dllcache\tosdvd02.sys
- 2011-11-12 22:52 . 2001-08-17 17:14 123995 c:\windows\system32\dllcache\tjisdn.sys
+ 2011-11-12 22:52 . 2001-08-17 16:14 123995 c:\windows\system32\dllcache\tjisdn.sys
- 2011-11-12 22:52 . 2001-08-17 17:51 138528 c:\windows\system32\dllcache\tgiulnt5.sys
+ 2011-11-12 22:52 . 2001-08-17 16:51 138528 c:\windows\system32\dllcache\tgiulnt5.sys
+ 2011-11-12 22:52 . 2008-04-13 18:40 149376 c:\windows\system32\dllcache\tffsport.sys
- 2011-11-12 22:52 . 2008-04-13 19:40 149376 c:\windows\system32\dllcache\tffsport.sys
+ 2011-11-12 22:52 . 2001-08-17 18:56 172768 c:\windows\system32\dllcache\t2r4disp.dll
- 2011-11-12 22:52 . 2001-08-17 19:56 172768 c:\windows\system32\dllcache\t2r4disp.dll
+ 2011-11-12 22:51 . 2001-08-17 17:50 103936 c:\windows\system32\dllcache\sx.sys
- 2011-11-12 22:51 . 2001-08-17 18:50 103936 c:\windows\system32\dllcache\sx.sys
+ 2011-11-12 22:51 . 2001-08-18 02:36 155648 c:\windows\system32\dllcache\stlnprop.dll
- 2011-11-12 22:51 . 2001-08-18 03:36 155648 c:\windows\system32\dllcache\stlnprop.dll
- 2011-11-12 22:51 . 2001-08-17 17:18 285760 c:\windows\system32\dllcache\stlnata.sys
+ 2011-11-12 22:51 . 2001-08-17 16:18 285760 c:\windows\system32\dllcache\stlnata.sys
+ 2011-11-12 22:50 . 2001-08-18 02:36 106584 c:\windows\system32\dllcache\spdports.dll
- 2011-11-12 22:50 . 2001-08-18 03:36 106584 c:\windows\system32\dllcache\spdports.dll
+ 2011-11-12 22:50 . 2001-08-18 02:36 114688 c:\windows\system32\dllcache\sonypi.dll
- 2011-11-12 22:50 . 2001-08-18 03:36 114688 c:\windows\system32\dllcache\sonypi.dll
- 2011-11-12 22:50 . 2001-08-17 19:56 147200 c:\windows\system32\dllcache\smidispb.dll
+ 2011-11-12 22:50 . 2001-08-17 18:56 147200 c:\windows\system32\dllcache\smidispb.dll
- 2011-11-12 22:49 . 2001-08-17 19:56 157696 c:\windows\system32\dllcache\sisv256.dll
+ 2011-11-12 22:49 . 2001-08-17 18:56 157696 c:\windows\system32\dllcache\sisv256.dll
- 2011-11-12 22:49 . 2001-08-18 03:36 238592 c:\windows\system32\dllcache\sisgrv.dll
+ 2011-11-12 22:49 . 2001-08-18 02:36 238592 c:\windows\system32\dllcache\sisgrv.dll
- 2011-11-12 22:49 . 2001-08-17 17:50 104064 c:\windows\system32\dllcache\sisgrp.sys
+ 2011-11-12 22:49 . 2001-08-17 16:50 104064 c:\windows\system32\dllcache\sisgrp.sys
- 2011-11-12 22:49 . 2001-08-17 19:56 150144 c:\windows\system32\dllcache\sis6306v.dll
+ 2011-11-12 22:49 . 2001-08-17 18:56 150144 c:\windows\system32\dllcache\sis6306v.dll
- 2011-11-12 22:49 . 2001-08-17 19:56 252032 c:\windows\system32\dllcache\sis300iv.dll
+ 2011-11-12 22:49 . 2001-08-17 18:56 252032 c:\windows\system32\dllcache\sis300iv.dll
+ 2011-11-12 22:49 . 2001-08-17 16:50 101760 c:\windows\system32\dllcache\sis300ip.sys
- 2011-11-12 22:49 . 2001-08-17 17:50 101760 c:\windows\system32\dllcache\sis300ip.sys
+ 2011-11-12 22:48 . 2001-07-21 18:29 161568 c:\windows\system32\dllcache\sgsmusb.sys
- 2011-11-12 22:48 . 2001-07-21 19:29 161568 c:\windows\system32\dllcache\sgsmusb.sys
+ 2011-11-12 22:48 . 2001-08-18 02:36 386560 c:\windows\system32\dllcache\sgiul50.dll
- 2011-11-12 22:48 . 2001-08-18 03:36 386560 c:\windows\system32\dllcache\sgiul50.dll
+ 2011-11-12 22:47 . 2001-08-18 02:36 495616 c:\windows\system32\dllcache\sblfx.dll
- 2011-11-12 22:47 . 2001-08-18 03:36 495616 c:\windows\system32\dllcache\sblfx.dll
+ 2011-11-12 22:47 . 2001-08-17 18:56 245632 c:\windows\system32\dllcache\s3savmx.dll
- 2011-11-12 22:47 . 2001-08-17 19:56 245632 c:\windows\system32\dllcache\s3savmx.dll
- 2011-11-12 22:47 . 2001-08-17 19:56 198400 c:\windows\system32\dllcache\s3sav4.dll
+ 2011-11-12 22:47 . 2001-08-17 18:56 198400 c:\windows\system32\dllcache\s3sav4.dll
- 2011-11-12 22:47 . 2001-08-17 19:56 179264 c:\windows\system32\dllcache\s3sav3d.dll
+ 2011-11-12 22:47 . 2001-08-17 18:56 179264 c:\windows\system32\dllcache\s3sav3d.dll
+ 2011-11-12 22:47 . 2001-08-17 18:56 210496 c:\windows\system32\dllcache\s3mvirge.dll
- 2011-11-12 22:47 . 2001-08-17 19:56 210496 c:\windows\system32\dllcache\s3mvirge.dll
+ 2011-11-12 22:47 . 2001-08-17 18:56 182272 c:\windows\system32\dllcache\s3mt3d.dll
- 2011-11-12 22:47 . 2001-08-17 19:56 182272 c:\windows\system32\dllcache\s3mt3d.dll
+ 2011-11-12 22:47 . 2001-08-17 16:50 166720 c:\windows\system32\dllcache\s3m.sys
- 2011-11-12 22:47 . 2001-08-17 17:50 166720 c:\windows\system32\dllcache\s3m.sys
- 2011-11-12 22:46 . 2001-08-17 18:28 714762 c:\windows\system32\dllcache\r2mdmkxx.sys
+ 2011-11-12 22:46 . 2001-08-17 17:28 714762 c:\windows\system32\dllcache\r2mdmkxx.sys
+ 2011-11-12 22:46 . 2001-08-17 17:28 899146 c:\windows\system32\dllcache\r2mdkxga.sys
- 2011-11-12 22:46 . 2001-08-17 18:28 899146 c:\windows\system32\dllcache\r2mdkxga.sys
+ 2011-11-12 22:45 . 2001-08-17 17:28 130942 c:\windows\system32\dllcache\ptserlv.sys
- 2011-11-12 22:45 . 2001-08-17 18:28 130942 c:\windows\system32\dllcache\ptserlv.sys
+ 2011-11-12 22:45 . 2001-08-17 17:28 112574 c:\windows\system32\dllcache\ptserlp.sys
- 2011-11-12 22:45 . 2001-08-17 18:28 112574 c:\windows\system32\dllcache\ptserlp.sys
- 2011-11-12 22:45 . 2001-08-17 18:28 128286 c:\windows\system32\dllcache\ptserli.sys
+ 2011-11-12 22:45 . 2001-08-17 17:28 128286 c:\windows\system32\dllcache\ptserli.sys
+ 2011-11-12 22:45 . 2008-04-14 00:12 159232 c:\windows\system32\dllcache\ptpusd.dll
- 2011-11-12 22:45 . 2008-04-14 01:12 159232 c:\windows\system32\dllcache\ptpusd.dll
- 2011-11-12 22:45 . 2008-04-14 01:12 363520 c:\windows\system32\dllcache\psisdecd.dll
+ 2011-11-12 22:45 . 2008-04-14 00:12 363520 c:\windows\system32\dllcache\psisdecd.dll
+ 2011-11-12 22:45 . 2001-08-18 02:36 121344 c:\windows\system32\dllcache\phvfwext.dll
- 2011-11-12 22:45 . 2001-08-18 03:36 121344 c:\windows\system32\dllcache\phvfwext.dll
- 2011-11-12 22:44 . 2001-08-17 19:04 173696 c:\windows\system32\dllcache\philcam2.sys
+ 2011-11-12 22:44 . 2001-08-17 18:04 173696 c:\windows\system32\dllcache\philcam2.sys
- 2011-11-12 22:44 . 2008-04-14 01:10 259328 c:\windows\system32\dllcache\perm3dd.dll
+ 2011-11-12 22:44 . 2008-04-14 00:10 259328 c:\windows\system32\dllcache\perm3dd.dll
- 2011-11-12 22:44 . 2008-04-14 01:10 211584 c:\windows\system32\dllcache\perm2dll.dll
+ 2011-11-12 22:44 . 2008-04-14 00:10 211584 c:\windows\system32\dllcache\perm2dll.dll
+ 2011-11-12 22:44 . 2004-08-04 02:06 169984 c:\windows\system32\dllcache\pcx500.sys
- 2011-11-12 22:44 . 2004-08-04 03:06 169984 c:\windows\system32\dllcache\pcx500.sys
+ 2011-11-12 22:43 . 2001-08-17 18:05 351616 c:\windows\system32\dllcache\ovcodek2.sys
- 2011-11-12 22:43 . 2001-08-17 19:05 351616 c:\windows\system32\dllcache\ovcodek2.sys
+ 2011-11-12 22:43 . 2001-08-18 02:36 116736 c:\windows\system32\dllcache\ovcodec2.dll
- 2011-11-12 22:43 . 2001-08-18 03:36 116736 c:\windows\system32\dllcache\ovcodec2.dll
+ 2011-11-12 22:43 . 2001-08-17 16:50 198144 c:\windows\system32\dllcache\nv3.sys
- 2011-11-12 22:43 . 2001-08-17 17:50 198144 c:\windows\system32\dllcache\nv3.sys
+ 2011-11-12 22:43 . 2001-08-18 02:36 123776 c:\windows\system32\dllcache\nv3.dll
- 2011-11-12 22:43 . 2001-08-18 03:36 123776 c:\windows\system32\dllcache\nv3.dll
+ 2011-11-12 22:42 . 2001-08-17 16:20 126080 c:\windows\system32\dllcache\nm5a2wdm.sys
- 2011-11-12 22:42 . 2001-08-17 17:20 126080 c:\windows\system32\dllcache\nm5a2wdm.sys
+ 2011-11-12 22:42 . 2004-08-04 02:31 132695 c:\windows\system32\dllcache\netwlan5.sys
- 2011-11-12 22:42 . 2004-08-04 03:31 132695 c:\windows\system32\dllcache\netwlan5.sys
- 2011-11-12 22:41 . 2001-08-17 17:11 128000 c:\windows\system32\dllcache\n100325.sys
+ 2011-11-12 22:41 . 2001-08-17 16:11 128000 c:\windows\system32\dllcache\n100325.sys
- 2011-11-12 22:41 . 2001-08-17 17:50 103296 c:\windows\system32\dllcache\mtxvideo.sys
+ 2011-11-12 22:41 . 2001-08-17 16:50 103296 c:\windows\system32\dllcache\mtxvideo.sys
+ 2011-11-12 22:40 . 2001-08-17 16:50 320384 c:\windows\system32\dllcache\mgaum.sys
- 2011-11-12 22:40 . 2001-08-17 17:50 320384 c:\windows\system32\dllcache\mgaum.sys
- 2011-11-12 22:40 . 2001-08-17 19:56 235648 c:\windows\system32\dllcache\mgaud.dll
+ 2011-11-12 22:40 . 2001-08-17 18:56 235648 c:\windows\system32\dllcache\mgaud.dll
+ 2011-11-12 22:40 . 2001-08-17 16:12 164586 c:\windows\system32\dllcache\mdgndis5.sys
- 2011-11-12 22:40 . 2001-08-17 17:12 164586 c:\windows\system32\dllcache\mdgndis5.sys
- 2011-11-12 22:39 . 2001-08-17 18:28 797500 c:\windows\system32\dllcache\ltsmt.sys
+ 2011-11-12 22:39 . 2001-08-17 17:28 797500 c:\windows\system32\dllcache\ltsmt.sys
- 2011-11-12 22:39 . 2001-08-17 18:28 802683 c:\windows\system32\dllcache\ltsm.sys
+ 2011-11-12 22:39 . 2001-08-17 17:28 802683 c:\windows\system32\dllcache\ltsm.sys
+ 2011-11-12 22:39 . 2004-08-04 02:41 420992 c:\windows\system32\dllcache\ltmdmntt.sys
- 2011-11-12 22:39 . 2004-08-04 03:41 420992 c:\windows\system32\dllcache\ltmdmntt.sys
- 2011-11-12 22:39 . 2001-08-17 18:28 576746 c:\windows\system32\dllcache\ltmdmntl.sys
+ 2011-11-12 22:39 . 2001-08-17 17:28 576746 c:\windows\system32\dllcache\ltmdmntl.sys
- 2011-11-12 22:39 . 2004-08-04 03:41 606684 c:\windows\system32\dllcache\ltmdmnt.sys
+ 2011-11-12 22:39 . 2004-08-04 02:41 606684 c:\windows\system32\dllcache\ltmdmnt.sys
- 2011-11-12 22:39 . 2001-08-17 18:28 727786 c:\windows\system32\dllcache\ltck000c.sys
+ 2011-11-12 22:39 . 2001-08-17 17:28 727786 c:\windows\system32\dllcache\ltck000c.sys
+ 2011-11-12 22:38 . 2008-04-14 00:11 253952 c:\windows\system32\dllcache\kdsusd.dll
- 2011-11-12 22:38 . 2008-04-14 01:11 253952 c:\windows\system32\dllcache\kdsusd.dll
- 2011-11-12 22:38 . 2008-04-14 01:12 151552 c:\windows\system32\dllcache\irftp.exe
+ 2011-11-12 22:38 . 2008-04-14 00:12 151552 c:\windows\system32\dllcache\irftp.exe
+ 2011-11-12 22:37 . 2001-08-18 02:36 372824 c:\windows\system32\dllcache\iconf32.dll
- 2011-11-12 22:37 . 2001-08-18 03:36 372824 c:\windows\system32\dllcache\iconf32.dll
- 2011-11-12 22:37 . 2001-08-17 19:06 100992 c:\windows\system32\dllcache\icam5usb.sys
+ 2011-11-12 22:37 . 2001-08-17 18:06 100992 c:\windows\system32\dllcache\icam5usb.sys
- 2011-11-12 22:37 . 2001-08-17 19:06 154496 c:\windows\system32\dllcache\icam4usb.sys
+ 2011-11-12 22:37 . 2001-08-17 18:06 154496 c:\windows\system32\dllcache\icam4usb.sys
- 2011-11-12 22:37 . 2001-08-17 19:05 141056 c:\windows\system32\dllcache\icam3.sys
+ 2011-11-12 22:37 . 2001-08-17 18:05 141056 c:\windows\system32\dllcache\icam3.sys
- 2011-11-12 22:36 . 2001-08-17 17:12 109085 c:\windows\system32\dllcache\ibmtrp.sys
+ 2011-11-12 22:36 . 2001-08-17 16:12 109085 c:\windows\system32\dllcache\ibmtrp.sys
+ 2011-11-12 22:36 . 2001-08-17 16:12 100936 c:\windows\system32\dllcache\ibmtok.sys
- 2011-11-12 22:36 . 2001-08-17 17:12 100936 c:\windows\system32\dllcache\ibmtok.sys
+ 2011-11-12 22:36 . 2004-08-04 02:29 161020 c:\windows\system32\dllcache\i81xnt5.sys
- 2011-11-12 22:36 . 2004-08-04 03:29 161020 c:\windows\system32\dllcache\i81xnt5.sys
+ 2011-11-12 22:36 . 2008-04-14 00:11 702845 c:\windows\system32\dllcache\i81xdnt5.dll
- 2011-11-12 22:36 . 2008-04-14 01:11 702845 c:\windows\system32\dllcache\i81xdnt5.dll
- 2011-11-12 22:36 . 2001-08-17 19:56 353184 c:\windows\system32\dllcache\i740dnt5.dll
+ 2011-11-12 22:36 . 2001-08-17 18:56 353184 c:\windows\system32\dllcache\i740dnt5.dll
+ 2011-11-12 22:36 . 2001-08-17 17:28 488383 c:\windows\system32\dllcache\hsf_v124.sys
- 2011-11-12 22:36 . 2001-08-17 18:28 488383 c:\windows\system32\dllcache\hsf_v124.sys
- 2011-11-12 22:36 . 2001-08-17 18:28 542879 c:\windows\system32\dllcache\hsf_msft.sys
+ 2011-11-12 22:36 . 2001-08-17 17:28 542879 c:\windows\system32\dllcache\hsf_msft.sys
+ 2011-11-12 22:36 . 2001-08-17 17:28 391199 c:\windows\system32\dllcache\hsf_k56k.sys
- 2011-11-12 22:36 . 2001-08-17 18:28 391199 c:\windows\system32\dllcache\hsf_k56k.sys
+ 2011-11-12 22:35 . 2001-08-17 17:28 115807 c:\windows\system32\dllcache\hsf_fsks.sys
- 2011-11-12 22:35 . 2001-08-17 18:28 115807 c:\windows\system32\dllcache\hsf_fsks.sys
- 2011-11-12 22:35 . 2001-08-17 18:28 199711 c:\windows\system32\dllcache\hsf_faxx.sys
+ 2011-11-12 22:35 . 2001-08-17 17:28 199711 c:\windows\system32\dllcache\hsf_faxx.sys
- 2011-11-12 22:35 . 2001-08-17 18:28 289887 c:\windows\system32\dllcache\hsf_fall.sys
+ 2011-11-12 22:35 . 2001-08-17 17:28 289887 c:\windows\system32\dllcache\hsf_fall.sys
- 2011-11-12 22:35 . 2001-08-17 18:28 150239 c:\windows\system32\dllcache\hsf_amos.sys
+ 2011-11-12 22:35 . 2001-08-17 17:28 150239 c:\windows\system32\dllcache\hsf_amos.sys
+ 2011-11-12 22:35 . 2001-08-18 02:36 324608 c:\windows\system32\dllcache\hpojwia.dll
- 2011-11-12 22:35 . 2001-08-18 03:36 324608 c:\windows\system32\dllcache\hpojwia.dll
- 2011-11-12 22:35 . 2001-08-18 03:36 165888 c:\windows\system32\dllcache\hpgt53.dll
+ 2011-11-12 22:35 . 2001-08-18 02:36 165888 c:\windows\system32\dllcache\hpgt53.dll
- 2011-11-12 22:35 . 2001-08-18 03:36 126976 c:\windows\system32\dllcache\hpgt34tk.dll
+ 2011-11-12 22:35 . 2001-08-18 02:36 126976 c:\windows\system32\dllcache\hpgt34tk.dll
- 2011-11-12 22:35 . 2001-08-18 03:36 101376 c:\windows\system32\dllcache\hpgt34.dll
+ 2011-11-12 22:35 . 2001-08-18 02:36 101376 c:\windows\system32\dllcache\hpgt34.dll
+ 2011-11-12 22:35 . 2001-08-18 02:36 123392 c:\windows\system32\dllcache\hpgt21tk.dll
- 2011-11-12 22:35 . 2001-08-18 03:36 123392 c:\windows\system32\dllcache\hpgt21tk.dll
+ 2011-11-12 22:35 . 2001-08-18 02:36 119296 c:\windows\system32\dllcache\hpdigwia.dll
- 2011-11-12 22:35 . 2001-08-18 03:36 119296 c:\windows\system32\dllcache\hpdigwia.dll
- 2011-11-12 22:34 . 2001-08-17 18:28 907456 c:\windows\system32\dllcache\hcf_msft.sys
+ 2011-11-12 22:34 . 2001-08-17 17:28 907456 c:\windows\system32\dllcache\hcf_msft.sys
+ 2011-11-12 22:34 . 2001-08-17 16:49 322432 c:\windows\system32\dllcache\g400m.sys
- 2011-11-12 22:34 . 2001-08-17 17:49 322432 c:\windows\system32\dllcache\g400m.sys
+ 2011-11-12 22:34 . 2001-08-17 16:49 320384 c:\windows\system32\dllcache\g200m.sys
- 2011-11-12 22:34 . 2001-08-17 17:49 320384 c:\windows\system32\dllcache\g200m.sys
+ 2011-11-12 22:34 . 2001-08-17 18:56 470144 c:\windows\system32\dllcache\g200d.dll
- 2011-11-12 22:34 . 2001-08-17 19:56 470144 c:\windows\system32\dllcache\g200d.dll
- 2011-11-12 22:34 . 2001-08-17 17:15 454912 c:\windows\system32\dllcache\fxusbase.sys
+ 2011-11-12 22:34 . 2001-08-17 16:15 454912 c:\windows\system32\dllcache\fxusbase.sys
- 2011-11-12 22:34 . 2001-08-17 17:15 455296 c:\windows\system32\dllcache\fusbbase.sys
+ 2011-11-12 22:34 . 2001-08-17 16:15 455296 c:\windows\system32\dllcache\fusbbase.sys
- 2011-11-12 22:34 . 2001-08-17 17:15 455680 c:\windows\system32\dllcache\fus2base.sys
+ 2011-11-12 22:34 . 2001-08-17 16:15 455680 c:\windows\system32\dllcache\fus2base.sys
+ 2011-11-12 22:34 . 2001-08-17 16:15 442240 c:\windows\system32\dllcache\fpnpbase.sys
- 2011-11-12 22:34 . 2001-08-17 17:15 442240 c:\windows\system32\dllcache\fpnpbase.sys
+ 2011-11-12 22:34 . 2001-08-17 16:14 441728 c:\windows\system32\dllcache\fpcmbase.sys
- 2011-11-12 22:34 . 2001-08-17 17:14 441728 c:\windows\system32\dllcache\fpcmbase.sys
+ 2011-11-12 22:34 . 2001-08-17 16:14 444416 c:\windows\system32\dllcache\fpcibase.sys
- 2011-11-12 22:34 . 2001-08-17 17:14 444416 c:\windows\system32\dllcache\fpcibase.sys
- 2011-11-12 22:33 . 2004-08-04 03:32 137088 c:\windows\system32\dllcache\essm2e.sys
+ 2011-11-12 22:33 . 2004-08-04 02:32 137088 c:\windows\system32\dllcache\essm2e.sys
+ 2011-11-12 22:33 . 2001-08-17 17:28 347550 c:\windows\system32\dllcache\es56tpi.sys
- 2011-11-12 22:33 . 2001-08-17 18:28 347550 c:\windows\system32\dllcache\es56tpi.sys
- 2011-11-12 22:33 . 2001-08-17 18:28 594238 c:\windows\system32\dllcache\es56hpi.sys
+ 2011-11-12 22:33 . 2001-08-17 17:28 594238 c:\windows\system32\dllcache\es56hpi.sys
- 2011-11-12 22:33 . 2001-08-17 18:28 595647 c:\windows\system32\dllcache\es56cvmp.sys
+ 2011-11-12 22:33 . 2001-08-17 17:28 595647 c:\windows\system32\dllcache\es56cvmp.sys
