Jump to content


Photo

Malware Problems


  • This topic is locked This topic is locked
10 replies to this topic

#1 civicdude590

civicdude590

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 13 February 2012 - 02:28 AM

Hi all, My Dads comp was recently hit with a massive malware attack. I ended up removing 51 things with malwarebytes but there are still problems. The computer is running real slowly and, once in a while my google links will be redirected to some ads.

Here is my situation:
I scanned it with Avast and it detect some but requested to restart the computer and scan before windows starts.
It asked if I wanted to delete some infected files, so I quarantined them. About 5 minutes later I received the BSOD saying that I was missing the &hs file. I ended up searching for an answer and I got back to safe mode and I restored the files that were deleted.

Now I have managed to get back to where I started, but I am afraid of trying to remove the files with avast cause it will cause a BSOD again. If you could help me out it would be great

Here is a Mbam Log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.10.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Phil :: PHIL-HP [administrator]

2/10/2012 5:02:13 PM
mbam-log-2012-02-10 (17-02-13).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 537914
Time elapsed: 1 hour(s), 28 minute(s), 46 second(s)

Memory Processes Detected: 4
C:\Users\Phil\AppData\Roaming\086D6\8CE9C.exe (Trojan.Dropper.PE4) -> 1496 -> Delete on reboot.
C:\Users\Phil\AppData\Local\SanctionedMedia\Smad\Smad.exe (Trojan.Agent) -> 1092 -> Delete on reboot.
C:\Program Files (x86)\LP\9C20\26D.exe (Trojan.Dropper.PE4) -> 2120 -> Delete on reboot.
C:\Program Files (x86)\D65C3\lvvm.exe (Trojan.Dropper.PE4) -> 4812 -> Delete on reboot.

Memory Modules Detected: 1
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (Trojan.Proxy) -> Delete on reboot.

Registry Keys Detected: 17
HKCR\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (Trojan.Proxy) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smad (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{669751ED-D558-49AE-B01A-3B374CC7910E} (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{669751ED-D558-49AE-B01A-3B374CC7910E} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{669751ED-D558-49AE-B01A-3B374CC7910E} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{669751ED-D558-49AE-B01A-3B374CC7910E} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{A57E074F-56D8-4A33-8112-AAC9693AA909} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{1D159783-B9C8-28D0-D5D5-ADA53154915B} (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D159783-B9C8-28D0-D5D5-ADA53154915B} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D159783-B9C8-28D0-D5D5-ADA53154915B} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D159783-B9C8-28D0-D5D5-ADA53154915B} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{9F44453E-1E46-4D5C-B57C-112FF2EDAE82} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\TBH (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKLM\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 15
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (Trojan.Proxy) -> Data: sp -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Smad (Trojan.Agent) -> Data: "C:\Users\Phil\AppData\Local\SanctionedMedia\Smad\Smad.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|26D.exe (Trojan.Dropper.PE4) -> Data: C:\Program Files (x86)\LP\9C20\26D.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{669751ED-D558-49AE-B01A-3B374CC7910E} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{1D159783-B9C8-28D0-D5D5-ADA53154915B} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{A57E074F-56D8-4A33-8112-AAC9693AA909} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A57E074F-56D8-4A33-8112-AAC9693AA909} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{669751ED-D558-49AE-B01A-3B374CC7910E} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: explorer.exe,C:\Users\Phil\AppData\Roaming\086D6\8CE9C.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^^ -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 14
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (Trojan.Proxy) -> Delete on reboot.
C:\Users\Phil\AppData\Roaming\086D6\8CE9C.exe (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Users\Phil\AppData\Local\SanctionedMedia\Smad\Smad.exe (Trojan.Agent) -> Delete on reboot.
C:\Program Files (x86)\LP\9C20\26D.exe (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Program Files (x86)\D65C3\lvvm.exe (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Program Files\TENCENT\SSPlus\SSup.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\TENCENT\SSPlus\SAddr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LP\9C20\F385.tmp (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Program Files (x86)\QvodPlayer\QvodBand.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Users\Phil\AppData\Local\Temp\oarcwsnmex.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Users\Phil\AppData\Local\Temp\sxwenmacor.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (Trojan.Proxy) -> Delete on reboot.
C:\Users\Phil\Local Settings\Application Data\SanctionedMedia\Smad\Smad.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Phil\Downloads\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:26:11 PM, on 2/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Phil\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:60768
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Charter Toolbar - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\PROGRA~2\CHARTE~1\CHARTE~1.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Charter Toolbar - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\PROGRA~2\CHARTE~1\CHARTE~1.DLL
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.ms...CAB/install.cab
O18 - Protocol: KuGoo - (no CLSID) - (no file)
O18 - Protocol: KuGoo3 - (no CLSID) - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Tencent SOSO Update Service (SOSOUpSvc) - Tencent - C:\Program Files\TENCENT\SOSOUpdate.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13212 bytes