- 2011-11-12 22:33 . 2001-08-17 17:19 174464 c:\windows\system32\dllcache\es198x.sys
+ 2011-11-12 22:33 . 2001-08-17 16:19 174464 c:\windows\system32\dllcache\es198x.sys
- 2011-11-12 22:33 . 2001-08-17 17:17 629952 c:\windows\system32\dllcache\eqn.sys
+ 2011-11-12 22:33 . 2001-08-17 16:17 629952 c:\windows\system32\dllcache\eqn.sys
+ 2011-11-12 22:33 . 2001-08-17 17:50 114944 c:\windows\system32\dllcache\epstw2k.sys
- 2011-11-12 22:33 . 2001-08-17 18:50 114944 c:\windows\system32\dllcache\epstw2k.sys
+ 2011-11-12 22:33 . 2001-08-17 17:50 144896 c:\windows\system32\dllcache\epcfw2k.sys
- 2011-11-12 22:33 . 2001-08-17 18:50 144896 c:\windows\system32\dllcache\epcfw2k.sys
+ 2011-11-12 22:33 . 2001-08-17 16:19 283904 c:\windows\system32\dllcache\emu10k1m.sys
- 2011-11-12 22:33 . 2001-08-17 17:19 283904 c:\windows\system32\dllcache\emu10k1m.sys
+ 2011-11-12 22:32 . 2001-08-17 16:11 171520 c:\windows\system32\dllcache\el99xn51.sys
- 2011-11-12 22:32 . 2001-08-17 17:11 171520 c:\windows\system32\dllcache\el99xn51.sys
- 2011-11-12 22:32 . 2001-08-17 17:11 455199 c:\windows\system32\dllcache\el985n51.sys
+ 2011-11-12 22:32 . 2001-08-17 16:11 455199 c:\windows\system32\dllcache\el985n51.sys
+ 2011-11-12 22:32 . 2001-08-17 16:11 153631 c:\windows\system32\dllcache\el90xnd5.sys
- 2011-11-12 22:32 . 2001-08-17 17:11 153631 c:\windows\system32\dllcache\el90xnd5.sys
+ 2011-11-12 22:32 . 2001-08-17 17:28 241206 c:\windows\system32\dllcache\el656se5.sys
- 2011-11-12 22:32 . 2001-08-17 18:28 241206 c:\windows\system32\dllcache\el656se5.sys
+ 2011-11-12 22:32 . 2001-08-17 17:28 634134 c:\windows\system32\dllcache\el656ct5.sys
- 2011-11-12 22:32 . 2001-08-17 18:28 634134 c:\windows\system32\dllcache\el656ct5.sys
+ 2008-06-05 23:05 . 2001-08-17 16:12 117760 c:\windows\system32\dllcache\e100b325.sys
+ 2011-11-12 22:32 . 2001-08-17 16:20 334208 c:\windows\system32\dllcache\ds1wdm.sys
- 2011-11-12 22:32 . 2001-08-17 17:20 334208 c:\windows\system32\dllcache\ds1wdm.sys
- 2011-11-12 22:32 . 2008-04-13 19:39 206976 c:\windows\system32\dllcache\dot4.sys
+ 2011-11-12 22:32 . 2008-04-13 18:39 206976 c:\windows\system32\dllcache\dot4.sys
+ 2011-11-12 22:32 . 2001-08-17 16:14 952007 c:\windows\system32\dllcache\diwan.sys
- 2011-11-12 22:32 . 2001-08-17 17:14 952007 c:\windows\system32\dllcache\diwan.sys
+ 2011-11-12 22:32 . 2001-08-18 02:36 236060 c:\windows\system32\dllcache\ditrace.exe
- 2011-11-12 22:32 . 2001-08-18 03:36 236060 c:\windows\system32\dllcache\ditrace.exe
+ 2011-11-12 22:31 . 2001-08-18 02:36 614429 c:\windows\system32\dllcache\digiview.exe
- 2011-11-12 22:31 . 2001-08-18 03:36 614429 c:\windows\system32\dllcache\digiview.exe
+ 2011-11-12 22:31 . 2001-08-18 02:36 110621 c:\windows\system32\dllcache\digirlpt.dll
- 2011-11-12 22:31 . 2001-08-18 03:36 110621 c:\windows\system32\dllcache\digirlpt.dll
+ 2011-11-12 22:31 . 2001-08-18 02:36 102484 c:\windows\system32\dllcache\digiinf.dll
- 2011-11-12 22:31 . 2001-08-18 03:36 102484 c:\windows\system32\dllcache\digiinf.dll
+ 2011-11-12 22:31 . 2001-08-18 02:36 159828 c:\windows\system32\dllcache\digihlc.dll
- 2011-11-12 22:31 . 2001-08-18 03:36 159828 c:\windows\system32\dllcache\digihlc.dll
+ 2011-11-12 22:31 . 2001-08-18 02:36 229462 c:\windows\system32\dllcache\digifwrk.dll
- 2011-11-12 22:31 . 2001-08-18 03:36 229462 c:\windows\system32\dllcache\digifwrk.dll
+ 2011-11-12 22:31 . 2001-08-17 16:13 103044 c:\windows\system32\dllcache\digidxb.sys
- 2011-11-12 22:31 . 2001-08-17 17:13 103044 c:\windows\system32\dllcache\digidxb.sys
+ 2011-11-12 22:31 . 2001-08-18 02:36 131156 c:\windows\system32\dllcache\digidbp.dll
- 2011-11-12 22:31 . 2001-08-18 03:36 131156 c:\windows\system32\dllcache\digidbp.dll
+ 2011-11-12 22:30 . 2001-08-17 16:13 164923 c:\windows\system32\dllcache\diapi2.sys
- 2011-11-12 22:30 . 2001-08-17 17:13 164923 c:\windows\system32\dllcache\diapi2.sys
+ 2011-11-12 22:31 . 2001-08-18 02:36 419357 c:\windows\system32\dllcache\dgconfig.dll
- 2011-11-12 22:31 . 2001-08-18 03:36 419357 c:\windows\system32\dllcache\dgconfig.dll
+ 2011-11-12 22:31 . 2001-08-18 02:36 256512 c:\windows\system32\dllcache\devcon32.dll
- 2011-11-12 22:31 . 2001-08-18 03:36 256512 c:\windows\system32\dllcache\devcon32.dll
- 2011-11-12 22:31 . 2001-08-18 03:36 110592 c:\windows\system32\dllcache\dc260usd.dll
+ 2011-11-12 22:31 . 2001-08-18 02:36 110592 c:\windows\system32\dllcache\dc260usd.dll
+ 2011-11-12 22:31 . 2001-08-17 17:52 179584 c:\windows\system32\dllcache\dac2w2k.sys
- 2011-11-12 22:31 . 2001-08-17 18:52 179584 c:\windows\system32\dllcache\dac2w2k.sys
+ 2011-11-12 22:31 . 2001-08-17 16:12 117760 c:\windows\system32\dllcache\d100ib5.sys
- 2011-11-12 22:31 . 2001-08-17 17:12 117760 c:\windows\system32\dllcache\d100ib5.sys
+ 2011-11-12 22:31 . 2001-08-17 16:19 111872 c:\windows\system32\dllcache\cwcspud.sys
- 2011-11-12 22:31 . 2001-08-17 17:19 111872 c:\windows\system32\dllcache\cwcspud.sys
+ 2011-11-12 22:31 . 2008-04-14 00:11 249856 c:\windows\system32\dllcache\ctmasetp.dll
- 2011-11-12 22:31 . 2008-04-14 01:11 249856 c:\windows\system32\dllcache\ctmasetp.dll
- 2011-11-12 22:30 . 2001-08-18 03:36 175104 c:\windows\system32\dllcache\csamsp.dll
+ 2011-11-12 22:30 . 2001-08-18 02:36 175104 c:\windows\system32\dllcache\csamsp.dll
- 2011-11-12 22:30 . 2001-08-18 03:36 216064 c:\windows\system32\dllcache\cpscan.dll
+ 2011-11-12 22:30 . 2001-08-18 02:36 216064 c:\windows\system32\dllcache\cpscan.dll
+ 2011-11-12 22:30 . 2001-08-17 17:57 248064 c:\windows\system32\dllcache\cl546xm.sys
- 2011-11-12 22:30 . 2001-08-17 18:57 248064 c:\windows\system32\dllcache\cl546xm.sys
- 2011-11-12 22:30 . 2001-08-17 19:56 170880 c:\windows\system32\dllcache\cl546x.dll
+ 2011-11-12 22:30 . 2001-08-17 18:56 170880 c:\windows\system32\dllcache\cl546x.dll
+ 2011-11-12 22:30 . 2001-08-17 18:56 111232 c:\windows\system32\dllcache\cl5465.dll
- 2011-11-12 22:30 . 2001-08-17 19:56 111232 c:\windows\system32\dllcache\cl5465.dll
- 2011-11-12 22:30 . 2001-08-17 19:02 272640 c:\windows\system32\dllcache\cinemclc.sys
+ 2011-11-12 22:30 . 2001-08-17 18:02 272640 c:\windows\system32\dllcache\cinemclc.sys
+ 2011-11-12 22:30 . 2001-08-17 16:13 980034 c:\windows\system32\dllcache\cicap.sys
- 2011-11-12 22:30 . 2001-08-17 17:13 980034 c:\windows\system32\dllcache\cicap.sys
- 2011-11-12 22:30 . 2001-08-17 18:28 714698 c:\windows\system32\dllcache\cbmdmkxx.sys
+ 2011-11-12 22:30 . 2001-08-17 17:28 714698 c:\windows\system32\dllcache\cbmdmkxx.sys
- 2011-11-12 22:30 . 2008-04-14 01:11 121856 c:\windows\system32\dllcache\camext30.dll
+ 2011-11-12 22:30 . 2008-04-14 00:11 121856 c:\windows\system32\dllcache\camext30.dll
- 2011-11-12 22:30 . 2001-08-18 03:36 236032 c:\windows\system32\dllcache\camext20.dll
+ 2011-11-12 22:30 . 2001-08-18 02:36 236032 c:\windows\system32\dllcache\camext20.dll
+ 2011-11-12 22:30 . 2001-08-17 18:04 171264 c:\windows\system32\dllcache\camdrv30.sys
- 2011-11-12 22:30 . 2001-08-17 19:04 171264 c:\windows\system32\dllcache\camdrv30.sys
- 2011-11-12 22:30 . 2001-08-17 19:04 223232 c:\windows\system32\dllcache\camdrv21.sys
+ 2011-11-12 22:30 . 2001-08-17 18:04 223232 c:\windows\system32\dllcache\camdrv21.sys
+ 2011-11-12 22:30 . 2001-08-17 18:05 314752 c:\windows\system32\dllcache\camdro21.sys
- 2011-11-12 22:30 . 2001-08-17 19:05 314752 c:\windows\system32\dllcache\camdro21.sys
- 2011-11-12 22:29 . 2001-08-18 03:36 102400 c:\windows\system32\dllcache\binlsvc.dll
+ 2011-11-12 22:29 . 2001-08-18 02:36 102400 c:\windows\system32\dllcache\binlsvc.dll
- 2011-11-12 22:29 . 2001-08-17 18:28 871388 c:\windows\system32\dllcache\bcmdm.sys
+ 2011-11-12 22:29 . 2001-08-17 17:28 871388 c:\windows\system32\dllcache\bcmdm.sys
- 2011-11-12 22:29 . 2001-08-17 19:56 342336 c:\windows\system32\dllcache\banshee.dll
+ 2011-11-12 22:29 . 2001-08-17 18:56 342336 c:\windows\system32\dllcache\banshee.dll
+ 2011-11-12 22:29 . 2001-08-18 02:36 144384 c:\windows\system32\dllcache\avmenum.dll
- 2011-11-12 22:29 . 2001-08-18 03:36 144384 c:\windows\system32\dllcache\avmenum.dll
+ 2008-06-05 23:00 . 2008-04-14 00:11 516768 c:\windows\system32\dllcache\ativvaxx.dll
- 2011-11-12 22:29 . 2001-08-17 19:56 104832 c:\windows\system32\dllcache\atiraged.dll
+ 2011-11-12 22:29 . 2001-08-17 18:56 104832 c:\windows\system32\dllcache\atiraged.dll
- 2011-11-12 22:29 . 2001-08-17 17:48 281600 c:\windows\system32\dllcache\atimtai.sys
+ 2011-11-12 22:29 . 2001-08-17 16:48 281600 c:\windows\system32\dllcache\atimtai.sys
+ 2011-11-12 22:29 . 2001-08-17 16:48 289664 c:\windows\system32\dllcache\atimpab.sys
- 2011-11-12 22:29 . 2001-08-17 17:48 289664 c:\windows\system32\dllcache\atimpab.sys
+ 2011-11-12 22:29 . 2001-08-17 18:56 268160 c:\windows\system32\dllcache\atidvai.dll
- 2011-11-12 22:29 . 2001-08-17 19:56 268160 c:\windows\system32\dllcache\atidvai.dll
+ 2011-11-12 22:29 . 2001-08-17 18:56 137216 c:\windows\system32\dllcache\atidrae.dll
- 2011-11-12 22:29 . 2001-08-17 19:56 137216 c:\windows\system32\dllcache\atidrae.dll
- 2011-11-12 22:29 . 2001-08-17 19:55 382592 c:\windows\system32\dllcache\atidrab.dll
+ 2011-11-12 22:29 . 2001-08-17 18:55 382592 c:\windows\system32\dllcache\atidrab.dll
+ 2008-06-05 23:00 . 2004-08-04 02:29 701440 c:\windows\system32\dllcache\ati2mtag.sys
+ 2008-06-05 23:00 . 2008-04-14 00:11 201728 c:\windows\system32\dllcache\ati2dvag.dll
+ 2008-06-05 23:00 . 2008-04-14 00:11 229376 c:\windows\system32\dllcache\ati2cqag.dll
+ 2011-11-12 22:28 . 2001-08-17 18:07 101888 c:\windows\system32\dllcache\adpu160m.sys
- 2011-11-12 22:28 . 2001-08-17 19:07 101888 c:\windows\system32\dllcache\adpu160m.sys
+ 2011-11-12 22:28 . 2001-08-17 16:19 747392 c:\windows\system32\dllcache\adm8830.sys
- 2011-11-12 22:28 . 2001-08-17 17:19 747392 c:\windows\system32\dllcache\adm8830.sys
- 2011-11-12 22:28 . 2001-08-17 17:19 553984 c:\windows\system32\dllcache\adm8820.sys
+ 2011-11-12 22:28 . 2001-08-17 16:19 553984 c:\windows\system32\dllcache\adm8820.sys
+ 2011-11-12 22:28 . 2001-08-17 16:19 584448 c:\windows\system32\dllcache\adm8810.sys
- 2011-11-12 22:28 . 2001-08-17 17:19 584448 c:\windows\system32\dllcache\adm8810.sys
- 2011-11-12 22:28 . 2001-08-17 17:20 297728 c:\windows\system32\dllcache\ac97sis.sys
+ 2011-11-12 22:28 . 2001-08-17 16:20 297728 c:\windows\system32\dllcache\ac97sis.sys
+ 2011-11-12 22:28 . 2004-08-04 02:32 231552 c:\windows\system32\dllcache\ac97ali.sys
- 2011-11-12 22:28 . 2004-08-04 03:32 231552 c:\windows\system32\dllcache\ac97ali.sys
- 2011-11-12 22:28 . 2001-08-18 03:36 462848 c:\windows\system32\dllcache\a3dapi.dll
+ 2011-11-12 22:28 . 2001-08-18 02:36 462848 c:\windows\system32\dllcache\a3dapi.dll
- 2011-11-12 22:28 . 2001-08-17 17:48 148352 c:\windows\system32\dllcache\3dfxvsm.sys
+ 2011-11-12 22:28 . 2001-08-17 16:48 148352 c:\windows\system32\dllcache\3dfxvsm.sys
+ 2011-11-12 22:28 . 2001-08-17 18:55 689216 c:\windows\system32\dllcache\3dfxvs.dll
- 2011-11-12 22:28 . 2001-08-17 19:55 689216 c:\windows\system32\dllcache\3dfxvs.dll
- 2011-11-12 22:28 . 2001-08-17 18:28 762780 c:\windows\system32\dllcache\3cwmcru.sys
+ 2011-11-12 22:28 . 2001-08-17 17:28 762780 c:\windows\system32\dllcache\3cwmcru.sys
+ 2009-06-24 00:35 . 2012-05-21 23:04 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-06-24 00:35 . 2012-05-17 22:41 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2012-05-10 04:24 . 2012-05-17 22:41 376832 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-05-10 04:24 . 2012-05-19 03:29 376832 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-05 23:00 . 2008-04-14 00:11 516768 c:\windows\system32\ativvaxx.dll
+ 2008-06-05 23:00 . 2008-04-14 00:11 201728 c:\windows\system32\ati2dvag.dll
+ 2008-06-05 23:00 . 2008-04-14 00:11 229376 c:\windows\system32\ati2cqag.dll
+ 2012-05-24 23:39 . 2012-05-24 23:39 301056 c:\windows\Installer\1a2fa.msi
+ 2012-05-12 01:20 . 2012-05-24 23:39 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\SCEP.exe
- 2012-05-12 01:20 . 2012-05-13 15:33 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\SCEP.exe
+ 2012-05-24 23:39 . 2012-05-24 23:39 123352 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\MSE.exe
- 2012-05-13 15:33 . 2012-05-13 15:33 123352 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\MSE.exe
+ 2012-05-12 01:20 . 2012-05-24 23:39 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\INTUNE.exe
- 2012-05-12 01:20 . 2012-05-13 15:33 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\INTUNE.exe
+ 2012-05-12 01:20 . 2012-05-24 23:39 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\FEP.exe
- 2012-05-12 01:20 . 2012-05-13 15:33 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\FEP.exe
+ 2012-05-12 01:20 . 2012-05-24 23:39 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\EPP.exe
- 2012-05-12 01:20 . 2012-05-13 15:33 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\EPP.exe
- 2011-11-12 22:34 . 2001-08-17 19:56 1733120 c:\windows\system32\dllcache\g400d.dll
+ 2011-11-12 22:34 . 2001-08-17 18:56 1733120 c:\windows\system32\dllcache\g400d.dll
+ 2008-09-04 15:35 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\explorer.exe
+ 2008-06-05 23:00 . 2008-04-14 00:11 1888992 c:\windows\system32\dllcache\ati3duag.dll
+ 2012-05-10 04:24 . 2012-05-19 03:29 2785280 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
+ 2008-06-05 22:49 . 2012-05-19 03:29 3866624 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-06-05 22:49 . 2012-05-17 22:41 3866624 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-05 23:00 . 2008-04-14 00:11 1888992 c:\windows\system32\ati3duag.dll
+ 2012-05-24 23:39 . 2012-05-24 23:39 1826304 c:\windows\Installer\1a2ff.msi
+ 2008-09-04 15:35 . 2008-04-14 00:12 1033728 c:\windows\explorer.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C80 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE" [2001-10-04 69632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-05-16 30248]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MediaChecker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MediaChecker.lnk
backup=c:\windows\pss\MediaChecker.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-06-01 01:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-05-16 22:59 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 20:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 20:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]
2006-12-15 15:45 787096 ----a-w- c:\program files\HOTALBUMMyBOX\MBBalloon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-22 22:20 339968 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-01 16:48 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [6/5/2008 9:00 PM 15172]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/19/2011 11:00 AM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/19/2011 11:00 AM 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/9/2012 7:15 PM 129976]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/16/2009 6:52 PM 47360]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [11/10/2011 12:45 PM 111872]
S3 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-30 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 71.89.132.13 71.89.132.59
FF - ProfilePath - c:\documents and settings\Dan Gentner\Application Data\Mozilla\Firefox\Profiles\cobodq9j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cbssports.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-30 17:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vsdatant]
"ImagePath"="a"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,b3,aa,a1,34,77,eb,47,b9,4f,76,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,b3,aa,a1,34,77,eb,47,b9,4f,76,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2356)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-05-30 17:22:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-30 21:22
.
Pre-Run: 29,211,410,432 bytes free
Post-Run: 29,319,229,440 bytes free
.
- - End Of File - - 85CEF98BD9866ABD475AD792D8CF1C71


----------



## Cookiegal (Aug 27, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
explorer.*
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## Dantana21 (Nov 1, 2009)

SystemLook 30.07.11 by jpshortstuff
Log created at 23:51 on 30/05/2012 by Dan Gentner
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.*"
C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir --a---- 1058816 bytes [10:00 04/08/2004] [00:12 14/04/2008] 6383977B0D5145ABCDF4C00A4B240908
C:\WINDOWS\explorer.exe --a---- 1033728 bytes [15:35 04/09/2008] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923
C:\WINDOWS\explorer.scf --a---- 80 bytes [10:00 04/08/2004] [10:00 04/08/2004] A3975A7D2C98B30A2AE010754FFB9392
C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe --a---- 1033216 bytes [11:26 13/06/2007] [11:26 13/06/2007] 7712DF0CDDE3A5AC89843E61CD5B3658
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe -----c- 1033216 bytes [23:03 14/09/2008] [10:23 13/06/2007] 97BD6515465659FF8F3B7BE375B2EA87
C:\WINDOWS\$NtUninstallKB938828$\explorer.exe -----c- 1032192 bytes [04:15 07/06/2008] [10:00 04/08/2004] A0732187050030AE399B241436565E64
C:\WINDOWS\ERDNT\cache\explorer.exe --a---- 1033728 bytes [21:07 19/11/2009] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf --a---- 88020 bytes [03:32 18/05/2012] [21:21 30/05/2012] F8BD6881F801825D456B0B0DC2285674
C:\WINDOWS\ServicePackFiles\i386\explorer.exe ------- 1033728 bytes [15:35 04/09/2008] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923
C:\WINDOWS\system32\dllcache\explorer.exe --a--c- 1033728 bytes [15:35 04/09/2008] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
Folder::
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{998fed26-c012-69eb-09f0-a36acfb53e12}
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KID19QTY
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WPPYIBRD
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*


----------



## Dantana21 (Nov 1, 2009)

ComboFix 12-05-31.02 - Dan Gentner 05/31/2012 11:07:58.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.656 [GMT -4:00]
Running from: c:\documents and settings\Dan Gentner\Desktop\puppy.exe.exe
Command switches used :: c:\documents and settings\Dan Gentner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\config\systemprofile\Local Settings\Application Data\{998fed26-c012-69eb-09f0-a36acfb53e12}
c:\windows\system32\config\systemprofile\Local Settings\Application Data\{998fed26-c012-69eb-09f0-a36acfb53e12}\@
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-31 )))))))))))))))))))))))))))))))
.
.
2012-05-31 14:55 . 2012-05-08 13:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D4D6B5B-AC10-4DDC-8471-49F2F45A8883}\mpengine.dll
2012-05-31 14:46 . 2012-05-31 14:46 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-31 03:25 . 2012-05-08 13:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-24 23:39 . 2012-05-24 23:39 -------- d-----w- c:\documents and settings\Dan Gentner\Local Settings\Application Data\PCHealth
2012-05-24 23:39 . 2012-05-24 23:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2012-05-24 23:39 . 2012-05-24 23:39 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-22 17:44 . 2012-05-22 17:44 -------- d-----w- c:\program files\ESET
2012-05-22 17:14 . 2012-05-22 17:14 -------- d-----w- C:\_OTS
2012-05-16 04:34 . 2012-05-16 04:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-05-16 04:20 . 2012-05-16 04:22 -------- d-----w- c:\program files\iTunes
2012-05-16 04:20 . 2012-05-16 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-05-16 04:15 . 2012-05-16 04:15 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2012-05-14 02:51 . 2012-05-14 02:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-14 02:01 . 2012-05-14 02:01 -------- d-----w- c:\documents and settings\Dan Gentner\Application Data\SUPERAntiSpyware.com
2012-05-14 02:00 . 2012-05-14 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-11 20:33 . 2012-05-11 20:35 -------- d-----w- c:\windows\system32\NtmsData
2012-05-10 22:53 . 2012-05-10 22:53 -------- d-----w- c:\program files\Common Files\Java
2012-05-10 22:53 . 2012-05-10 22:53 -------- d-----w- c:\program files\Oracle
2012-05-10 22:53 . 2012-05-10 22:53 -------- d-----w- c:\documents and settings\Dan Gentner\Application Data\Oracle
2012-05-10 22:53 . 2012-04-04 22:47 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-10 22:53 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-10 04:24 . 2012-05-10 04:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 14:46 . 2011-12-01 19:42 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:47 . 2011-11-23 16:39 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2011-11-19 15:00 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 00:44 . 2012-03-21 00:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-05-09 23:15 . 2012-05-09 23:15 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-30_21.17.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-31 14:46 . 2012-05-31 14:46 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-05-31 14:46 . 2012-05-31 14:46 257696 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-05-31 14:46 . 2012-05-31 14:46 8797856 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C80 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE" [2001-10-04 69632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-05-16 30248]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MediaChecker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MediaChecker.lnk
backup=c:\windows\pss\MediaChecker.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-06-01 01:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-05-16 22:59 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 20:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 20:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]
2006-12-15 15:45 787096 ----a-w- c:\program files\HOTALBUMMyBOX\MBBalloon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-22 22:20 339968 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-01 16:48 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [6/5/2008 9:00 PM 15172]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/19/2011 11:00 AM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/19/2011 11:00 AM 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/9/2012 7:15 PM 129976]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/16/2009 6:52 PM 47360]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [11/10/2011 12:45 PM 111872]
S3 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-31 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 71.89.132.13 71.89.132.59
FF - ProfilePath - c:\documents and settings\Dan Gentner\Application Data\Mozilla\Firefox\Profiles\cobodq9j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cbssports.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-31 11:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vsdatant]
"ImagePath"="a"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,b3,aa,a1,34,77,eb,47,b9,4f,76,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,b3,aa,a1,34,77,eb,47,b9,4f,76,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-05-31 11:17:19
ComboFix-quarantined-files.txt 2012-05-31 15:17
ComboFix2.txt 2012-05-30 21:22
.
Pre-Run: 29,174,931,456 bytes free
Post-Run: 29,162,491,904 bytes free
.
- - End Of File - - 09C4416F85108130DEEFF7B0EF63D83D


----------



## Cookiegal (Aug 27, 2003)

Did you have Zone Alarm on this machine previously?

How are things with the computer now?


----------



## Dantana21 (Nov 1, 2009)

Hi cookiegal, I dont believe that I had zone alarm before. I dont ever recall seeing it anywhere. But to be honest, I had to look it up to even know what it was so Im not quite sure.

The computer appears to be back to normal. The security center has returned to normal i.e. virus protection and firewall are working properly. MSE has not found sirefef again so that's good.

The internet is still spotty at best. It currently is not connecting despite having good signal strength and transfer rate. I am on the same wireless signal using a laptop and having no issues. When it does work, it is in spurts...works for a while then goes out for no reason before coming back a while later. Very frustrating. 

Likely an unrelated issue...I installed the newest version of iTunes a couple weeks back and now upon startup I receive an AppleSyncNotifier.exe error. Should I just reinstall itunes?


----------



## Cookiegal (Aug 27, 2003)

I would just uninstall and reinstall iTunes.