ComboFix Log Before Restoring the Virus/Malware from avast

ComboFix 12-02-10.03 - Phil 02/12/2012 17:40:04.4.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.7220 [GMT -8:00]
Running from: c:\users\Phil\Desktop\Spyware Fixers\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper.js
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper2.js
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc.dll
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc64.dll
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper.xpt
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper2.xpt
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\components2\iIDMMzCC.xpt
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2012-01-13 to 2012-02-13 )))))))))))))))))))))))))))))))
.
.
2012-02-13 02:13 . 2012-02-13 02:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-13 02:13 . 2012-02-13 02:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-07 06:40 . 2012-02-12 19:07 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-07 06:40 . 2012-02-11 03:11 -------- d-----w- c:\program files (x86)\D65C3
2012-02-07 06:40 . 2012-02-11 03:11 -------- d-----w- c:\users\Phil\AppData\Roaming\086D6
2012-02-07 06:39 . 2012-02-07 06:39 -------- d-----w- c:\users\Phil\AppData\Local\SanctionedMedia
2012-01-23 05:46 . 2012-01-23 05:46 -------- d-----w- c:\program files\iTunes
2012-01-23 05:46 . 2012-01-23 05:46 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-13 03:05 . 2010-12-24 20:10 284306 ----a-w- C:\DUMP2d08.tmp
2012-01-13 22:17 . 2011-01-07 23:39 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-01-13 22:17 . 2011-01-07 23:39 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2011-12-21 04:36 . 2011-10-06 03:18 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 23:24 . 2011-04-02 23:37 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 18:01 . 2012-01-07 21:28 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2012-01-07 21:28 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2012-01-07 21:29 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2012-01-07 21:29 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2012-01-07 21:29 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2012-01-07 21:29 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2012-01-07 21:29 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2012-01-07 21:29 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2012-01-07 21:29 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-24 04:52 . 2011-12-15 05:53 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-12-16 22:04 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08F4667D-A9B0-4610-911C-2D2DEE9949EC}\mpengine.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((( SnapShot_2011-11-13_01.22.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-07 23:39 . 2011-01-07 23:39 51024 c:\windows\SysWOW64\vcomp100.dll
+ 2011-10-26 05:21 . 2011-10-26 05:21 56832 c:\windows\SysWOW64\OVDecoder.dll
+ 2011-10-26 05:21 . 2011-10-26 05:21 56832 c:\windows\SysWOW64\OpenVideo.dll
+ 2011-12-15 11:01 . 2011-11-03 22:32 72704 c:\windows\SysWOW64\mshtmled.dll
- 2011-10-12 05:50 . 2011-09-01 02:23 72704 c:\windows\SysWOW64\mshtmled.dll
- 2011-10-12 05:50 . 2011-09-01 02:26 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-12-15 11:01 . 2011-11-03 22:37 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-01-07 23:39 . 2011-01-07 23:39 80720 c:\windows\SysWOW64\mfcm100u.dll
+ 2011-01-07 23:39 . 2011-01-07 23:39 80208 c:\windows\SysWOW64\mfcm100.dll
+ 2011-01-07 23:39 . 2011-01-07 23:39 60752 c:\windows\SysWOW64\mfc100rus.dll
+ 2011-01-07 23:39 . 2011-01-07 23:39 43344 c:\windows\SysWOW64\mfc100kor.dll
+ 2011-01-07 23:39 . 2011-01-07 23:39 43856 c:\windows\SysWOW64\mfc100jpn.dll
+ 2011-01-07 23:39 . 2011-01-07 23:39 62288 c:\windows\SysWOW64\mfc100ita.dll
+ 2011-01-07 23:39 . 2011-01-07 23:39 64336 c:\windows\SysWOW64\mfc100fra.dll
+ 2011-01-07 23:39 . 2011-01-07 23:39 63824 c:\windows\SysWOW64\mfc100esn.dll
+ 2011-01-07 23:39 . 2011-01-07 23:39 55120 c:\windows\SysWOW64\mfc100enu.dll
+ 2011-01-07 23:39 . 2011-01-07 23:39 64336 c:\windows\SysWOW64\mfc100deu.dll
+ 2011-01-07 23:39 . 2011-01-07 23:39 36176 c:\windows\SysWOW64\mfc100cht.dll
+ 2011-01-07 23:39 . 2011-01-07 23:39 36176 c:\windows\SysWOW64\mfc100chs.dll
- 2011-10-12 05:50 . 2011-09-01 02:26 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2011-12-15 11:01 . 2011-11-03 22:37 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-02-07 07:25 . 2012-02-12 19:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-02-07 23:04 . 2012-02-08 03:36 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012020720120208\index.dat
+ 2012-02-07 06:51 . 2012-02-07 07:58 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012020620120207\index.dat
+ 2012-02-07 06:51 . 2012-02-07 06:51 49120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2012-02-07 06:52 . 2012-02-12 20:31 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-10-26 01:21 . 2011-10-26 01:21 31744 c:\windows\SysWOW64\atiuxpag.dll
- 2011-07-28 20:53 . 2011-07-28 20:53 31744 c:\windows\SysWOW64\atiuxpag.dll
- 2011-07-28 20:53 . 2011-07-28 20:53 29184 c:\windows\SysWOW64\atiu9pag.dll
+ 2011-10-26 01:20 . 2011-10-26 01:20 29184 c:\windows\SysWOW64\atiu9pag.dll
+ 2011-10-26 01:15 . 2011-10-26 01:15 53760 c:\windows\SysWOW64\atimpc32.dll
+ 2011-10-26 01:22 . 2011-10-26 01:22 14336 c:\windows\SysWOW64\atiglpxx.dll
- 2011-07-28 20:54 . 2011-07-28 20:54 32768 c:\windows\SysWOW64\atigktxx.dll
+ 2011-10-26 01:22 . 2011-10-26 01:22 32768 c:\windows\SysWOW64\atigktxx.dll
+ 2011-10-26 01:38 . 2011-10-26 01:38 46080 c:\windows\SysWOW64\aticalrt.dll
- 2011-07-28 21:11 . 2011-07-28 21:11 46080 c:\windows\SysWOW64\aticalrt.dll
- 2011-07-28 21:11 . 2011-07-28 21:11 44032 c:\windows\SysWOW64\aticalcl.dll
+ 2011-10-26 01:38 . 2011-10-26 01:38 44032 c:\windows\SysWOW64\aticalcl.dll
- 2011-07-28 21:33 . 2011-07-28 21:33 43520 c:\windows\SysWOW64\ati2edxx.dll
+ 2011-10-26 01:58 . 2011-10-26 01:58 43520 c:\windows\SysWOW64\ati2edxx.dll
+ 2011-10-26 01:15 . 2011-10-26 01:15 53760 c:\windows\SysWOW64\amdpcom32.dll
+ 2010-12-24 19:17 . 2012-02-12 19:09 65978 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-12 19:09 32758 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-25 00:19 . 2012-02-12 19:09 18884 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2235680658-3194738003-1171714616-1001_UserData.bin
+ 2011-10-26 05:21 . 2011-10-26 05:21 66560 c:\windows\system32\OVDecoder64.dll
+ 2011-10-26 05:21 . 2011-10-26 05:21 66560 c:\windows\system32\OpenVideo64.dll
+ 2011-12-15 11:01 . 2011-11-04 01:35 96256 c:\windows\system32\mshtmled.dll
- 2011-10-12 05:50 . 2011-09-01 05:12 96256 c:\windows\system32\mshtmled.dll
+ 2011-12-15 11:01 . 2011-11-04 01:41 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2011-10-12 05:50 . 2011-09-01 05:15 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2011-01-28 02:21 . 2011-03-25 23:32 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2011-01-28 02:21 . 2012-02-13 02:15 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-10-12 05:50 . 2011-09-01 05:15 85504 c:\windows\system32\jsproxy.dll
+ 2011-12-15 11:01 . 2011-11-04 01:41 85504 c:\windows\system32\jsproxy.dll
+ 2009-07-14 05:30 . 2011-12-06 04:00 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-10-13 04:08 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-10-26 01:29 . 2011-10-26 01:29 58880 c:\windows\system32\DriverStore\FileRepository\c7128243.inf_amd64_neutral_e8689e621d43b823\B127441\coinst.dll
+ 2011-10-26 01:21 . 2011-10-26 01:21 31744 c:\windows\system32\DriverStore\FileRepository\c7128243.inf_amd64_neutral_e8689e621d43b823\B127441\atiuxpag.dll
+ 2011-10-26 01:21 . 2011-10-26 01:21 40960 c:\windows\system32\DriverStore\FileRepository\c7128243.inf_amd64_neutral_e8689e621d43b823\B127441\atiuxp64.dll
+ 2011-10-26 01:20 . 2011-10-26 01:20 29184 c:\windows\system32\DriverStore\FileRepository\c7128243.inf_amd64_neutral_e8689e621d43b823\B127441\atiu9pag.dll
+ 2011-10-26 01:21 . 2011-10-26 01:21 38912 c:\windows\system32\DriverStore\FileRepository\c7128243.inf_amd64_neutral_e8689e621d43b823\B127441\atiu9p64.dll
+ 2009-06-22 15:34 . 2009-06-22 15:34 51200 c:\windows\system32\DriverStore\FileRepository\c7128243.inf_amd64_neutral_e8689e621d43b823\B127441\ATIODCLI.exe
+ 2011-10-26 01:58 . 2011-10-26 01:58 21504 c:\windows\system32\DriverStore\FileRepository\c7128243.inf_amd64_neutral_e8689e621d43b823\B127441\atimuixx.dll
+ 2011-10-26 01:16 . 2011-10-26 01:16 54784 c:\windows\system32\DriverStore\FileRepository\c7128243.inf_amd64_neutral_e8689e621d43b823\B127441\atimpc64.dll
+ 2011-10-26 01:15 . 2011-10-26 01:15 53760 c:\windows\system32\DriverStore\FileRepository\c7128243.inf_amd64_neutral_e8689e621d43b823\B127441\atimpc32.dll
+ 2011-10-26 01:22 . 2011-10-26 01:22 14336 c:\windows\system32\DriverStore\FileRepository\c7128243.inf_amd64_neutral_e8689e621d43b823\B127441\atiglpxx.dll
+ 2011-10-26 01:22 . 2011-10-26 01:22 32768 c:\windows\system32\DriverStore\FileRepository\c7128243.inf_amd64_neutral_e8689e621d43b823\B127441\atigktxx.dll
+ 2011-10-26 01:22 . 2011-10-26 01:22 39936 c:\windows\system32\DriverStore\FileRepository\c7128243.inf_amd64_neutral_e8689e621d43b823\B127441\atig6txx.dll
+ 2011-10-26 01:22 . 2011-10-26 01:22 17408 c:\windows\system32\DriverStore\FileRepository\c7128243.inf_amd64_neutral_e8689e621d43b823\B127441\atig6pxx.dll
+ 2011-10-26 01:58 . 2011-10-26 01:58 59392 c:\windows\system32\DriverStore\FileRepository\c7128243.inf_amd64_neutral_e8689e621d43b823\B127441\atiedu64.dll
+ 2011-10-26 01:38 . 2011-10-26 01:38 51200 c:\windows\system32\DriverStore\FileRepository\c7128243.inf_amd64_neutral_e8689e621d43b823\B127441\aticalrt64.dll
+ 2011-10-26 01:38 . 2011-10-26 01:38 46080 c:\windows\system32\DriverStore\FileRepository\c7128243.inf_amd64_neutral_e8689e621d43b823\B127441\aticalrt.dll
+ 2011-10-26 01:38 . 2011-10-26 01:38 44544 c:\windows\system32\DriverStore\FileRepository\c7128243.inf_amd64_neutral_e8689e621d43b823\B127441\aticalcl64.dll
+ 2011-10-26 01:38 . 2011-10-26 01:38 44032 c:\windows\system32\DriverStore\FileRepository\c7128243.inf_amd64_neutral_e8689e621d43b823\B127441\aticalcl.dll
+ 2011-10-26 01:20 . 2011-10-26 01:20 53248 c:\windows\system32\DriverStore\FileRepository\c7128243.inf_amd64_neutral_e8689e621d43b823\B127441\ati2erec.dll
+ 2011-10-26 01:58 . 2011-10-26 01:58 43520 c:\windows\system32\DriverStore\FileRepository\c7128243.inf_amd64_neutral_e8689e621d43b823\B127441\ati2edxx.dll
+ 2011-10-26 01:20 . 2011-10-26 01:20 53248 c:\windows\system32\drivers\ati2erec.dll
- 2011-07-28 20:52 . 2011-07-28 20:52 53248 c:\windows\system32\drivers\ati2erec.dll
+ 2011-12-15 05:53 . 2011-10-26 05:21 43520 c:\windows\system32\csrsrv.dll
- 2009-07-13 23:19 . 2009-07-14 01:40 43520 c:\windows\system32\csrsrv.dll
+ 2010-12-03 05:28 . 2012-02-12 19:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-03 05:28 . 2011-11-12 20:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-03 05:28 . 2011-11-12 20:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-03 05:28 . 2012-02-12 19:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-12 19:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-12 20:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-03 06:20 . 2011-07-28 21:01 58880 c:\windows\system32\coinst.dll
+ 2010-12-03 06:20 . 2011-10-26 01:29 58880 c:\windows\system32\coinst.dll
+ 2010-12-03 06:20 . 2011-10-26 01:21 40960 c:\windows\system32\atiuxp64.dll
- 2010-12-03 06:20 . 2011-07-28 20:53 40960 c:\windows\system32\atiuxp64.dll
- 2010-12-03 06:20 . 2011-07-28 20:53 38912 c:\windows\system32\atiu9p64.dll
+ 2011-10-26 01:21 . 2011-10-26 01:21 38912 c:\windows\system32\atiu9p64.dll
- 2011-07-28 21:33 . 2011-07-28 21:33 21504 c:\windows\system32\atimuixx.dll
+ 2011-10-26 01:58 . 2011-10-26 01:58 21504 c:\windows\system32\atimuixx.dll
+ 2011-10-26 01:16 . 2011-10-26 01:16 54784 c:\windows\system32\atimpc64.dll
+ 2011-10-26 01:22 . 2011-10-26 01:22 14336 c:\windows\system32\atiglpxx.dll
- 2011-07-28 20:54 . 2011-07-28 20:54 39936 c:\windows\system32\atig6txx.dll
+ 2011-10-26 01:22 . 2011-10-26 01:22 39936 c:\windows\system32\atig6txx.dll
+ 2011-10-26 01:22 . 2011-10-26 01:22 17408 c:\windows\system32\atig6pxx.dll
+ 2011-10-26 01:58 . 2011-10-26 01:58 59392 c:\windows\system32\atiedu64.dll
- 2011-07-28 21:33 . 2011-07-28 21:33 59392 c:\windows\system32\atiedu64.dll
- 2011-07-28 21:11 . 2011-07-28 21:11 51200 c:\windows\system32\aticalrt64.dll
+ 2011-10-26 01:38 . 2011-10-26 01:38 51200 c:\windows\system32\aticalrt64.dll
- 2011-07-28 21:11 . 2011-07-28 21:11 44544 c:\windows\system32\aticalcl64.dll
+ 2011-10-26 01:38 . 2011-10-26 01:38 44544 c:\windows\system32\aticalcl64.dll
+ 2011-10-26 01:16 . 2011-10-26 01:16 54784 c:\windows\system32\amdpcom64.dll