Download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
At the top put a check mark in the box where it says "Scan All Users"
Click the Quick Scan button. Do not change any other settings unless instructed to. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## Dantana21 (Nov 1, 2009)

Here are the OTL logs. Not long after the OTL scan finished (within a minute or so) MSE found another Trojan:Sirefef threat. It is located in:

file:C:\WINDOWS\Installer\{998fed26-c012-69eb-09f0-a36acfb53e12}\U\[email protected]

OTL Extras logfile created on: 6/1/2012 4:35:54 PM - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Dan Gentner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 659.80 Mb Available Physical Memory | 64.56% Memory free
2.40 Gb Paging File | 2.15 Gb Available in Paging File | 89.66% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 27.18 Gb Free Space | 36.48% Space Free | Partition Type: NTFS

Computer Name: DAN | User Name: Dan Gentner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-73586283-616249376-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38DFF723-C0B1-44AB-A927-62EDB033908F}" = Belkin 54g USB Network Adapter
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63CFD835-FF50-4F8B-91CD-5662A8C640F8}" = Photo Transport
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788950DC-E2C4-4F1A-ADF4-9BD64F31E322}" = ScanSoft PaperPort 11
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC9A14D9-EC38-4BF4-B529-A69D91D0DEDA}" = HOT ALBUM MYBOX
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"Ares" = Ares 2.0.9
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DellMFP1125" = Dell MFP 1125
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{DC9A14D9-EC38-4BF4-B529-A69D91D0DEDA}" = HOT ALBUM MYBOX
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Connections Drivers
"USAPhotoMaps" = USAPhotoMaps (remove only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-73586283-616249376-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/29/2012 7:03:03 PM | Computer Name = DAN | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 5/29/2012 7:03:03 PM | Computer Name = DAN | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 5/29/2012 7:05:45 PM | Computer Name = DAN | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 5/29/2012 7:05:45 PM | Computer Name = DAN | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 5/30/2012 11:47:39 AM | Computer Name = DAN | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 5/30/2012 11:47:39 AM | Computer Name = DAN | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 5/30/2012 12:36:43 PM | Computer Name = DAN | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 5/30/2012 12:36:43 PM | Computer Name = DAN | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 5/30/2012 4:58:43 PM | Computer Name = DAN | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 5/30/2012 4:58:43 PM | Computer Name = DAN | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

[ System Events ]
Error - 5/31/2012 5:03:25 PM | Computer Name = DAN | Source = WMPNetworkSvc | ID = 866329
Description = IPv4 support has been disabled in WMPNetworkSvc because IP address
table retrieval encountered error '1453'. To enable IPv4 support, restart the WMPNetworkSvc
service.

Error - 5/31/2012 5:29:00 PM | Computer Name = DAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MPFIREWL

Error - 5/31/2012 5:29:13 PM | Computer Name = DAN | Source = E100B | ID = 5003
Description = Intel(R) PRO/100 VE Network Connection : Could not find an adapter.

Error - 5/31/2012 5:29:13 PM | Computer Name = DAN | Source = ati2mtag | ID = 16842754
Description = Unable to map required address ranges for graphics card.

Error - 6/1/2012 11:27:08 AM | Computer Name = DAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MPFIREWL

Error - 6/1/2012 11:27:22 AM | Computer Name = DAN | Source = E100B | ID = 5003
Description = Intel(R) PRO/100 VE Network Connection : Could not find an adapter.

Error - 6/1/2012 11:27:22 AM | Computer Name = DAN | Source = ati2mtag | ID = 16842754
Description = Unable to map required address ranges for graphics card.

Error - 6/1/2012 2:18:43 PM | Computer Name = DAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MPFIREWL

Error - 6/1/2012 2:18:55 PM | Computer Name = DAN | Source = E100B | ID = 5003
Description = Intel(R) PRO/100 VE Network Connection : Could not find an adapter.

Error - 6/1/2012 2:18:55 PM | Computer Name = DAN | Source = ati2mtag | ID = 16842754
Description = Unable to map required address ranges for graphics card.

< End of report >

OTL logfile created on: 6/1/2012 4:35:54 PM - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Dan Gentner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 659.80 Mb Available Physical Memory | 64.56% Memory free
2.40 Gb Paging File | 2.15 Gb Available in Paging File | 89.66% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 27.18 Gb Free Space | 36.48% Space Free | Partition Type: NTFS

Computer Name: DAN | User Name: Dan Gentner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/01 16:32:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Gentner\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/07 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/06/13 16:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
PRC - [2004/03/29 17:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
PRC - [2001/10/04 03:01:00 | 000,069,632 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_A10IC2.EXE

========== Modules (No Company Name) ==========

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005/08/10 16:36:52 | 000,045,056 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\Security.dll
MOD - [2005/06/13 16:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
MOD - [2004/03/29 17:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
MOD - [2003/10/08 12:23:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\RM_DEV_CODE.dll
MOD - [2003/06/30 16:37:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\ProcNICs.dll
MOD - [2002/10/03 12:57:30 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\PingDLL.dll
MOD - [2002/04/09 08:49:22 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\GEMWEP.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/05/09 19:15:37 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2008/07/29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/04/13 20:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 20:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 20:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 20:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 20:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2007/03/19 21:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2004/03/29 17:08:16 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe -- (Belkin Wireless USB Network Adapter Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- a -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- System32\Drivers\MpFirewall.sys -- (MPFIREWL)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DANGEN~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/06/01 14:18:56 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70A60760-F63B-4C00-9CDC-77807DA6FAC1}\MpKsled0cd12b.sys -- (MpKsled0cd12b)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/14 15:06:52 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/06/05 21:00:45 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PzWDM.sys -- (PzWDM)
DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2005/11/18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/07 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/03 00:00:36 | 000,232,192 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/06/14 17:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/03/17 08:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/03/17 08:50:36 | 000,165,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/03/17 08:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/04 06:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/04 06:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/03 22:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-73586283-616249376-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-73586283-616249376-682003330-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-73586283-616249376-682003330-1003\..\SearchScopes\{82379F3A-A4E3-462E-AD58-4BDCA52AC078}: "URL" = http://search.avg.com/route/?d=4aee599a&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-21-73586283-616249376-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-73586283-616249376-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.cbssports.com/"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}:7.0.01
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/08 12:10:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/08 12:10:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/09 19:15:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/10 18:53:08 | 000,000,000 | ---D | M]

[2008/09/02 19:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan Gentner\Application Data\Mozilla\Extensions
[2012/05/09 16:52:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan Gentner\Application Data\Mozilla\Firefox\Profiles\cobodq9j.default\extensions
[2010/05/28 11:19:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dan Gentner\Application Data\Mozilla\Firefox\Profiles\cobodq9j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/10 00:06:49 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Dan Gentner\Application Data\Mozilla\Firefox\Profiles\cobodq9j.default\extensions\[email protected]
[2012/05/09 19:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/09 19:15:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/09 19:15:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/09 19:15:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/31 11:15:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-73586283-616249376-682003330-1003..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-73586283-616249376-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-73586283-616249376-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-73586283-616249376-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-73586283-616249376-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Dan Gentner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan Gentner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/05 18:45:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/01 16:35:13 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan Gentner\Desktop\OTL.exe
[2012/05/31 14:29:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/31 11:17:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/05/31 10:46:07 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/30 17:01:40 | 004,533,668 | R--- | C] (Swearware) -- C:\Documents and Settings\Dan Gentner\Desktop\puppy.exe.exe
[2012/05/24 19:39:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Gentner\Local Settings\Application Data\PCHealth
[2012/05/24 19:39:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2012/05/24 19:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/05/23 17:56:41 | 010,288,512 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Dan Gentner\Desktop\mseinstall.exe
[2012/05/23 17:56:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dan Gentner\Desktop\aswMBR.exe
[2012/05/22 13:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/22 13:14:46 | 000,000,000 | ---D | C] -- C:\_OTS
[2012/05/21 23:13:22 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan Gentner\Desktop\OTS.exe
[2012/05/17 17:51:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/17 14:29:05 | 002,126,424 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dan Gentner\Desktop\tdsskiller.exe
[2012/05/17 01:35:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/17 01:35:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/17 01:35:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/17 01:35:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/17 01:34:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/16 11:17:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Dan Gentner\Desktop\dds.com
[2012/05/16 00:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012/05/16 00:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/05/16 00:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/16 00:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/16 00:15:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2012/05/16 00:05:43 | 074,982,768 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Dan Gentner\Desktop\iTunesSetup.exe
[2012/05/13 22:51:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/05/13 22:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/13 22:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Gentner\Application Data\SUPERAntiSpyware.com
[2012/05/13 22:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/05/13 11:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/05/11 16:33:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/05/10 18:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/05/10 18:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/05/10 18:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Gentner\Application Data\Oracle
[2012/05/10 18:53:08 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/05/10 18:53:08 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/05/10 18:53:08 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/05/10 18:52:57 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/05/10 18:52:57 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/05/09 19:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/09 19:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

========== Files - Modified Within 30 Days ==========

[2012/06/01 16:32:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Gentner\Desktop\OTL.exe
[2012/06/01 16:27:00 | 000,001,023 | ---- | M] () -- C:\Documents and Settings\Dan Gentner\Desktop\OTL.exe.part
[2012/06/01 14:28:42 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/01 14:20:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/01 14:18:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/31 17:33:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/31 11:15:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/31 11:05:29 | 004,533,668 | R--- | M] (Swearware) -- C:\Documents and Settings\Dan Gentner\Desktop\puppy.exe.exe
[2012/05/31 10:46:07 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/31 10:46:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/30 23:47:30 | 003,440,672 | ---- | M] () -- C:\Documents and Settings\Dan Gentner\Desktop\Wiz Khalifa - Work Hard Play Hard.mp3
[2012/05/30 23:16:07 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Dan Gentner\Desktop\SystemLook(1).exe
[2012/05/24 19:40:10 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/05/23 18:44:43 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dan Gentner\Desktop\MBR.dat
[2012/05/23 18:29:18 | 002,639,287 | ---- | M] () -- C:\Documents and Settings\Dan Gentner\Desktop\Chris Young - You.mp3
[2012/05/23 17:57:48 | 010,288,512 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Dan Gentner\Desktop\mseinstall.exe
[2012/05/23 17:57:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dan Gentner\Desktop\aswMBR.exe
[2012/05/22 13:18:48 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Dan Gentner\Desktop\HiJackThis.lnk
[2012/05/21 23:09:58 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Gentner\Desktop\OTS.exe
[2012/05/17 17:51:29 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/17 14:25:10 | 002,126,424 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dan Gentner\Desktop\tdsskiller.exe
[2012/05/16 14:51:10 | 000,462,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/16 14:51:10 | 000,079,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/16 11:23:33 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Dan Gentner\Desktop\r34m8hvw.exe
[2012/05/16 11:17:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Dan Gentner\Desktop\dds.com
[2012/05/16 00:22:42 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/05/16 00:11:20 | 074,982,768 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Dan Gentner\Desktop\iTunesSetup.exe
[2012/05/15 12:54:50 | 003,514,513 | ---- | M] () -- C:\Documents and Settings\Dan Gentner\Desktop\Old Crow Medicine Show - Wagon Wheel Official Music Video.mp3
[2012/05/15 12:54:09 | 004,073,316 | ---- | M] () -- C:\Documents and Settings\Dan Gentner\Desktop\Springsteen - Eric Church LYRICS.mp3
[2012/05/14 19:01:39 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2012/05/13 22:51:58 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/11 17:01:32 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/11 12:03:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/10 18:52:40 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/05/10 18:52:40 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/05/08 23:54:58 | 000,127,488 | ---- | M] () -- C:\Documents and Settings\Dan Gentner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/06/01 16:26:55 | 000,001,023 | ---- | C] () -- C:\Documents and Settings\Dan Gentner\Desktop\OTL.exe.part
[2012/05/30 23:46:55 | 003,440,672 | ---- | C] () -- C:\Documents and Settings\Dan Gentner\Desktop\Wiz Khalifa - Work Hard Play Hard.mp3
[2012/05/30 23:16:07 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Dan Gentner\Desktop\SystemLook(1).exe
[2012/05/24 19:39:53 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/23 18:44:43 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dan Gentner\Desktop\MBR.dat
[2012/05/23 12:49:51 | 002,639,287 | ---- | C] () -- C:\Documents and Settings\Dan Gentner\Desktop\Chris Young - You.mp3
[2012/05/17 17:51:28 | 000,000,281 | ---- | C] () -- C:\Boot.bak
[2012/05/17 01:35:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/17 01:35:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/17 01:35:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/17 01:35:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/17 01:35:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/16 11:23:29 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Dan Gentner\Desktop\r34m8hvw.exe
[2012/05/16 00:22:42 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/05/15 12:52:52 | 003,514,513 | ---- | C] () -- C:\Documents and Settings\Dan Gentner\Desktop\Old Crow Medicine Show - Wagon Wheel Official Music Video.mp3
[2012/05/15 01:24:32 | 004,073,316 | ---- | C] () -- C:\Documents and Settings\Dan Gentner\Desktop\Springsteen - Eric Church LYRICS.mp3
[2012/05/13 22:51:58 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/13 11:43:35 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/10 01:31:54 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/09 19:15:45 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/18 12:25:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
[2011/11/18 12:25:45 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2011/11/10 12:45:08 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
Folder::
C:\WINDOWS\Installer\{998fed26-c012-69eb-09f0-a36acfb53e12}
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.


----------



## Dantana21 (Nov 1, 2009)

ComboFix 12-06-02.01 - Dan Gentner 06/02/2012 1:57.12.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.647 [GMT -4:00]
Running from: c:\documents and settings\Dan Gentner\Desktop\puppy.exe.exe
Command switches used :: c:\documents and settings\Dan Gentner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{998fed26-c012-69eb-09f0-a36acfb53e12}
c:\windows\Installer\{998fed26-c012-69eb-09f0-a36acfb53e12}\@
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\userinit.exe 
.
.
((((((((((((((((((((((((( Files Created from 2012-05-02 to 2012-06-02 )))))))))))))))))))))))))))))))
.
.
2012-06-01 15:37 . 2012-05-08 13:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70A60760-F63B-4C00-9CDC-77807DA6FAC1}\mpengine.dll
2012-05-31 15:39 . 2012-05-08 13:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-31 14:46 . 2012-05-31 14:46 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-24 23:39 . 2012-05-24 23:39 -------- d-----w- c:\documents and settings\Dan Gentner\Local Settings\Application Data\PCHealth
2012-05-24 23:39 . 2012-05-24 23:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2012-05-24 23:39 . 2012-05-24 23:39 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-22 17:44 . 2012-05-22 17:44 -------- d-----w- c:\program files\ESET
2012-05-22 17:14 . 2012-05-22 17:14 -------- d-----w- C:\_OTS
2012-05-16 04:34 . 2012-05-16 04:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-05-16 04:20 . 2012-05-16 04:22 -------- d-----w- c:\program files\iTunes
2012-05-16 04:20 . 2012-05-16 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-05-16 04:15 . 2012-05-16 04:15 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2012-05-14 02:51 . 2012-05-14 02:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-14 02:01 . 2012-05-14 02:01 -------- d-----w- c:\documents and settings\Dan Gentner\Application Data\SUPERAntiSpyware.com
2012-05-14 02:00 . 2012-05-14 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-11 20:33 . 2012-05-11 20:35 -------- d-----w- c:\windows\system32\NtmsData
2012-05-10 22:53 . 2012-05-10 22:53 -------- d-----w- c:\program files\Common Files\Java
2012-05-10 22:53 . 2012-05-10 22:53 -------- d-----w- c:\program files\Oracle
2012-05-10 22:53 . 2012-05-10 22:53 -------- d-----w- c:\documents and settings\Dan Gentner\Application Data\Oracle
2012-05-10 22:53 . 2012-04-04 22:47 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-10 22:53 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-10 04:24 . 2012-05-10 04:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 14:46 . 2011-12-01 19:42 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:47 . 2011-11-23 16:39 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2011-11-19 15:00 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 00:44 . 2012-03-21 00:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-05-09 23:15 . 2012-05-09 23:15 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-30_21.17.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-31 14:46 . 2012-05-31 14:46 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-05-31 14:46 . 2012-05-31 14:46 257696 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-05-31 14:46 . 2012-05-31 14:46 8797856 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C80 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE" [2001-10-04 69632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-05-16 30248]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MediaChecker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MediaChecker.lnk
backup=c:\windows\pss\MediaChecker.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-06-01 01:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-05-16 22:59 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 20:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 20:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]
2006-12-15 15:45 787096 ----a-w- c:\program files\HOTALBUMMyBOX\MBBalloon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-22 22:20 339968 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-01 16:48 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [6/5/2008 9:00 PM 15172]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/19/2011 11:00 AM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/19/2011 11:00 AM 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/9/2012 7:15 PM 129976]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/16/2009 6:52 PM 47360]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [11/10/2011 12:45 PM 111872]
S3 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-02 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 71.89.132.13 71.89.132.59
FF - ProfilePath - c:\documents and settings\Dan Gentner\Application Data\Mozilla\Firefox\Profiles\cobodq9j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cbssports.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-02 02:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vsdatant]
"ImagePath"="a"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,b3,aa,a1,34,77,eb,47,b9,4f,76,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,b3,aa,a1,34,77,eb,47,b9,4f,76,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3608)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-06-02 02:13:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-02 06:13
ComboFix2.txt 2012-05-31 15:17
ComboFix3.txt 2012-05-30 21:22
.
Pre-Run: 29,079,937,024 bytes free
Post-Run: 29,061,545,984 bytes free
.
- - End Of File - - 83C20050D98D7F50613FCB746E422140


----------



## Cookiegal (Aug 27, 2003)

How are things with the system now?


----------



## Dantana21 (Nov 1, 2009)

It appears to be running pretty good. MSE hastn found sirefef again. The internet is noticeably better, although it did go out on me earlier today but came back upon reboot.


----------



## Cookiegal (Aug 27, 2003)

Intermittent problems could be related to the Internet provider.

Please post a new HijackThis log.