+ 2009-07-14 04:46 . 2011-12-20 08:27 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2011-11-12 16:14 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-10-12 05:52 . 2011-10-12 05:52 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-10-12 05:52 . 2011-10-12 05:52 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-10-12 05:52 . 2011-10-12 05:52 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-10-12 05:52 . 2011-10-12 05:52 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-10-12 05:52 . 2011-10-12 05:52 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-10-12 05:52 . 2011-10-12 05:52 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-10-12 05:52 . 2011-10-12 05:52 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-10-12 05:52 . 2011-10-12 05:52 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-10-12 05:52 . 2011-10-12 05:52 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-10-12 05:52 . 2011-10-12 05:52 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-10-12 05:52 . 2011-10-12 05:52 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-12 05:52 . 2011-10-12 05:52 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-10-12 05:52 . 2011-10-12 05:52 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-10-12 05:52 . 2011-10-12 05:52 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-10-12 05:52 . 2011-10-12 05:52 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-10-12 05:52 . 2011-10-12 05:52 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-12 05:52 . 2011-10-12 05:52 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-12 05:52 . 2011-10-12 05:52 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-12 05:52 . 2011-10-12 05:52 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-12 05:52 . 2011-10-12 05:52 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-12 05:52 . 2011-10-12 05:52 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-12 05:52 . 2011-10-12 05:52 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-12 05:52 . 2011-10-12 05:52 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-01 06:44 . 2012-01-01 06:44 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-11-18 23:58 . 2011-11-18 23:58 88102 c:\windows\Installer\{FA54C4B1-98E3-AEFA-7254-C4038DC739AF}\ARPPRODUCTICON.exe
+ 2011-11-18 23:58 . 2011-11-18 23:58 88102 c:\windows\Installer\{E9D98510-A8B6-E39C-B8BA-BA9A511E040C}\ARPPRODUCTICON.exe
+ 2011-11-18 23:56 . 2011-11-18 23:56 88102 c:\windows\Installer\{E9A1960E-7756-2299-C700-DC7CA6EDD6E4}\ARPPRODUCTICON.exe
- 2011-02-13 23:40 . 2011-11-09 11:02 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-02-13 23:40 . 2012-01-11 08:05 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-02-13 23:40 . 2011-11-09 11:02 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
+ 2011-02-13 23:40 . 2012-01-11 08:05 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
+ 2011-02-13 23:40 . 2012-01-11 08:05 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-02-13 23:40 . 2011-11-09 11:02 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-11-18 23:58 . 2011-11-18 23:58 88102 c:\windows\Installer\{70C3CC75-9E14-D215-8FAD-5ABEAE3125D9}\ARPPRODUCTICON.exe
+ 2011-11-18 23:56 . 2011-11-18 23:56 88102 c:\windows\Installer\{52FB2985-F3AD-DAA7-7645-4E38A5B96E17}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
+ 2011-11-18 23:56 . 2011-11-18 23:56 88102 c:\windows\Installer\{52FB2985-F3AD-DAA7-7645-4E38A5B96E17}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
+ 2011-11-18 23:56 . 2011-11-18 23:56 88102 c:\windows\Installer\{52FB2985-F3AD-DAA7-7645-4E38A5B96E17}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
+ 2011-11-18 23:56 . 2011-11-18 23:56 88102 c:\windows\Installer\{52FB2985-F3AD-DAA7-7645-4E38A5B96E17}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
+ 2011-11-18 23:56 . 2011-11-18 23:56 88102 c:\windows\Installer\{52FB2985-F3AD-DAA7-7645-4E38A5B96E17}\ARPPRODUCTICON.exe
- 2011-09-02 23:09 . 2011-09-02 23:09 10134 c:\windows\Installer\{503F672D-6C84-448A-8F8F-4BC35AC83441}\ARPPRODUCTICON.exe
+ 2011-11-18 23:58 . 2011-11-18 23:58 10134 c:\windows\Installer\{503F672D-6C84-448A-8F8F-4BC35AC83441}\ARPPRODUCTICON.exe
+ 2011-11-18 23:58 . 2011-11-18 23:58 88102 c:\windows\Installer\{4BE9F0B8-FF3D-5CAA-9BF2-CB6F3DF75D3B}\ARPPRODUCTICON.exe
+ 2011-11-18 23:58 . 2011-11-18 23:58 88102 c:\windows\Installer\{1BF82343-8EE6-8B76-90CF-31059B9D1842}\ARPPRODUCTICON.exe
+ 2011-11-18 23:58 . 2011-11-18 23:58 10134 c:\windows\Installer\{19A492A0-888F-44A0-9B21-D91700763F62}\ARPPRODUCTICON.exe
- 2011-09-02 23:08 . 2011-09-02 23:08 10134 c:\windows\Installer\{19A492A0-888F-44A0-9B21-D91700763F62}\ARPPRODUCTICON.exe
+ 2011-11-02 07:26 . 2011-11-02 07:26 53608 c:\windows\Installer\$PatchCache$\Managed\2E666343950ACA84DA7632B07FE4D22B\2.1.6\pthreadVC2.dll
+ 2011-11-02 07:25 . 2011-11-02 07:25 17256 c:\windows\Installer\$PatchCache$\Managed\2E666343950ACA84DA7632B07FE4D22B\2.1.6\AppleVersions.dll
- 2011-08-23 23:30 . 2011-07-09 04:29 2048 c:\windows\SysWOW64\tzres.dll
+ 2011-12-15 05:53 . 2011-11-05 04:26 2048 c:\windows\SysWOW64\tzres.dll
+ 2011-09-12 22:06 . 2011-09-12 22:06 3917 c:\windows\SysWOW64\atipblag.dat
+ 2011-04-08 02:40 . 2012-02-10 05:10 2184 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-08-23 23:30 . 2011-07-09 05:26 2048 c:\windows\system32\tzres.dll
+ 2011-12-15 05:53 . 2011-11-05 05:32 2048 c:\windows\system32\tzres.dll
+ 2009-07-13 23:31 . 2009-07-14 01:39 6656 c:\windows\system32\oracleorahometnslistener.dll
+ 2011-09-12 22:06 . 2011-09-12 22:06 3917 c:\windows\system32\DriverStore\FileRepository\c7128243.inf_amd64_neutral_e8689e621d43b823\B127441\atipblag.dat
+ 2009-07-13 23:31 . 2009-07-14 01:39 6656 c:\windows\system32\bgs_sdservice.dll
+ 2011-09-12 22:06 . 2011-09-12 22:06 3917 c:\windows\system32\atipblag.dat
- 2011-11-13 01:22 . 2011-11-13 01:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-13 03:07 . 2012-02-13 03:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-13 03:07 . 2012-02-13 03:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-13 01:22 . 2011-11-13 01:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-12 05:50 . 2011-09-01 02:27 231936 c:\windows\SysWOW64\url.dll
+ 2011-12-15 11:01 . 2011-11-03 22:38 231936 c:\windows\SysWOW64\url.dll
+ 2011-10-26 01:59 . 2011-10-26 01:59 278528 c:\windows\SysWOW64\Oemdspif.dll
- 2011-07-28 21:33 . 2011-07-28 21:33 278528 c:\windows\SysWOW64\Oemdspif.dll
+ 2011-12-07 04:31 . 2011-12-07 04:31 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe
+ 2011-12-21 04:36 . 2011-12-21 04:36 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2011-12-21 04:36 . 20

#2 lance_yien

lance_yien

    Forum Deity

  • Malware Support Mod
  • PipPipPipPipPip
  • 2,442 posts

Posted 14 February 2012 - 05:22 AM

Hello civicdude590 and welcome to SWI.

I'm lance_yien and will be helping you.

 Very Important!

Posted Image >>> Please do immediately:
  • In the upper right hand corner of the topic you will see a button called "Watch this topic", by clicking on this => "Immediate E-Mail notification" => "Proceed" you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • Back up your personal documents by copying them to a location of your choice (other than your system drive).
  • Spybot's TeaTimer may interfere with our tools. Please disable it (if running on your computer): Run Spybot S&D => "Mode" => "Advanced..." => "Tools" => "Resident" and Uncheck "Resident TeaTimer" and OK any prompts.
    Close Spybot S&D.
Posted Image >>> During this cleanup,
Please DO NOT run, install and/or uninstall any tools/ programs other than those I suggest to you because some programs can interfere with others and/ or can cause some problems to your system.

Posted Image >>> When you receive new instructions,
  • Please Read the whole message.
  • All our tools must be downloaded to the Desktop and launched from there (unless otherwise specified).
  • Please perform all steps in the received order and DO NOT proceed if you need clarification.
  • Please DO NOT re-run any program I suggest. If you encounter problems please stop and tell me about it.
Posted Image >>> When replying,
  • Please use the "Add Reply" button Posted Image. I do not need to see my previous instructions. Thank you!
  • Please copy and paste your logs into your post unless specifically asked to attach one.
 

Please print out these instructions or copy them to a Notepad file for an easier reading.

>>> Update and use Malwarebytes' Anti-Malware (MBAM): Please make sure you are connected to the Internet and run MBAM.
Click the "Update" tab button => "Check for Updates". If an update is found, it will download and install the latest version.
- If you encounter any problems while downloading the updates, please manually download them from here and just double-click/right-click on mbam-rules.exe => "Run as administrator" to install.
On the "Scanner" tab, make sure the "Perform Quick Scan" option is selected (If asked to select the drives to scan, leave all the drives selected) and click on the Scan button.
When the scan is complete, click "OK" and Show Results to view the results. Then, be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. It is automatically saved and can be viewed by clicking the Logs tab in MBAM.
- If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click "OK" to either and let MBAM proceed with the disinfection process.
- If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Please copy and paste the contents of the log into your next reply.
For complete or visual instructions on installing and running MBAM, please see here.


>>> ComboFix scan: Please delete your copy of "ComboFix.exe" and download to your Desktop its last version from here or here.
Close all running programs and disabled all your protection programs: antivirus, firewall and antispyware (see here and/or here to know how to disable your programs).
Then, double-click/right-click on "ComboFix.exe" => "Run as administrator" and follow the on-screen prompts.
Please, DO NOT click ComboFix's window while it is running. This may cause it to hang.
A log file (ComboFix.txt) will be saved at the root of the System drive (typically C:\ComboFix.txt). Please copy and paste its contents in your next reply.