----------



## Dantana21 (Nov 1, 2009)

Back on the laptop as the desktop internet is once again acting up.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:53:58 PM, on 6/3/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O6 "USB001" /M "Stylus C80"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 6711 bytes


----------



## Cookiegal (Aug 27, 2003)

Please remove the version of ComboFix that you have and grab the latest version.

Please visit *Combofix Guide & Instructions * for instructions for downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Then post the new log please.


----------



## Dantana21 (Nov 1, 2009)

Well, internet is out again. I can either wait until its back on to download combofix or download it from the laptop and move it over. Which do you prefer?


----------



## Cookiegal (Aug 27, 2003)

You might as well download it and move it over please.


----------



## Dantana21 (Nov 1, 2009)

ComboFix 12-06-04.02 - Dan Gentner 06/04/2012 15:13:29.13.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.653 [GMT -4:00]
Running from: c:\documents and settings\Dan Gentner\Desktop\puppy.exe.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\atapi.sys 
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-03 19:11 . 2012-05-08 13:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A6BC6A1-1B5A-4C8F-9799-57BDD6AFD2E7}\mpengine.dll
2012-06-02 15:38 . 2012-05-08 13:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-31 14:46 . 2012-05-31 14:46 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-24 23:39 . 2012-05-24 23:39 -------- d-----w- c:\documents and settings\Dan Gentner\Local Settings\Application Data\PCHealth
2012-05-24 23:39 . 2012-05-24 23:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2012-05-24 23:39 . 2012-05-24 23:39 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-22 17:44 . 2012-05-22 17:44 -------- d-----w- c:\program files\ESET
2012-05-22 17:14 . 2012-05-22 17:14 -------- d-----w- C:\_OTS
2012-05-16 04:34 . 2012-05-16 04:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-05-16 04:20 . 2012-05-16 04:22 -------- d-----w- c:\program files\iTunes
2012-05-16 04:20 . 2012-05-16 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-05-16 04:15 . 2012-05-16 04:15 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2012-05-14 02:51 . 2012-05-14 02:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-14 02:01 . 2012-05-14 02:01 -------- d-----w- c:\documents and settings\Dan Gentner\Application Data\SUPERAntiSpyware.com
2012-05-14 02:00 . 2012-05-14 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-11 20:33 . 2012-05-11 20:35 -------- d-----w- c:\windows\system32\NtmsData
2012-05-10 22:53 . 2012-05-10 22:53 -------- d-----w- c:\program files\Common Files\Java
2012-05-10 22:53 . 2012-05-10 22:53 -------- d-----w- c:\program files\Oracle
2012-05-10 22:53 . 2012-05-10 22:53 -------- d-----w- c:\documents and settings\Dan Gentner\Application Data\Oracle
2012-05-10 22:53 . 2012-04-04 22:47 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-10 22:53 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-10 04:24 . 2012-05-10 04:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 14:46 . 2011-12-01 19:42  70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:47 . 2011-11-23 16:39 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2011-11-19 15:00 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 00:44 . 2012-03-21 00:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-05-09 23:15 . 2012-05-09 23:15 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-30_21.17.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-31 14:46 . 2012-05-31 14:46 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-05-31 14:46 . 2012-05-31 14:46 257696 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-05-31 14:46 . 2012-05-31 14:46 8797856 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C80 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE" [2001-10-04 69632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-05-16 30248]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MediaChecker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MediaChecker.lnk
backup=c:\windows\pss\MediaChecker.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-06-01 01:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-05-16 22:59 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 20:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 20:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]
2006-12-15 15:45 787096 ----a-w- c:\program files\HOTALBUMMyBOX\MBBalloon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-22 22:20 339968 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-01 16:48 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [6/5/2008 9:00 PM 15172]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/19/2011 11:00 AM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/19/2011 11:00 AM 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/9/2012 7:15 PM 129976]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/16/2009 6:52 PM 47360]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [11/10/2011 12:45 PM 111872]
S3 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-04 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 71.89.132.13 71.89.132.59
FF - ProfilePath - c:\documents and settings\Dan Gentner\Application Data\Mozilla\Firefox\Profiles\cobodq9j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cbssports.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-04 15:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vsdatant]
"ImagePath"="a"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,b3,aa,a1,34,77,eb,47,b9,4f,76,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,b3,aa,a1,34,77,eb,47,b9,4f,76,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2228)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-06-04 15:30:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-04 19:30
ComboFix2.txt 2012-06-02 06:13
ComboFix3.txt 2012-05-31 15:17
ComboFix4.txt 2012-05-30 21:22
.
Pre-Run: 29,131,464,704 bytes free
Post-Run: 29,110,198,272 bytes free
.
- - End Of File - - 1B43F5B3A1C8BEB95707B5238469C09C


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vsdatant]
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.


----------



## Cookiegal (Aug 27, 2003)

Please run OTL again but this time under "Custom Scans/Fixes" copy and paste:

*netsvcs*

Then click on "Run Scan". Copy and paste the report please.


----------



## Dantana21 (Nov 1, 2009)

ComboFix 12-06-04.02 - Dan Gentner 06/04/2012 18:33:43.14.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.597 [GMT -4:00]
Running from: c:\documents and settings\Dan Gentner\Desktop\puppy.exe.exe
Command switches used :: c:\documents and settings\Dan Gentner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\atapi.sys 
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 19:31 . 2012-05-08 13:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{770A2807-6D09-4920-B649-94816673E737}\mpengine.dll
2012-06-02 15:38 . 2012-05-08 13:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-31 14:46 . 2012-05-31 14:46 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-24 23:39 . 2012-05-24 23:39 -------- d-----w- c:\documents and settings\Dan Gentner\Local Settings\Application Data\PCHealth
2012-05-24 23:39 . 2012-05-24 23:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2012-05-24 23:39 . 2012-05-24 23:39 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-22 17:44 . 2012-05-22 17:44 -------- d-----w- c:\program files\ESET
2012-05-22 17:14 . 2012-05-22 17:14 -------- d-----w- C:\_OTS
2012-05-16 04:34 . 2012-05-16 04:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-05-16 04:20 . 2012-05-16 04:22 -------- d-----w- c:\program files\iTunes
2012-05-16 04:20 . 2012-05-16 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-05-16 04:15 . 2012-05-16 04:15 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2012-05-14 02:51 . 2012-05-14 02:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-14 02:01 . 2012-05-14 02:01 -------- d-----w- c:\documents and settings\Dan Gentner\Application Data\SUPERAntiSpyware.com
2012-05-14 02:00 . 2012-05-14 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-11 20:33 . 2012-05-11 20:35 -------- d-----w- c:\windows\system32\NtmsData
2012-05-10 22:53 . 2012-05-10 22:53 -------- d-----w- c:\program files\Common Files\Java
2012-05-10 22:53 . 2012-05-10 22:53 -------- d-----w- c:\program files\Oracle
2012-05-10 22:53 . 2012-05-10 22:53 -------- d-----w- c:\documents and settings\Dan Gentner\Application Data\Oracle
2012-05-10 22:53 . 2012-04-04 22:47 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-10 22:53 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-10 04:24 . 2012-05-10 04:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 14:46 . 2011-12-01 19:42 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:47 . 2011-11-23 16:39 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2011-11-19 15:00 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 00:44 . 2012-03-21 00:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-05-09 23:15 . 2012-05-09 23:15 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-30_21.17.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-31 14:46 . 2012-05-31 14:46 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-05-31 14:46 . 2012-05-31 14:46 257696 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-05-31 14:46 . 2012-05-31 14:46 8797856 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C80 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE" [2001-10-04 69632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-05-16 30248]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MediaChecker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MediaChecker.lnk
backup=c:\windows\pss\MediaChecker.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-06-01 01:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-05-16 22:59 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 20:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 20:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]
2006-12-15 15:45 787096 ----a-w- c:\program files\HOTALBUMMyBOX\MBBalloon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-22 22:20 339968 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-01 16:48 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [6/5/2008 9:00 PM 15172]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/19/2011 11:00 AM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/19/2011 11:00 AM 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/9/2012 7:15 PM 129976]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/16/2009 6:52 PM 47360]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [11/10/2011 12:45 PM 111872]
S3 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-04 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 71.89.132.13 71.89.132.59
FF - ProfilePath - c:\documents and settings\Dan Gentner\Application Data\Mozilla\Firefox\Profiles\cobodq9j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cbssports.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-04 18:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3168)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-06-04 18:48:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-04 22:48
ComboFix2.txt 2012-06-04 19:30
ComboFix3.txt 2012-06-02 06:13
ComboFix4.txt 2012-05-31 15:17
ComboFix5.txt 2012-06-04 22:32
.
Pre-Run: 29,062,959,104 bytes free
Post-Run: 29,075,730,432 bytes free
.
- - End Of File - - 3370EC54BDF99AC8EE93109EAA825662

OTL logfile created on: 6/4/2012 6:51:33 PM - Run 2
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Dan Gentner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 454.42 Mb Available Physical Memory | 44.46% Memory free
2.40 Gb Paging File | 1.98 Gb Available in Paging File | 82.26% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 27.10 Gb Free Space | 36.38% Space Free | Partition Type: NTFS

Computer Name: DAN | User Name: Dan Gentner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/01 16:32:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Gentner\Desktop\OTL.exe
PRC - [2012/05/09 19:15:38 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/07 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/06/13 16:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
PRC - [2004/03/29 17:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
PRC - [2001/10/04 03:01:00 | 000,069,632 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_A10IC2.EXE

========== Modules (No Company Name) ==========

MOD - [2012/05/31 10:46:07 | 008,797,856 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/05/09 19:15:37 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2005/08/10 16:36:52 | 000,045,056 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\Security.dll
MOD - [2005/06/13 16:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
MOD - [2004/03/29 17:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
MOD - [2003/10/08 12:23:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\RM_DEV_CODE.dll
MOD - [2003/06/30 16:37:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\ProcNICs.dll
MOD - [2002/10/03 12:57:30 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\PingDLL.dll
MOD - [2002/04/09 08:49:22 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\GEMWEP.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/05/09 19:15:37 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2008/07/29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/04/13 20:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 20:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 20:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 20:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 20:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2007/03/19 21:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2004/03/29 17:08:16 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe -- (Belkin Wireless USB Network Adapter Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- System32\Drivers\MpFirewall.sys -- (MPFIREWL)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\DANGEN~1\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\puppy.exe\catchme.sys -- (catchme)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/14 15:06:52 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/06/05 21:00:45 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PzWDM.sys -- (PzWDM)
DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2005/11/18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/07 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/03 00:00:36 | 000,232,192 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/06/14 17:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/03/17 08:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/03/17 08:50:36 | 000,165,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/03/17 08:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/04 06:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/04 06:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/03 22:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{82379F3A-A4E3-462E-AD58-4BDCA52AC078}: "URL" = http://search.avg.com/route/?d=4aee599a&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.cbssports.com/"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}:7.0.01
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/08 12:10:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/08 12:10:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/09 19:15:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/10 18:53:08 | 000,000,000 | ---D | M]

[2008/09/02 19:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan Gentner\Application Data\Mozilla\Extensions
[2012/05/09 16:52:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan Gentner\Application Data\Mozilla\Firefox\Profiles\cobodq9j.default\extensions
[2010/05/28 11:19:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dan Gentner\Application Data\Mozilla\Firefox\Profiles\cobodq9j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/10 00:06:49 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Dan Gentner\Application Data\Mozilla\Firefox\Profiles\cobodq9j.default\extensions\[email protected]
[2012/05/09 19:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/09 19:15:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/09 19:15:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/09 19:15:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/04 18:41:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.89.132.13 71.89.132.59
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{056FC7EA-37A0-49E7-949C-A88D618C11C7}: DhcpNameServer = 71.89.132.13 71.89.132.59
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Dan Gentner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan Gentner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/05 18:45:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/06/04 18:48:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/06/04 15:10:45 | 004,536,351 | R--- | C] (Swearware) -- C:\Documents and Settings\Dan Gentner\Desktop\puppy.exe.exe
[2012/06/01 20:50:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Gentner\Desktop\Music
[2012/06/01 16:35:13 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan Gentner\Desktop\OTL.exe
[2012/05/31 10:46:07 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/24 19:39:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Gentner\Local Settings\Application Data\PCHealth
[2012/05/24 19:39:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2012/05/24 19:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/05/23 17:56:41 | 010,288,512 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Dan Gentner\Desktop\mseinstall.exe
[2012/05/23 17:56:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dan Gentner\Desktop\aswMBR.exe
[2012/05/22 13:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/22 13:14:46 | 000,000,000 | ---D | C] -- C:\_OTS
[2012/05/21 23:13:22 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan Gentner\Desktop\OTS.exe
[2012/05/17 17:51:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/17 14:29:05 | 002,126,424 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dan Gentner\Desktop\tdsskiller.exe
[2012/05/17 01:35:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/17 01:35:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/17 01:35:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/17 01:35:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/17 01:34:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/16 11:17:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Dan Gentner\Desktop\dds.com
[2012/05/16 00:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012/05/16 00:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/05/16 00:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/16 00:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/16 00:15:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2012/05/16 00:05:43 | 074,982,768 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Dan Gentner\Desktop\iTunesSetup.exe
[2012/05/13 22:51:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/05/13 22:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/13 22:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Gentner\Application Data\SUPERAntiSpyware.com
[2012/05/13 22:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/05/13 11:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/05/11 16:33:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/05/10 18:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/05/10 18:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/05/10 18:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Gentner\Application Data\Oracle
[2012/05/10 18:53:08 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/05/10 18:53:08 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/05/10 18:53:08 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/05/10 18:52:57 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/05/10 18:52:57 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/05/09 19:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/09 19:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

========== Files - Modified Within 30 Days ==========

[2012/06/04 18:51:21 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/04 18:41:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/04 18:41:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/04 18:41:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/04 15:07:44 | 004,536,351 | R--- | M] (Swearware) -- C:\Documents and Settings\Dan Gentner\Desktop\puppy.exe.exe
[2012/06/04 00:08:28 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/03 23:53:36 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Dan Gentner\Desktop\HiJackThis.lnk
[2012/06/03 23:48:44 | 003,450,990 | ---- | M] () -- C:\Documents and Settings\Dan Gentner\Desktop\Wiz Khalifa - Work Hard Play Hard.mp3
[2012/06/01 16:32:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Gentner\Desktop\OTL.exe
[2012/06/01 16:27:00 | 000,001,023 | ---- | M] () -- C:\Documents and Settings\Dan Gentner\Desktop\OTL.exe.part
[2012/05/31 10:46:07 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/31 10:46:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/30 23:16:07 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Dan Gentner\Desktop\SystemLook(1).exe
[2012/05/24 19:40:10 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/05/23 18:44:43 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dan Gentner\Desktop\MBR.dat
[2012/05/23 18:29:18 | 002,639,287 | ---- | M] () -- C:\Documents and Settings\Dan Gentner\Desktop\Chris Young - You.mp3
[2012/05/23 17:57:48 | 010,288,512 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Dan Gentner\Desktop\mseinstall.exe
[2012/05/23 17:57:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dan Gentner\Desktop\aswMBR.exe
[2012/05/21 23:09:58 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Gentner\Desktop\OTS.exe
[2012/05/17 17:51:29 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/17 14:25:10 | 002,126,424 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dan Gentner\Desktop\tdsskiller.exe
[2012/05/16 14:51:10 | 000,462,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/16 14:51:10 | 000,079,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/16 11:23:33 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Dan Gentner\Desktop\r34m8hvw.exe
[2012/05/16 11:17:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Dan Gentner\Desktop\dds.com
[2012/05/16 00:22:42 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/05/16 00:11:20 | 074,982,768 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Dan Gentner\Desktop\iTunesSetup.exe
[2012/05/15 12:54:50 | 003,514,513 | ---- | M] () -- C:\Documents and Settings\Dan Gentner\Desktop\Old Crow Medicine Show - Wagon Wheel Official Music Video.mp3
[2012/05/15 12:54:09 | 004,073,316 | ---- | M] () -- C:\Documents and Settings\Dan Gentner\Desktop\Springsteen - Eric Church LYRICS.mp3
[2012/05/14 19:01:39 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2012/05/13 22:51:58 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/11 17:01:32 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/11 12:03:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/10 18:52:40 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/05/10 18:52:40 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/05/08 23:54:58 | 000,127,488 | ---- | M] () -- C:\Documents and Settings\Dan Gentner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/06/01 16:26:55 | 000,001,023 | ---- | C] () -- C:\Documents and Settings\Dan Gentner\Desktop\OTL.exe.part
[2012/05/30 23:46:55 | 003,450,990 | ---- | C] () -- C:\Documents and Settings\Dan Gentner\Desktop\Wiz Khalifa - Work Hard Play Hard.mp3
[2012/05/30 23:16:07 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Dan Gentner\Desktop\SystemLook(1).exe
[2012/05/24 19:39:53 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/23 18:44:43 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dan Gentner\Desktop\MBR.dat
[2012/05/23 12:49:51 | 002,639,287 | ---- | C] () -- C:\Documents and Settings\Dan Gentner\Desktop\Chris Young - You.mp3
[2012/05/17 17:51:28 | 000,000,281 | ---- | C] () -- C:\Boot.bak
[2012/05/17 01:35:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/17 01:35:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/17 01:35:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/17 01:35:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/17 01:35:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/16 11:23:29 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Dan Gentner\Desktop\r34m8hvw.exe
[2012/05/16 00:22:42 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/05/15 12:52:52 | 003,514,513 | ---- | C] () -- C:\Documents and Settings\Dan Gentner\Desktop\Old Crow Medicine Show - Wagon Wheel Official Music Video.mp3
[2012/05/15 01:24:32 | 004,073,316 | ---- | C] () -- C:\Documents and Settings\Dan Gentner\Desktop\Springsteen - Eric Church LYRICS.mp3
[2012/05/13 22:51:58 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/13 11:43:35 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/10 01:31:54 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/09 19:15:45 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/18 12:25:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
[2011/11/18 12:25:45 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2011/11/10 12:45:08 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Please go  here and download the *TDSSKiller.exe* to your desktop.