>>> Use RogueKiller: Please download to your Desktop, RogueKiller (by Tigzy) from here.
Close all running programs and double-click/ right-click on "RogueKiller.exe" => "Run as administratorr".
Type 1 and hit "Enter" and let it run uninterrupted.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe.
A log "RKreport[x].txt" will be saved at the same location as RogueKiller.exe, please copy and paste its contents in your next reply.


>>> In your next reply, please include the following:
  • Malwarebytes Anti-Malware log
  • ComboFix.txt
  • RKreport[x].tx

EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#3 civicdude590

civicdude590

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 17 February 2012 - 07:58 PM

Hi lance_yien,
Thank you for helping me out. I scanned the comp and here are the new logs.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.17.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Phil :: PHIL-HP [administrator]

2/17/2012 3:53:15 PM
mbam-log-2012-02-17 (15-53-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192414
Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Detected: 1
C:\Windows\temp\_ex-68.exe (Spyware.Sniffer) -> 1308 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{669751ED-D558-49AE-B01A-3B374CC7910E} (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{669751ED-D558-49AE-B01A-3B374CC7910E} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{A57E074F-56D8-4A33-8112-AAC9693AA909} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{1D159783-B9C8-28D0-D5D5-ADA53154915B} (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D159783-B9C8-28D0-D5D5-ADA53154915B} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\Typelib\{B1A7C2CF-BF40-4597-8142-7615D74D0CC3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\Interface\{3084BC3D-C0D6-4A28-A8A4-5857165886EE} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{29CF293A-1E7D-4069-9E11-E39698D0AF95} (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29CF293A-1E7D-4069-9E11-E39698D0AF95} (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\TBH (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MozillaAgent (Spyware.Sniffer) -> Data: C:\Windows\temp\_ex-68.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{669751ED-D558-49AE-B01A-3B374CC7910E} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{1D159783-B9C8-28D0-D5D5-ADA53154915B} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{A57E074F-56D8-4A33-8112-AAC9693AA909} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{29CF293A-1E7D-4069-9E11-E39698D0AF95} (Trojan.Agent) -> Data: SOSO工具栏 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A57E074F-56D8-4A33-8112-AAC9693AA909} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{669751ED-D558-49AE-B01A-3B374CC7910E} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Windows\temp\_ex-68.exe (Spyware.Sniffer) -> Delete on reboot.
C:\Program Files\TENCENT\SSPlus\SSup.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\TENCENT\SSPlus\SAddr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\TENCENT\QQToolbar\IEBar.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\temp\xkugrr\setup.exe (Spyware.Sniffer) -> Quarantined and deleted successfully.

(end)




ComboFix 12-02-17.02 - Phil 02/17/2012 16:08:16.5.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.6388 [GMT -8:00]
Running from: c:\users\Phil\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\TENCENT\SSPlus\SData.dat
c:\program files\TENCENT\SSPlus\stdtbh.dat
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper.js
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper2.js
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc.dll
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc64.dll
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper.xpt
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper2.xpt
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\components2\iIDMMzCC.xpt
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\Phil\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\system32\consrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-18 to 2012-02-18 )))))))))))))))))))))))))))))))
.
.
2012-02-18 00:41 . 2012-02-18 00:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-18 00:41 . 2012-02-18 00:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-15 21:45 . 2012-02-15 21:45 -------- d-----w- C:\b4a6a157158b55f655c8e21f3d
2012-02-15 04:45 . 2012-02-15 05:04 -------- d-----w- c:\program files (x86)\QvodPlayer
2012-02-14 02:44 . 2012-02-14 02:44 -------- d-----w- c:\program files (x86)\TENCENT
2012-02-13 03:28 . 2012-02-13 03:28 -------- d-----w- c:\program files\Google
2012-02-13 03:27 . 2012-02-13 03:28 -------- d-----w- c:\program files (x86)\Google
2012-02-13 03:27 . 2012-02-13 03:27 -------- d-----w- c:\program files\AVAST Software
2012-02-07 06:40 . 2012-02-15 21:22 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-07 06:40 . 2012-02-11 03:11 -------- d-----w- c:\program files (x86)\D65C3
2012-02-07 06:40 . 2012-02-11 03:11 -------- d-----w- c:\users\Phil\AppData\Roaming\086D6
2012-02-07 06:39 . 2012-02-07 06:39 -------- d-----w- c:\users\Phil\AppData\Local\SanctionedMedia
2012-01-23 05:46 . 2012-01-23 05:46 -------- d-----w- c:\program files\iTunes
2012-01-23 05:46 . 2012-01-23 05:46 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-13 03:05 . 2010-12-24 20:10 284306 ----a-w- C:\DUMP2d08.tmp
2012-01-13 22:17 . 2011-01-07 23:39 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-01-13 22:17 . 2011-01-07 23:39 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2011-12-21 04:36 . 2011-10-06 03:18 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 23:24 . 2011-04-02 23:37 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 18:01 . 2012-01-07 21:28 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2012-01-07 21:28 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2012-01-07 21:29 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2012-01-07 21:29 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2012-01-07 21:29 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2012-01-07 21:29 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2012-01-07 21:29 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2012-01-07 21:29 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2012-01-07 21:29 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-24 04:52 . 2011-12-15 05:53 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-12-16 22:04 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08F4667D-A9B0-4610-911C-2D2DEE9949EC}\mpengine.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((( SnapShot_2012-02-13_03.07.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-02-07 07:25 . 2012-02-12 19:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-02-07 07:25 . 2012-02-15 04:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-02-07 06:52 . 2012-02-12 20:31 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-02-07 06:52 . 2012-02-15 21:38 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-12-24 19:17 . 2012-02-18 00:05 67566 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-18 00:05 32774 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-25 00:19 . 2012-02-18 00:05 19278 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2235680658-3194738003-1171714616-1001_UserData.bin
+ 2010-12-03 05:28 . 2012-02-15 21:22 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-03 05:28 . 2012-02-12 19:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-03 05:28 . 2012-02-12 19:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-03 05:28 . 2012-02-15 21:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-15 21:22 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-12 19:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-02-17 23:45 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-01-01 06:44 . 2012-01-01 06:44 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-17 03:33 . 2012-02-17 03:33 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-17 03:33 . 2012-02-17 03:33 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-13 07:02 . 2012-02-13 07:02 25600 c:\windows\Installer\53e9a.msi
- 2011-02-13 23:40 . 2012-01-11 08:05 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-02-13 23:40 . 2012-02-17 06:17 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-02-13 23:40 . 2012-01-11 08:05 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
+ 2011-02-13 23:40 . 2012-02-17 06:17 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
- 2011-02-13 23:40 . 2012-01-11 08:05 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-02-13 23:40 . 2012-02-17 06:17 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-12-03 05:50 . 2011-10-12 05:55 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-12-03 05:50 . 2012-02-16 07:55 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2012-02-13 03:07 . 2012-02-13 03:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-18 00:42 . 2012-02-18 00:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-18 00:42 . 2012-02-18 00:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-13 03:07 . 2012-02-13 03:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-16 03:41 . 2012-02-12 20:31 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-12-16 03:41 . 2012-02-15 21:38 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-02-18 00:42 638976 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2012-02-18 00:10 627066 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-18 00:10 107382 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-02-18 00:41 392732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-12 20:37 392732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-01-01 06:44 . 2012-01-01 06:44 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-02-17 03:33 . 2012-02-17 03:33 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-17 03:33 . 2012-02-17 03:33 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-02-13 23:40 . 2012-02-17 06:17 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
- 2011-02-13 23:40 . 2012-01-11 08:05 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
- 2011-02-13 23:40 . 2012-01-11 08:05 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-02-13 23:40 . 2012-02-17 06:17 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-02-13 23:40 . 2012-02-17 06:17 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
- 2011-02-13 23:40 . 2012-01-11 08:05 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
- 2011-02-13 23:40 . 2012-01-11 08:05 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-02-13 23:40 . 2012-02-17 06:17 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
- 2009-07-14 04:54 . 2012-02-12 20:31 6619136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-18 00:42 6619136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-06 00:55 . 2012-02-18 00:41 2622168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2235680658-3194738003-1171714616-1001-12288.dat
+ 2012-02-07 10:09 . 2012-02-15 21:47 6394348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2011-10-26 22:46 . 2011-10-26 22:46 3511880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2011-10-26 22:46 . 2011-10-26 22:46 3511880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-17 03:33 . 2012-02-17 03:33 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-17 03:33 . 2012-02-17 03:33 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-17 03:34 . 2012-02-17 03:34 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-01-01 06:44 . 2012-01-01 06:44 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-11-19 02:52 . 2011-11-19 02:52 9183232 c:\windows\Installer\9d33c1.msp
+ 2012-01-05 14:21 . 2012-01-05 14:21 4964864 c:\windows\Installer\9

#4 lance_yien

lance_yien

    Forum Deity

  • Malware Support Mod
  • PipPipPipPipPip
  • 2,442 posts

Posted 18 February 2012 - 06:24 AM

Please print out these instructions or copy them to a Notepad file for an easier reading.

>>> Use RogueKiller: Close all running programs and right-click on "RogueKiller.exe" => "Run as administratorr".
  • Click the "HostFix" button and let it run uninterrupted!
  • When that's done, click the "ProxyFix" button and let it run uninterrupted!

>>> TDSSKiller: Please download to your Desktop TDSSKiller.exe from here.
Right-click on TDSSKiller.exe => "Run as administrator", click on the "Start Scan" button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be "Cure" and if a suspicious file is detected, the default action will be "Skip".
Please DO NOT make any changes and click on the "Continue" button.
If you are asked to reboot the computer to complete the process, click on the "Reboot Now" button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt).
If no reboot is required, click on "Report". A log file will appear.
Please copy and paste the contents of that file in your next reply.


>>> aswMBR scan: Please download aswMBR and save it to your Desktop.
  • Close all running programs and disabled all your protection programs: antivirus, firewall and antispyware (see here and/or here to know how to disable your programs).
  • Then, please double-click/right-click on "aswMBR.exe" => "Run as administrator" and allow the program to download latest virus definitions (if prompted).
  • Click the [Scan] button and let it run uninterrupted (you will get a message: "scan finished successfully").
  • Click the [Save log] button and save it to your Desktop as "aswmbr.txt". Please copy and paste its contents in your next reply (DO NOT fix anything!).
  • You will also notice another file created on the desktop named "MBR.dat". Please go here and click on the "Browse" button.
    Navigate to and double-click on "MBR.dat". Click the "Upload" button.
    Please copy the content of the "Download link" field and paste it in your next reply. Posted Image.

>>> In your next reply, please include the following:
  • RKreport[x].tx
  • TDSSKiller_log.txt
  • aswmbr.txt and the link to MBR.dat

EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#5 civicdude590

civicdude590

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 18 February 2012 - 02:59 PM

When I ran the aswMBR it gave me the BSOD that I had problems with. I know it has something to do with a consrv.dll file. So I was not able to get it finished because it crashed before I could save a log.


Here is the Rkill report.
RogueKiller V7.1.0 [02/15/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Phil [Admin rights]
Mode: HOSTSFix -- Date: 02/18/2012 10:49:10

Bad processes: 0

Driver: [NOT LOADED]

HOSTS File:
127.0.0.1 localhost
::1 localhost
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.
67.215.245.19 www.google-analytics.com.
67.215.245.19 ad-emea.doubleclick.net.
67.215.245.19 www.statcounter.com.