Double-click to TDSSKiller.exe on your desktop to run it.
Click on *Start Scan*
As we don't want to fix anything yet, if any malicious objects are detected, *do NOT select Cure* but select *Skip* instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.


----------



## Dantana21 (Nov 1, 2009)

22:37:28.0968 3516 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
22:37:30.0984 3516 ============================================================
22:37:30.0984 3516 Current date / time: 2012/06/04 22:37:30.0984
22:37:30.0984 3516 SystemInfo:
22:37:30.0984 3516 
22:37:30.0984 3516 OS Version: 5.1.2600 ServicePack: 3.0
22:37:30.0984 3516 Product type: Workstation
22:37:30.0984 3516 ComputerName: DAN
22:37:30.0984 3516 UserName: Dan Gentner
22:37:30.0984 3516 Windows directory: C:\WINDOWS
22:37:30.0984 3516 System windows directory: C:\WINDOWS
22:37:30.0984 3516 Processor architecture: Intel x86
22:37:30.0984 3516 Number of processors: 2
22:37:30.0984 3516 Page size: 0x1000
22:37:30.0984 3516 Boot type: Normal boot
22:37:30.0984 3516 ============================================================
22:37:33.0000 3516 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:37:33.0140 3516 Drive \Device\Harddisk1\DR2 - Size: 0x76A4FE00 (1.85 Gb), SectorSize: 0x200, Cylinders: 0xF2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:37:33.0140 3516 ============================================================
22:37:33.0140 3516 \Device\Harddisk0\DR0:
22:37:33.0140 3516 MBR partitions:
22:37:33.0140 3516 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
22:37:33.0140 3516 \Device\Harddisk1\DR2:
22:37:33.0140 3516 MBR partitions:
22:37:33.0140 3516 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xE, StartLBA 0x10, BlocksNum 0x3B526F
22:37:33.0140 3516 ============================================================
22:37:33.0203 3516 C: <-> \Device\Harddisk0\DR0\Partition0
22:37:33.0203 3516 ============================================================
22:37:33.0203 3516 Initialize success
22:37:33.0203 3516 ============================================================
22:37:39.0546 3692 ============================================================
22:37:39.0546 3692 Scan started
22:37:39.0546 3692 Mode: Manual; 
22:37:39.0546 3692 ============================================================
22:37:39.0953 3692 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:37:39.0953 3692 !SASCORE - ok
22:37:40.0156 3692 Abiosdsk - ok
22:37:40.0171 3692 abp480n5 - ok
22:37:40.0250 3692 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:37:40.0250 3692 ACPI - ok
22:37:40.0296 3692 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:37:40.0296 3692 ACPIEC - ok
22:37:40.0312 3692 adpu160m - ok
22:37:40.0375 3692 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:37:40.0375 3692 aec - ok
22:37:40.0421 3692 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:37:40.0453 3692 AegisP - ok
22:37:40.0515 3692 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
22:37:40.0515 3692 AFD - ok
22:37:40.0531 3692 Aha154x - ok
22:37:40.0562 3692 aic78u2 - ok
22:37:40.0578 3692 aic78xx - ok
22:37:40.0625 3692 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:37:40.0625 3692 Alerter - ok
22:37:40.0671 3692 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:37:40.0671 3692 ALG - ok
22:37:40.0687 3692 AliIde - ok
22:37:40.0718 3692 amsint - ok
22:37:40.0828 3692 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:37:40.0828 3692 Apple Mobile Device - ok
22:37:40.0859 3692 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:37:40.0906 3692 AppMgmt - ok
22:37:40.0953 3692 AresChatServer (d0c8b41a2690cd3b57783c759b3b72d5) C:\Program Files\Ares\chatServer.exe
22:37:40.0984 3692 AresChatServer - ok
22:37:41.0046 3692 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:37:41.0046 3692 Arp1394 - ok
22:37:41.0062 3692 asc - ok
22:37:41.0093 3692 asc3350p - ok
22:37:41.0109 3692 asc3550 - ok
22:37:41.0250 3692 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:37:41.0312 3692 aspnet_state - ok
22:37:41.0328 3692 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:37:41.0328 3692 AsyncMac - ok
22:37:41.0359 3692 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:37:41.0437 3692 atapi - ok
22:37:41.0453 3692 Atdisk - ok
22:37:41.0515 3692 Ati HotKey Poller (c03be4819ef9052ae7bfd667617b9351) C:\WINDOWS\system32\Ati2evxx.exe
22:37:41.0765 3692 Ati HotKey Poller - ok
22:37:41.0828 3692 ATI Smart (de86cd9f6fd6d86a1f7d1f8b19f50a96) C:\WINDOWS\system32\ati2sgag.exe
22:37:42.0890 3692 ATI Smart - ok
22:37:42.0953 3692 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:37:42.0953 3692 ati2mtag - ok
22:37:43.0000 3692 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:37:43.0015 3692 Atmarpc - ok
22:37:43.0062 3692 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:37:43.0062 3692 AudioSrv - ok
22:37:43.0109 3692 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:37:43.0109 3692 audstub - ok
22:37:43.0187 3692 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:37:43.0187 3692 Beep - ok
22:37:43.0328 3692 Belkin Wireless USB Network Adapter Service (ee684c735b6d1d07498a1ec2ea1ae483) C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
22:37:43.0375 3692 Belkin Wireless USB Network Adapter Service - ok
22:37:43.0437 3692 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:37:43.0531 3692 BITS - ok
22:37:43.0609 3692 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:37:43.0656 3692 Bonjour Service - ok
22:37:43.0687 3692 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:37:43.0687 3692 Browser - ok
22:37:43.0703 3692 catchme - ok
22:37:43.0765 3692 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:37:43.0765 3692 cbidf2k - ok
22:37:43.0781 3692 cd20xrnt - ok
22:37:43.0828 3692 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:37:43.0828 3692 Cdaudio - ok
22:37:43.0890 3692 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:37:43.0890 3692 Cdfs - ok
22:37:43.0921 3692 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:37:43.0921 3692 Cdrom - ok
22:37:43.0968 3692 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
22:37:44.0000 3692 cercsr6 - ok
22:37:44.0015 3692 Changer - ok
22:37:44.0046 3692 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:37:44.0046 3692 CiSvc - ok
22:37:44.0062 3692 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:37:44.0078 3692 ClipSrv - ok
22:37:44.0156 3692 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:37:44.0218 3692 clr_optimization_v2.0.50727_32 - ok
22:37:44.0234 3692 CmdIde - ok
22:37:44.0265 3692 COMSysApp - ok
22:37:44.0312 3692 Cpqarray - ok
22:37:44.0359 3692 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:37:44.0375 3692 CryptSvc - ok
22:37:44.0375 3692 dac2w2k - ok
22:37:44.0406 3692 dac960nt - ok
22:37:44.0515 3692 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:37:44.0546 3692 DcomLaunch - ok
22:37:44.0593 3692 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:37:44.0609 3692 Dhcp - ok
22:37:44.0625 3692 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:37:44.0625 3692 Disk - ok
22:37:44.0687 3692 DLABOIOM (d8d58a84f3ece3359df95fd2e459b330) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
22:37:44.0703 3692 DLABOIOM - ok
22:37:44.0718 3692 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
22:37:44.0750 3692 DLACDBHM - ok
22:37:44.0765 3692 DLADResN (27c78078bd9c4f2de2ad3eb04bfe101b) C:\WINDOWS\system32\DLA\DLADResN.SYS
22:37:44.0796 3692 DLADResN - ok
22:37:44.0843 3692 DLAIFS_M (7f2d93e560b763ef5d11422d78da8ed0) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
22:37:44.0890 3692 DLAIFS_M - ok
22:37:44.0906 3692 DLAOPIOM (f643637de6aac57e38d197aa63d9ea74) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
22:37:44.0921 3692 DLAOPIOM - ok
22:37:44.0937 3692 DLAPoolM (340705474807f57a46d59d18fc2959f1) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
22:37:44.0953 3692 DLAPoolM - ok
22:37:44.0968 3692 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
22:37:45.0015 3692 DLARTL_N - ok
22:37:45.0031 3692 DLAUDFAM (6984ea763907c045ce813468882bc587) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
22:37:45.0078 3692 DLAUDFAM - ok
22:37:45.0093 3692 DLAUDF_M (12b30c449cfd36adbed53eb6560933c6) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
22:37:45.0140 3692 DLAUDF_M - ok
22:37:45.0156 3692 dmadmin - ok
22:37:45.0234 3692 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:37:45.0265 3692 dmboot - ok
22:37:45.0281 3692 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:37:45.0296 3692 dmio - ok
22:37:45.0328 3692 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:37:45.0328 3692 dmload - ok
22:37:45.0375 3692 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:37:45.0375 3692 dmserver - ok
22:37:45.0421 3692 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:37:45.0421 3692 DMusic - ok
22:37:45.0453 3692 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
22:37:45.0453 3692 Dnscache - ok
22:37:45.0500 3692 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:37:45.0500 3692 Dot3svc - ok
22:37:45.0515 3692 dpti2o - ok
22:37:45.0546 3692 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:37:45.0546 3692 drmkaud - ok
22:37:45.0578 3692 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
22:37:45.0593 3692 DRVMCDB - ok
22:37:45.0609 3692 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
22:37:46.0968 3692 DRVNDDM - ok
22:37:47.0031 3692 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:37:47.0031 3692 E100B - ok
22:37:47.0078 3692 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:37:47.0078 3692 EapHost - ok
22:37:47.0125 3692 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:37:47.0125 3692 ERSvc - ok
22:37:47.0187 3692 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:37:47.0203 3692 Eventlog - ok
22:37:47.0281 3692 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:37:47.0281 3692 EventSystem - ok
22:37:47.0343 3692 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:37:47.0343 3692 Fastfat - ok
22:37:47.0390 3692 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
22:37:47.0390 3692 FastUserSwitchingCompatibility - ok
22:37:47.0406 3692 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:37:47.0406 3692 Fdc - ok
22:37:47.0453 3692 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:37:47.0453 3692 Fips - ok
22:37:47.0468 3692 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:37:47.0468 3692 Flpydisk - ok
22:37:47.0531 3692 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:37:47.0531 3692 FltMgr - ok
22:37:47.0687 3692 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:37:47.0687 3692 FontCache3.0.0.0 - ok
22:37:47.0703 3692 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:37:47.0703 3692 Fs_Rec - ok
22:37:47.0734 3692 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:37:47.0750 3692 Ftdisk - ok
22:37:47.0812 3692 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:37:47.0812 3692 GEARAspiWDM - ok
22:37:47.0875 3692 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:37:47.0875 3692 Gpc - ok
22:37:47.0906 3692 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:37:47.0906 3692 HDAudBus - ok
22:37:48.0062 3692 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:37:48.0062 3692 helpsvc - ok
22:37:48.0078 3692 HidServ - ok
22:37:48.0109 3692 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:37:48.0109 3692 hidusb - ok
22:37:48.0156 3692 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:37:48.0156 3692 hkmsvc - ok
22:37:48.0171 3692 hpn - ok
22:37:48.0250 3692 HSFHWAZL (14b15d0d803ef4ab9b525b7e2da303ef) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
22:37:48.0281 3692 HSFHWAZL - ok
22:37:48.0343 3692 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
22:37:48.0453 3692 HSF_DPV - ok
22:37:48.0515 3692 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:37:48.0531 3692 HTTP - ok
22:37:48.0593 3692 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:37:48.0593 3692 HTTPFilter - ok
22:37:48.0609 3692 i2omgmt - ok
22:37:48.0640 3692 i2omp - ok
22:37:48.0703 3692 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
22:37:48.0703 3692 i8042prt - ok
22:37:48.0765 3692 iastor (88b1943ecff661f765228099138cf6ab) C:\WINDOWS\system32\DRIVERS\iaStor.sys
22:37:48.0765 3692 iastor - ok
22:37:48.0890 3692 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:37:48.0937 3692 idsvc - ok
22:37:49.0000 3692 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:37:49.0000 3692 Imapi - ok
22:37:49.0078 3692 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:37:49.0078 3692 ImapiService - ok
22:37:49.0109 3692 ini910u - ok
22:37:49.0140 3692 IntelIde - ok
22:37:49.0203 3692 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:37:49.0203 3692 intelppm - ok
22:37:49.0218 3692 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:37:49.0218 3692 Ip6Fw - ok
22:37:49.0250 3692 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:37:49.0250 3692 IpFilterDriver - ok
22:37:49.0281 3692 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:37:49.0281 3692 IpInIp - ok
22:37:49.0343 3692 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:37:49.0343 3692 IpNat - ok
22:37:49.0531 3692 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
22:37:49.0562 3692 iPod Service - ok
22:37:49.0578 3692 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:37:49.0578 3692 IPSec - ok
22:37:49.0609 3692 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:37:49.0609 3692 IRENUM - ok
22:37:49.0640 3692 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:37:49.0640 3692 isapnp - ok
22:37:49.0750 3692 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
22:37:49.0750 3692 JavaQuickStarterService - ok
22:37:49.0796 3692 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:37:49.0796 3692 Kbdclass - ok
22:37:49.0812 3692 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:37:49.0812 3692 kbdhid - ok
22:37:49.0859 3692 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:37:49.0859 3692 kmixer - ok
22:37:49.0890 3692 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:37:49.0890 3692 KSecDD - ok
22:37:49.0953 3692 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:37:49.0953 3692 lanmanserver - ok
22:37:50.0015 3692 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:37:50.0015 3692 lanmanworkstation - ok
22:37:50.0031 3692 lbrtfdc - ok
22:37:50.0093 3692 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:37:50.0093 3692 LmHosts - ok
22:37:50.0140 3692 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
22:37:50.0140 3692 MBAMProtector - ok
22:37:50.0250 3692 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:37:50.0296 3692 MBAMService - ok
22:37:50.0343 3692 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:37:50.0343 3692 mdmxsdk - ok
22:37:50.0390 3692 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:37:50.0390 3692 Messenger - ok
22:37:50.0421 3692 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:37:50.0421 3692 mnmdd - ok
22:37:50.0453 3692 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:37:50.0453 3692 mnmsrvc - ok
22:37:50.0500 3692 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:37:50.0500 3692 Modem - ok
22:37:50.0515 3692 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:37:50.0515 3692 Mouclass - ok
22:37:50.0578 3692 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:37:50.0578 3692 mouhid - ok
22:37:50.0640 3692 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:37:50.0640 3692 MountMgr - ok
22:37:50.0671 3692 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:37:50.0671 3692 MozillaMaintenance - ok
22:37:50.0703 3692 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:37:50.0703 3692 MpFilter - ok
22:37:50.0718 3692 MPFIREWL - ok
22:37:50.0890 3692 MpKslb8536cf5 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5783505C-ADD7-468F-8C70-CBF55294D35B}\MpKslb8536cf5.sys
22:37:50.0906 3692 MpKslb8536cf5 - ok
22:37:50.0906 3692 mraid35x - ok
22:37:50.0984 3692 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:37:50.0984 3692 MRxDAV - ok
22:37:51.0046 3692 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:37:51.0062 3692 MRxSmb - ok
22:37:51.0093 3692 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:37:51.0109 3692 MSDTC - ok
22:37:51.0140 3692 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:37:51.0140 3692 Msfs - ok
22:37:51.0156 3692 MSIServer - ok
22:37:51.0203 3692 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:37:51.0203 3692 MSKSSRV - ok
22:37:51.0265 3692 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:37:51.0265 3692 MsMpSvc - ok
22:37:51.0281 3692 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:37:51.0281 3692 MSPCLOCK - ok
22:37:51.0296 3692 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:37:51.0296 3692 MSPQM - ok
22:37:51.0343 3692 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:37:51.0343 3692 mssmbios - ok
22:37:51.0359 3692 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
22:37:51.0359 3692 Mup - ok
22:37:51.0421 3692 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:37:51.0468 3692 napagent - ok
22:37:51.0500 3692 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:37:51.0500 3692 NDIS - ok
22:37:51.0546 3692 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:37:51.0546 3692 NdisTapi - ok
22:37:51.0562 3692 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:37:51.0562 3692 Ndisuio - ok
22:37:51.0593 3692 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:37:51.0593 3692 NdisWan - ok
22:37:51.0640 3692 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
22:37:51.0640 3692 NDProxy - ok
22:37:51.0671 3692 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:37:51.0671 3692 NetBIOS - ok
22:37:51.0718 3692 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:37:51.0718 3692 NetBT - ok
22:37:51.0781 3692 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:37:51.0781 3692 NetDDE - ok
22:37:51.0796 3692 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:37:51.0812 3692 NetDDEdsdm - ok
22:37:51.0937 3692 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:37:51.0953 3692 Netlogon - ok
22:37:52.0109 3692 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:37:52.0109 3692 Netman - ok
22:37:52.0265 3692 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:37:52.0265 3692 NetTcpPortSharing - ok
22:37:52.0312 3692 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:37:52.0312 3692 NIC1394 - ok
22:37:52.0421 3692 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
22:37:52.0437 3692 Nla - ok
22:37:52.0500 3692 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:37:52.0500 3692 Npfs - ok
22:37:52.0531 3692 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:37:52.0546 3692 Ntfs - ok
22:37:52.0562 3692 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:37:52.0562 3692 NtLmSsp - ok
22:37:52.0625 3692 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:37:52.0640 3692 NtmsSvc - ok
22:37:52.0671 3692 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:37:52.0687 3692 Null - ok
22:37:52.0703 3692 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:37:52.0703 3692 NwlnkFlt - ok
22:37:52.0734 3692 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:37:52.0734 3692 NwlnkFwd - ok
22:37:52.0765 3692 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:37:52.0765 3692 ohci1394 - ok
22:37:52.0843 3692 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:37:52.0843 3692 ose - ok
22:37:52.0906 3692 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:37:52.0921 3692 Parport - ok
22:37:52.0937 3692 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:37:52.0937 3692 PartMgr - ok
22:37:52.0984 3692 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:37:52.0984 3692 ParVdm - ok
22:37:53.0000 3692 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:37:53.0000 3692 PCI - ok
22:37:53.0031 3692 PCIDump - ok
22:37:53.0062 3692 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:37:53.0062 3692 PCIIde - ok
22:37:53.0093 3692 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:37:53.0109 3692 Pcmcia - ok
22:37:53.0125 3692 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
22:37:53.0140 3692 pcouffin - ok
22:37:53.0156 3692 PDCOMP - ok
22:37:53.0171 3692 PDFRAME - ok
22:37:53.0203 3692 PDRELI - ok
22:37:53.0234 3692 PDRFRAME - ok
22:37:53.0265 3692 perc2 - ok
22:37:53.0296 3692 perc2hib - ok
22:37:53.0406 3692 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:37:53.0406 3692 PlugPlay - ok
22:37:53.0421 3692 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:37:53.0421 3692 PolicyAgent - ok
22:37:53.0453 3692 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:37:53.0468 3692 PptpMiniport - ok
22:37:53.0484 3692 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:37:53.0484 3692 ProtectedStorage - ok
22:37:53.0515 3692 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:37:53.0515 3692 PSched - ok
22:37:53.0546 3692 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:37:53.0546 3692 Ptilink - ok
22:37:53.0578 3692 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:37:53.0578 3692 PxHelp20 - ok
22:37:53.0609 3692 PzWDM (36cf3653d367cbc72a38625543f3d4d1) C:\WINDOWS\system32\Drivers\PzWDM.sys
22:37:53.0609 3692 PzWDM - ok
22:37:53.0640 3692 ql1080 - ok
22:37:53.0671 3692 Ql10wnt - ok
22:37:53.0687 3692 ql12160 - ok
22:37:53.0718 3692 ql1240 - ok
22:37:53.0750 3692 ql1280 - ok
22:37:53.0781 3692 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:37:53.0781 3692 RasAcd - ok
22:37:53.0828 3692 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:37:53.0828 3692 RasAuto - ok
22:37:53.0875 3692 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:37:53.0875 3692 Rasl2tp - ok
22:37:53.0937 3692 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:37:53.0984 3692 RasMan - ok
22:37:54.0000 3692 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:37:54.0000 3692 RasPppoe - ok
22:37:54.0015 3692 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:37:54.0015 3692 Raspti - ok
22:37:54.0062 3692 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:37:54.0062 3692 Rdbss - ok
22:37:54.0078 3692 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:37:54.0078 3692 RDPCDD - ok
22:37:54.0140 3692 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:37:54.0140 3692 rdpdr - ok
22:37:54.0203 3692 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
22:37:54.0218 3692 RDPWD - ok
22:37:54.0234 3692 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:37:54.0250 3692 RDSessMgr - ok
22:37:54.0296 3692 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:37:54.0296 3692 redbook - ok
22:37:54.0328 3692 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:37:54.0328 3692 RemoteAccess - ok
22:37:54.0375 3692 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:37:54.0375 3692 RemoteRegistry - ok
22:37:54.0421 3692 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:37:54.0421 3692 RpcLocator - ok
22:37:54.0468 3692 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
22:37:54.0484 3692 RpcSs - ok
22:37:54.0515 3692 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:37:54.0546 3692 RSVP - ok
22:37:54.0593 3692 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
22:37:54.0593 3692 RT73 - ok
22:37:54.0656 3692 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:37:54.0656 3692 SamSs - ok
22:37:54.0781 3692 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:37:54.0781 3692 SASDIFSV - ok
22:37:54.0843 3692 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:37:54.0843 3692 SASKUTIL - ok
22:37:54.0875 3692 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:37:54.0890 3692 SCardSvr - ok
22:37:54.0937 3692 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:37:54.0984 3692 Schedule - ok
22:37:55.0031 3692 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:37:55.0031 3692 Secdrv - ok
22:37:55.0078 3692 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:37:55.0078 3692 seclogon - ok
22:37:55.0140 3692 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:37:55.0140 3692 SENS - ok
22:37:55.0187 3692 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
22:37:55.0187 3692 Serial - ok
22:37:55.0265 3692 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:37:55.0296 3692 Sfloppy - ok
22:37:55.0359 3692 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:37:55.0359 3692 SharedAccess - ok
22:37:55.0421 3692 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
22:37:55.0421 3692 ShellHWDetection - ok
22:37:55.0437 3692 Simbad - ok
22:37:55.0484 3692 Sparrow - ok
22:37:55.0546 3692 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:37:55.0546 3692 splitter - ok
22:37:55.0609 3692 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
22:37:55.0609 3692 Spooler - ok
22:37:55.0671 3692 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:37:55.0671 3692 sr - ok
22:37:55.0703 3692 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:37:55.0718 3692 srservice - ok
22:37:55.0765 3692 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
22:37:55.0765 3692 Srv - ok
22:37:55.0812 3692 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:37:55.0812 3692 SSDPSRV - ok
22:37:55.0859 3692 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys
22:37:55.0937 3692 STHDA - ok
22:37:56.0000 3692 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:37:56.0015 3692 stisvc - ok
22:37:56.0078 3692 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:37:56.0078 3692 swenum - ok
22:37:56.0093 3692 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:37:56.0093 3692 swmidi - ok
22:37:56.0125 3692 SwPrv - ok
22:37:56.0171 3692 symc810 - ok
22:37:56.0187 3692 symc8xx - ok
22:37:56.0218 3692 sym_hi - ok
22:37:56.0250 3692 sym_u3 - ok
22:37:56.0281 3692 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:37:56.0281 3692 sysaudio - ok
22:37:56.0343 3692 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:37:56.0359 3692 SysmonLog - ok
22:37:56.0390 3692 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:37:56.0406 3692 TapiSrv - ok
22:37:56.0484 3692 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:37:56.0531 3692 Tcpip - ok
22:37:56.0578 3692 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:37:56.0578 3692 TDPIPE - ok
22:37:56.0625 3692 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:37:56.0625 3692 TDTCP - ok
22:37:56.0656 3692 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:37:56.0656 3692 TermDD - ok
22:37:56.0703 3692 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:37:56.0703 3692 TermService - ok
22:37:56.0734 3692 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
22:37:56.0734 3692 Themes - ok
22:37:56.0781 3692 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
22:37:56.0796 3692 TlntSvr - ok
22:37:56.0812 3692 TosIde - ok
22:37:56.0843 3692 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:37:56.0843 3692 TrkWks - ok
22:37:56.0906 3692 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
22:37:57.0015 3692 TrueSight - ok
22:37:57.0093 3692 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:37:57.0093 3692 Udfs - ok
22:37:57.0109 3692 UIUSys - ok
22:37:57.0140 3692 ultra - ok
22:37:57.0218 3692 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:37:57.0250 3692 Update - ok
22:37:57.0281 3692 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:37:57.0281 3692 upnphost - ok
22:37:57.0328 3692 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:37:57.0328 3692 UPS - ok
22:37:57.0375 3692 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:37:57.0375 3692 USBAAPL - ok
22:37:57.0437 3692 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:37:57.0437 3692 usbccgp - ok
22:37:57.0468 3692 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:37:57.0468 3692 usbehci - ok
22:37:57.0515 3692 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:37:57.0515 3692 usbhub - ok
22:37:57.0578 3692 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:37:57.0578 3692 usbprint - ok
22:37:57.0625 3692 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:37:57.0625 3692 usbscan - ok
22:37:57.0671 3692 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:37:57.0671 3692 USBSTOR - ok
22:37:57.0718 3692 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:37:57.0718 3692 usbuhci - ok
22:37:57.0765 3692 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:37:57.0765 3692 VgaSave - ok
22:37:57.0781 3692 ViaIde - ok
22:37:57.0890 3692 Viewpoint Manager Service - ok
22:37:57.0937 3692 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:37:57.0937 3692 VolSnap - ok
22:37:57.0984 3692 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:37:58.0000 3692 VSS - ok
22:37:58.0046 3692 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:37:58.0078 3692 W32Time - ok
22:37:58.0140 3692 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:37:58.0140 3692 Wanarp - ok
22:37:58.0156 3692 WDICA - ok
22:37:58.0187 3692 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:37:58.0187 3692 wdmaud - ok
22:37:58.0250 3692 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:37:58.0265 3692 WebClient - ok
22:37:58.0359 3692 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:37:58.0500 3692 winachsf - ok
22:37:58.0625 3692 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:37:58.0625 3692 winmgmt - ok
22:37:58.0703 3692 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:37:58.0703 3692 WmdmPmSN - ok
22:37:58.0765 3692 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:37:58.0781 3692 Wmi - ok
22:37:58.0843 3692 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:37:58.0843 3692 WmiApSrv - ok
22:37:58.0968 3692 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:37:59.0000 3692 WMPNetworkSvc - ok
22:37:59.0031 3692 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:37:59.0031 3692 WS2IFSL - ok
22:37:59.0078 3692 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:37:59.0078 3692 wscsvc - ok
22:37:59.0109 3692 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:37:59.0125 3692 wuauserv - ok
22:37:59.0171 3692 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:37:59.0171 3692 WudfPf - ok
22:37:59.0187 3692 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:37:59.0187 3692 WudfRd - ok
22:37:59.0218 3692 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:37:59.0234 3692 WudfSvc - ok
22:37:59.0281 3692 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:37:59.0312 3692 WZCSVC - ok
22:37:59.0375 3692 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:37:59.0421 3692 xmlprov - ok
22:37:59.0484 3692 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:37:59.0953 3692 \Device\Harddisk0\DR0 - ok
22:37:59.0968 3692 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR2
22:38:11.0078 3692 \Device\Harddisk1\DR2 - ok
22:38:11.0093 3692 Boot (0x1200) (fa91ea5d4340c49075df74a279db0650) \Device\Harddisk0\DR0\Partition0
22:38:11.0093 3692 \Device\Harddisk0\DR0\Partition0 - ok
22:38:11.0109 3692 Boot (0x1200) (ab5ae6b952a8e0bb1cbb425cb3036113) \Device\Harddisk1\DR2\Partition0
22:38:11.0109 3692 \Device\Harddisk1\DR2\Partition0 - ok
22:38:11.0125 3692 ============================================================
22:38:11.0125 3692 Scan finished
22:38:11.0125 3692 ============================================================
22:38:11.0156 3056 Detected object count: 0
22:38:11.0156 3056 Actual detected object count: 0


----------



## Cookiegal (Aug 27, 2003)

Please download *MBRCheck.exe* to your desktop.

Be sure to disable your security programs prior to running the tool. 
Double click on MBRCheck.exe to run it. Please allow any prompts popped by Windows in order to run the tool.
_(Vista and Windows 7 users will have to confirm the UAC prompt)_
A command window will pop open and run. If any unknown MBR Code is found, you will have further options prompted, at this time please press *N* then press *Enter*.
Press *Enter* again to exit the program.
If nothing unusual is found, you will be shown the machine MBR status. Just press *Enter* to exit.
A text file named *MBRCheck_mm.dd.yy_hh.mm.ss* should appear on your desktop. Please post the contents of that file.


----------



## Dantana21 (Nov 1, 2009)

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line: 
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000006d

Kernel Drivers (total 138):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7992000 \WINDOWS\system32\KDCOM.DLL
0xF78A2000 \WINDOWS\system32\BOOTVID.dll
0xF7363000 ACPI.sys
0xF7994000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7352000 pci.sys
0xF7492000 isapnp.sys
0xF74A2000 ohci1394.sys
0xF74B2000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A5A000 pciide.sys
0xF7712000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74C2000 MountMgr.sys
0xF7333000 ftdisk.sys
0xF7996000 dmload.sys
0xF730D000 dmio.sys
0xF771A000 PartMgr.sys
0xF74D2000 VolSnap.sys
0xF724D000 iaStor.sys
0xF7235000 atapi.sys
0xF7722000 cercsr6.sys
0xF721D000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF74E2000 disk.sys
0xF74F2000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF71FD000 fltmgr.sys
0xF71EB000 sr.sys
0xF71C3000 MpFilter.sys
0xF71AD000 DRVMCDB.SYS
0xF7502000 PxHelp20.sys
0xF78A6000 PzWDM.sys
0xF7196000 KSecDD.sys
0xF7109000 Ntfs.sys
0xF70DC000 NDIS.sys
0xF70C2000 Mup.sys
0xF7522000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF76A2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6992000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF696A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF77BA000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6946000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77C2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77CA000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF76B2000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF79C0000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF76C2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76D2000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6906000 \SystemRoot\system32\DRIVERS\ks.sys
0xF77D2000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7B2D000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76E2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7059000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF68EF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76F2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6E03000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77DA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF68DE000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6DF3000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77E2000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77EA000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF68AE000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF6DE3000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF77F2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF77FA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79C2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6850000 \SystemRoot\system32\DRIVERS\update.sys
0xF7956000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6DB3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF649B000 \SystemRoot\system32\drivers\sthda.sys
0xF6477000 \SystemRoot\system32\drivers\portcls.sys
0xF7582000 \SystemRoot\system32\drivers\drmk.sys
0xF63AE000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xF62B1000 \SystemRoot\system32\DRIVERS\HSF_DPV.SYS
0xF6204000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF785A000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7592000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79D6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF778A000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7A06000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7AC7000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A08000 \SystemRoot\System32\Drivers\Beep.SYS
0xF779A000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF77A2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF77AA000 \SystemRoot\System32\drivers\vga.sys
0xF7A0A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A0C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77B2000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7802000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7079000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF5192000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF5139000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF5113000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF50EB000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF6457000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7061000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF50C9000 \SystemRoot\System32\drivers\afd.sys
0xF6447000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF6437000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF50A7000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF780A000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF507C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF500C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6427000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7085000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF2D93000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF51E9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF5F8D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xEDC0A000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xECF2D000 \SystemRoot\System32\Drivers\dump_iastor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xED586000 \SystemRoot\System32\drivers\Dxapi.sys
0xEDA50000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF2D21000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7986000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xF2C08000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7A75000 \SystemRoot\System32\DLA\DLADResN.SYS
0xECB17000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xF6A89000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7A52000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xEDA30000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xECAFF000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xECAE9000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xED649000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xF07FD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xECA94000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEC9DB000 \SystemRoot\System32\Drivers\HTTP.sys
0xEC95B000 \SystemRoot\system32\DRIVERS\srv.sys
0xECA4C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xEC716000 \SystemRoot\system32\drivers\wdmaud.sys
0xEDBDA000 \SystemRoot\system32\drivers\sysaudio.sys
0xEC011000 \SystemRoot\system32\DRIVERS\rt73.sys
0xED651000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5783505C-ADD7-468F-8C70-CBF55294D35B}\MpKsldee49a82.sys
0xEBFBE000 \SystemRoot\system32\drivers\kmixer.sys
0xF776A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xEBF07000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 35):
0 System Idle Process
4 System
604 C:\WINDOWS\system32\smss.exe
672 csrss.exe
696 C:\WINDOWS\system32\winlogon.exe
740 C:\WINDOWS\system32\services.exe
752 C:\WINDOWS\system32\lsass.exe
940 C:\WINDOWS\system32\svchost.exe
988 svchost.exe
1084 C:\Program Files\Microsoft Security Client\MsMpEng.exe
1120 C:\WINDOWS\system32\svchost.exe
1248 svchost.exe
1324 svchost.exe
1604 C:\WINDOWS\system32\spoolsv.exe
1676 svchost.exe
1720 C:\Program Files\SUPERAntiSpyware\SASCore.exe
1732 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1748 C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
1772 C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
1784 C:\Program Files\Bonjour\mDNSResponder.exe
1980 C:\WINDOWS\system32\svchost.exe
156 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
400 C:\WINDOWS\system32\svchost.exe
1408 wmpnetwk.exe
488 alg.exe
2188 C:\WINDOWS\explorer.exe
2420 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
2460 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
2496 C:\Program Files\iTunes\iTunesHelper.exe
2560 C:\Program Files\Microsoft Security Client\msseces.exe
2600 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_A10IC2.EXE
3284 C:\Program Files\iPod\bin\iPodService.exe
2732 C:\WINDOWS\system32\wuauclt.exe
2272 C:\WINDOWS\system32\wscntfy.exe
3852 C:\Documents and Settings\Dan Gentner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800JD-75MSA3, Rev: 10.01E04

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


----------



## Cookiegal (Aug 27, 2003)

Please remove the copy of GMER that you already have (it's a file named r34m8hvw.exe on your desktop) and download a new one then run a new scan and post the log.

Please download GMER from: http://gmer.net/index.php

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------



## Dantana21 (Nov 1, 2009)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-05 17:49:54
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD80 rev.10.0
Running: 05frtci0.exe; Driver: C:\DOCUME~1\DANGEN~1\LOCALS~1\Temp\pxtdapob.sys

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\PzWDM.sys entry point in "init" section [0xF78A630E]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----


----------



## Cookiegal (Aug 27, 2003)

How are things with the system now?


----------



## Dantana21 (Nov 1, 2009)

Hi cookiegal, aside from the internet still acting up, the system appears to be running fine. 

Any ideas on how to fix the internet? As I've said before, I can post on here on a laptop running off the same wireless signal with no problems so the issue is clearly related to just the (formerly) infected computer. Should I reinstalling Belkin?


----------



## Cookiegal (Aug 27, 2003)

Let's try the following:

Go to *Start *- *Run *- type in cmd and click OK to open a command prompt:

Type the following command (be sure to include the space between the g and the /:

*Ipconfig /all*

Hit Enter.

Right click in the command window and choose Select All, then hit Enter.
Paste the results in a message here.

Also please do this:

You will need to transfer this small program to the infected computer via USB flash drive.

Please download *Farbar Service Scanner* and transfer it to the desktop of the computer with the issue.
Make sure only the following option is checked:
*Internet Services*

Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run (which should be on the desktop.)
Please copy and paste the log to your reply.


----------



## Dantana21 (Nov 1, 2009)

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Dan Gentner>Ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : dan
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Wireless Network Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Belkin 54g Wireless USB Network Ada
ter
Physical Address. . . . . . . . . : 00-11-50-BB-06-81
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 71.89.132.13
71.89.132.59
Lease Obtained. . . . . . . . . . : Wednesday, June 06, 2012 4:12:20 PM
Lease Expires . . . . . . . . . . : Thursday, June 07, 2012 4:12:20 PM

C:\Documents and Settings\Dan Gentner>

Farbar Service Scanner Version: 05-06-2012
Ran by Dan Gentner (administrator) on 06-06-2012 at 16:19:01
Running from "C:\Documents and Settings\Dan Gentner\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

**** End of log ****


----------



## Cookiegal (Aug 27, 2003)

Please download MiniToolBox, save it to your desktop and run it.

Put a checkmark to select the following options:

Flush DNS
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Devices
List Users, Partitions and Memory size.
Click *Go* and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


----------



## Dantana21 (Nov 1, 2009)

Hi cookiegal, here is what you asked for. Also, I will be headed out of town tomorrow morning for the weekend. I will check this site before I go and perform any instructions. If not, I will check back on Sunday.

I really appreciate all your hard work in resolving this problem!

MiniToolBox by Farbar Version: 04-06-2012
Ran by Dan Gentner (administrator) on 06-06-2012 at 21:45:41
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Belkin 54g Wireless USB Network Adapter = Wireless Network Connection 2 (Media disconnected)

# ---------------------------------- 
# Interface IP Configuration 
# ---------------------------------- 
pushd interface ip

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp 
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : dan

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Belkin 54g Wireless USB Network Adapter

Physical Address. . . . . . . . . : 00-11-50-BB-06-81

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x20003 ...00 11 50 bb 06 81 ...... Belkin 54g Wireless USB Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 20003 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/04/2012 10:38:01 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (06/04/2012 10:38:01 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (06/04/2012 10:37:48 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (05/30/2012 04:58:43 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (05/30/2012 04:58:43 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (05/30/2012 00:36:43 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (05/30/2012 00:36:43 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (05/30/2012 11:47:39 AM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (05/30/2012 11:47:39 AM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (05/29/2012 07:05:45 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

System errors:
=============
Error: (06/06/2012 10:56:47 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.127.1342.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/06/2012 10:56:47 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.127.1342.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/06/2012 10:39:45 AM) (Source: 0) (User: )
Description:

Error: (06/06/2012 10:39:45 AM) (Source: 0) (User: )
Description: Intel(R) PRO/100 VE Network Connection

Error: (06/06/2012 10:39:34 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
MPFIREWL

Error: (06/05/2012 11:37:30 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.127.1342.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/05/2012 11:26:39 PM) (Source: 0) (User: )
Description:

Error: (06/05/2012 11:26:39 PM) (Source: 0) (User: )
Description: Intel(R) PRO/100 VE Network Connection

Error: (06/05/2012 11:26:26 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
MPFIREWL

Error: (06/05/2012 11:04:36 AM) (Source: 0) (User: )
Description:

Microsoft Office Sessions:
=========================
Error: (06/04/2012 10:38:01 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (06/04/2012 10:38:01 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (06/04/2012 10:37:48 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (05/30/2012 04:58:43 PM) (Source: SecurityCenter)(User: )
Description:

Error: (05/30/2012 04:58:43 PM) (Source: WinMgmt)(User: )
Description:

Error: (05/30/2012 00:36:43 PM) (Source: SecurityCenter)(User: )
Description:

Error: (05/30/2012 00:36:43 PM) (Source: WinMgmt)(User: )
Description:

Error: (05/30/2012 11:47:39 AM) (Source: SecurityCenter)(User: )
Description:

Error: (05/30/2012 11:47:39 AM) (Source: WinMgmt)(User: )
Description:

Error: (05/29/2012 07:05:45 PM) (Source: SecurityCenter)(User: )
Description:

========================= Devices: ================================

Name: 128MB ATI RADEON X600 SE
Description: 128MB ATI RADEON X600 SE
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: ATI Technologies Inc.
Service: ati2mtag
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 128MB ATI RADEON X600 SE Secondary
Description: 128MB ATI RADEON X600 SE Secondary
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: ATI Technologies Inc.
Service: ati2mtag
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Intel(R) PRO/100 VE Network Connection
Description: Intel(R) PRO/100 VE Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: E100B
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

========================= Memory info: ===================================

Percentage of memory in use: 50%
Total physical RAM: 1022.07 MB
Available physical RAM: 501.75 MB
Total Pagefile: 2459.65 MB
Available Pagefile: 2078.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.53 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.5 GB) (Free:27.29 GB) NTFS
4 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive g: () (Removable) (Total:1.85 GB) (Free:0.07 GB) FAT

========================= Users: ========================================

User accounts for \\DAN

Administrator Dan Gentner Guest 
HelpAssistant SUPPORT_388945a0

**** End of log ****


----------



## Cookiegal (Aug 27, 2003)

What is the make and model of this PC? It looks like we'll have to download some drivers for the graphics and network cards.


----------



## Dantana21 (Nov 1, 2009)

I believe the computer is a Dell XPS 200, but I'm not 100% on that. Will check when I get home Sunday. May I ask why we need to download those things? Were they infected by the malware? Do they affect the internet?


----------



## Cookiegal (Aug 27, 2003)

Yes, one of them is the integrated network adapter but before we do that there are a couple of other things I'd like to check.

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:dir
c:\documents and settings\all users\application data
c:\windows\system32\n
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## Dantana21 (Nov 1, 2009)

SystemLook 30.07.11 by jpshortstuff
Log created at 16:44 on 10/06/2012 by Dan Gentner
Administrator - Elevation successful

========== dir ==========

c:\documents and settings\all users\application data - Parameters: "(none)"

---Files---
atscie.msi --a---- 8892928 bytes [20:01 08/04/2010] [20:01 08/04/2010]
desktop.ini --ahs-- 62 bytes [18:15 05/06/2008] [18:15 05/06/2008]

---Folders---
acccore d------ [04:01 08/01/2009]
Adobe d------ [19:11 16/06/2008]
AOL d------ [01:13 06/06/2008]
AOL Downloads d------ [04:00 08/01/2009]
AOL OCP d------ [01:13 06/06/2008]
Apple d------ [23:52 05/06/2008]
Apple Computer d------ [23:53 05/06/2008]
AVS4YOU d------ [18:04 07/11/2008]
Common Files d--h--- [12:16 15/03/2011]
dH06509CbKmG06509 d------ [17:30 01/06/2011]
DivX d------ [04:00 16/07/2010]
DVD Shrink d------ [03:08 07/11/2008]
gC06509HgMpC06509 d------ [17:26 09/05/2011]
InstallShield d------ [23:15 05/06/2008]
jO06509GeNhP06509 d------ [20:56 21/05/2011]
Lavasoft d------ [01:22 02/11/2009]
Malwarebytes d------ [20:46 07/12/2008]
Microsoft d---s-- [18:15 05/06/2008]
Mozilla d------ [23:15 09/05/2012]
Office Genuine Advantage d------ [18:51 10/10/2009]
ScanSoft d------ [22:15 14/05/2010]
Sonic d------ [23:14 05/06/2008]
Sun d------ [16:40 23/11/2011]
SUPERAntiSpyware.com d------ [02:00 14/05/2012]
Symantec d------ [21:21 08/07/2008]
Viewpoint d------ [01:13 06/06/2008]
Windows Genuine Advantage d------ [20:27 06/06/2008]
{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} d------ [20:41 21/03/2009]
{429CAD59-35B1-4DBC-BB6D-1DB246563521} d------ [04:20 16/05/2012]
{436FF568-C03A-41B5-B97A-23CADCB7E6C9} d------ [17:16 05/09/2008]
{755AC846-7372-4AC8-8550-C52491DAA8BD} d------ [00:50 18/09/2009]
{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} d------ [00:44 07/04/2009]

c:\windows\system32\n - Unable to find folder.

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Please use the tool again with the following query:

```
:dir
c:\documents and settings\all users\application data\Common Files
c:\documents and settings\all users\application data\dH06509CbKmG06509   
c:\documents and settings\all users\application data\gC06509HgMpC06509
```
And post the results please


----------



## Dantana21 (Nov 1, 2009)

SystemLook 30.07.11 by jpshortstuff
Log created at 19:17 on 10/06/2012 by Dan Gentner
Administrator - Elevation successful

========== dir ==========

c:\documents and settings\all users\application data\Common Files - Parameters: "(none)"

---Files---
E0897C6A-5B4D-A2BE-1B0D-F9E4C4A50A09 --ah--- 96 bytes [12:16 15/03/2011] [12:16 15/03/2011]

---Folders---
None found.

c:\documents and settings\all users\application data\dH06509CbKmG06509 - Parameters: "(none)"

---Files---
dH06509CbKmG06509 --a---- 192 bytes [17:30 01/06/2011] [17:39 01/06/2011]

---Folders---
None found.

c:\documents and settings\all users\application data\gC06509HgMpC06509 - Parameters: "(none)"

---Files---
gC06509HgMpC06509 --a---- 192 bytes [17:26 09/05/2011] [19:10 09/05/2011]

---Folders---
None found.

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Let's do another please with this command so we get the contents of any sub-folders:


```
:dir /s
c:\documents and settings\all users\application data\Common Files
c:\documents and settings\all users\application data\dH06509CbKmG06509   
c:\documents and settings\all users\application data\gC06509HgMpC06509
```


----------



## Dantana21 (Nov 1, 2009)

SystemLook 30.07.11 by jpshortstuff
Log created at 00:07 on 11/06/2012 by Dan Gentner
Administrator - Elevation successful

Invalid Context: dir /s

No Context: c:\documents and settings\all users\application data\Common Files

No Context: c:\documents and settings\all users\application data\dH06509CbKmG06509 

No Context: c:\documents and settings\all users\application data\gC06509HgMpC06509

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Please try again with the following code:


```
:dir
c:\documents and settings\all users\application data\Common Files /s
c:\documents and settings\all users\application data\dH06509CbKmG06509 /s   
c:\documents and settings\all users\application data\gC06509HgMpC06509 /s
```


----------



## Dantana21 (Nov 1, 2009)

SystemLook 30.07.11 by jpshortstuff
Log created at 10:43 on 11/06/2012 by Dan Gentner
Administrator - Elevation successful

========== dir ==========

c:\documents and settings\all users\application data\Common Files - Parameters: "/s"

---Files---
E0897C6A-5B4D-A2BE-1B0D-F9E4C4A50A09 --ah--- 96 bytes [12:16 15/03/2011] [12:16 15/03/2011]

No folders found.

c:\documents and settings\all users\application data\dH06509CbKmG06509 - Parameters: "/s "

---Files---
dH06509CbKmG06509 --a---- 192 bytes [17:30 01/06/2011] [17:39 01/06/2011]

No folders found.

c:\documents and settings\all users\application data\gC06509HgMpC06509 - Parameters: "/s"

---Files---
gC06509HgMpC06509 --a---- 192 bytes [17:26 09/05/2011] [19:10 09/05/2011]

No folders found.

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Right-click on these files and select "properties" and then let me know if there's a version tab and if so what is the name of the company shown there. You will have to unhide files/folders to see the "application data" folder.

c:\documents and settings\all users\application data\Common Files\*E0897C6A-5B4D-A2BE-1B0D-F9E4C4A50A09*
c:\documents and settings\all users\application data\*dH06509CbKmG06509*
c:\documents and settings\all users\application data\*gC06509HgMpC06509*


----------



## Dantana21 (Nov 1, 2009)

Cookiegal said:


> Right-click on these files and select "properties" and then let me know if there's a version tab and if so what is the name of the company shown there. You will have to unhide files/folders to see the "application data" folder.
> 
> c:\documents and settings\all users\application data\Common Files\*E0897C6A-5B4D-A2BE-1B0D-F9E4C4A50A09*
> c:\documents and settings\all users\application data\*dH06509CbKmG06509*
> c:\documents and settings\all users\application data\*gC06509HgMpC06509*


#1 - No version tab, just general and summary
#2 - No version tab
#3 - No version tab


----------



## Cookiegal (Aug 27, 2003)

Please go to *VirusTotal* and upload the following file for scanning.

Click *Browse*
Copy and paste the contents of the following code box into the text box next to *File name:* then click *Open* 

```
c:\documents and settings\all users\application data\Common Files\E0897C6A-5B4D-A2BE-1B0D-F9E4C4A50A09
```

Click *Send File*
If confronted with two options, choose *Reanalyse file now*
Wait for the scan to finish and then copy and paste the URL from your browser address bar in your next reply please.

Please do the same for these two files as well and post the URL to the results.

c:\documents and settings\all users\application data\dH06509CbKmG06509
c:\documents and settings\all users\application data\gC06509HgMpC06509


----------



## Dantana21 (Nov 1, 2009)

I hope I did this right.

https://www.virustotal.com/file/6d0...c4ca7f881a8742fa83160729/analysis/1339458972/

https://www.virustotal.com/file/f83...b9481b6bf4b5c1d304d0f574/analysis/1339459107/

https://www.virustotal.com/file/bad...2968defcdf4e6a0c2490cfe2/analysis/1339459189/


----------



## Cookiegal (Aug 27, 2003)

Yes, well done.

Please delete all three of those files. There is one detection and if they were legitimate there would be more information available and Virus Total has never seen these files before.

After deleting the files, reboot the machine and let me know how things are with the system now and if there are any problems remaining.


----------



## Dantana21 (Nov 1, 2009)

Hi cookiegal, I deleted the files and rebooted. The system seems to running good. Internet has been good all day, but I've seen that before only to have it go out again. Will have to wait a day or two and see how it is.


----------



## Cookiegal (Aug 27, 2003)

OK. Please do run it for a couple of days and then report back how things are.


----------



## Dantana21 (Nov 1, 2009)

Hi cookiegal, I havent had any problems with the computer or internet since my last post. Looks like things are back to normal. 

I am having knee surgery in the morning so Im not sure when I will be able to return to this site and perform any final tasks, although it shouldnt be more than a few days.

Thank you for all your help!


----------



## Cookiegal (Aug 27, 2003)

That's good to hear. 

Here are some final instructions for you.

Please open OTS again and click on the button that says "CleanUp" at the top. This will remove some of the tools we've used and will also uninstall the OTS program.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there (the screenshot is just for illustration purposes but the actual command uses the entire word "uninstall" and not just the "u" as shown in the picture).










Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.


----------



## Dantana21 (Nov 1, 2009)

Hi cookiegal, I still havent performed the last task yet. My mobility after knee surgery is still limited but I will hopefully get to it either tonight or tomorrow. Just wanted to let you know that I havent forgot about it.


----------



## Cookiegal (Aug 27, 2003)

That's fine. Thanks for letting me know.


----------



## Dantana21 (Nov 1, 2009)

Hi cookiegal, sorry its taken so long but I was finally able to do the required tasks. Everything went well. Anything else to be done?


----------



## Cookiegal (Aug 27, 2003)

That should be it unless you're still having problems.


----------



## Dantana21 (Nov 1, 2009)

No problems to speak of, though I havent been on it much since the surgery. Thanks for so so much for all your help! You've been wonderful!


----------



## Cookiegal (Aug 27, 2003)

It was my pleasure.


----------