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[4].txt >>
RKreport[3].txt ; RKreport[4].txt


RogueKiller V7.1.0 [02/15/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Phil [Admin rights]
Mode: ProxyFix -- Date: 02/18/2012 10:49:20

Bad processes: 0

Driver: [NOT LOADED]

Registry Entries: 1
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:60768) -> DELETED

Finished : << RKreport[5].txt >>
RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt



10:51:01.0886 4328 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
10:51:02.0338 4328 ============================================================
10:51:02.0338 4328 Current date / time: 2012/02/18 10:51:02.0338
10:51:02.0338 4328 SystemInfo:
10:51:02.0338 4328
10:51:02.0338 4328 OS Version: 6.1.7601 ServicePack: 1.0
10:51:02.0338 4328 Product type: Workstation
10:51:02.0338 4328 ComputerName: PHIL-HP
10:51:02.0338 4328 UserName: Phil
10:51:02.0338 4328 Windows directory: C:\Windows
10:51:02.0338 4328 System windows directory: C:\Windows
10:51:02.0338 4328 Running under WOW64
10:51:02.0338 4328 Processor architecture: Intel x64
10:51:02.0338 4328 Number of processors: 8
10:51:02.0338 4328 Page size: 0x1000
10:51:02.0338 4328 Boot type: Normal boot
10:51:02.0338 4328 ============================================================
10:51:02.0884 4328 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:51:02.0900 4328 \Device\Harddisk0\DR0:
10:51:02.0900 4328 MBR used
10:51:02.0900 4328 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:51:02.0900 4328 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAD166000
10:51:02.0900 4328 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAD198800, BlocksNum 0x18EE800
10:51:03.0025 4328 Initialize success
10:51:03.0025 4328 ============================================================
10:51:04.0148 4960 ============================================================
10:51:04.0148 4960 Scan started
10:51:04.0148 4960 Mode: Manual;
10:51:04.0148 4960 ============================================================
10:51:06.0987 4960 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:51:06.0987 4960 1394ohci - ok
10:51:07.0128 4960 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:51:07.0143 4960 ACPI - ok
10:51:07.0330 4960 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:51:07.0346 4960 AcpiPmi - ok
10:51:07.0533 4960 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:51:07.0580 4960 adp94xx - ok
10:51:07.0689 4960 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:51:07.0705 4960 adpahci - ok
10:51:07.0752 4960 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:51:07.0767 4960 adpu320 - ok
10:51:07.0970 4960 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
10:51:08.0001 4960 AFD - ok
10:51:08.0157 4960 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:51:08.0157 4960 agp440 - ok
10:51:08.0266 4960 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:51:08.0266 4960 aliide - ok
10:51:08.0516 4960 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:51:08.0516 4960 amdide - ok
10:51:08.0656 4960 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:51:08.0672 4960 AmdK8 - ok
10:51:09.0920 4960 amdkmdag (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys
10:51:10.0092 4960 amdkmdag - ok
10:51:10.0170 4960 amdkmdap (dc24d6f38f17c0d643d9aa8a6852f8d0) C:\Windows\system32\DRIVERS\atikmpag.sys
10:51:10.0170 4960 amdkmdap - ok
10:51:10.0263 4960 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:51:10.0263 4960 AmdPPM - ok
10:51:10.0326 4960 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:51:10.0326 4960 amdsata - ok
10:51:10.0357 4960 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:51:10.0357 4960 amdsbs - ok
10:51:10.0372 4960 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:51:10.0372 4960 amdxata - ok
10:51:10.0466 4960 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:51:10.0466 4960 AppID - ok
10:51:10.0544 4960 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:51:10.0544 4960 arc - ok
10:51:10.0606 4960 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:51:10.0606 4960 arcsas - ok
10:51:10.0638 4960 ASPI32 - ok
10:51:10.0684 4960 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
10:51:10.0684 4960 aswFsBlk - ok
10:51:10.0794 4960 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
10:51:10.0794 4960 aswMonFlt - ok
10:51:10.0856 4960 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
10:51:10.0856 4960 aswRdr - ok
10:51:10.0996 4960 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
10:51:10.0996 4960 aswSnx - ok
10:51:11.0028 4960 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
10:51:11.0028 4960 aswSP - ok
10:51:11.0043 4960 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
10:51:11.0043 4960 aswTdi - ok
10:51:11.0074 4960 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:51:11.0074 4960 AsyncMac - ok
10:51:11.0168 4960 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:51:11.0168 4960 atapi - ok
10:51:11.0230 4960 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
10:51:11.0230 4960 AtiHdmiService - ok
10:51:11.0277 4960 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:51:11.0277 4960 b06bdrv - ok
10:51:11.0340 4960 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:51:11.0340 4960 b57nd60a - ok
10:51:11.0371 4960 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:51:11.0371 4960 Beep - ok
10:51:11.0464 4960 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:51:11.0464 4960 blbdrive - ok
10:51:11.0542 4960 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:51:11.0558 4960 bowser - ok
10:51:11.0605 4960 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:51:11.0605 4960 BrFiltLo - ok
10:51:11.0667 4960 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:51:11.0667 4960 BrFiltUp - ok
10:51:11.0730 4960 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:51:11.0730 4960 BridgeMP - ok
10:51:11.0792 4960 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:51:11.0792 4960 Brserid - ok
10:51:11.0823 4960 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:51:11.0823 4960 BrSerWdm - ok
10:51:11.0839 4960 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:51:11.0839 4960 BrUsbMdm - ok
10:51:11.0854 4960 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:51:11.0870 4960 BrUsbSer - ok
10:51:11.0901 4960 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:51:11.0901 4960 BTHMODEM - ok
10:51:11.0948 4960 catchme - ok
10:51:11.0995 4960 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:51:11.0995 4960 cdfs - ok
10:51:12.0073 4960 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:51:12.0073 4960 cdrom - ok
10:51:12.0151 4960 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:51:12.0151 4960 circlass - ok
10:51:12.0198 4960 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:51:12.0213 4960 CLFS - ok
10:51:12.0276 4960 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:51:12.0276 4960 CmBatt - ok
10:51:12.0354 4960 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:51:12.0354 4960 cmdide - ok
10:51:12.0432 4960 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
10:51:12.0432 4960 CNG - ok
10:51:12.0447 4960 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:51:12.0447 4960 Compbatt - ok
10:51:12.0478 4960 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:51:12.0478 4960 CompositeBus - ok
10:51:12.0588 4960 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
10:51:12.0588 4960 cpudrv64 - ok
10:51:12.0790 4960 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Users\Phil\Downloads\Compressed\pc-wizard_2010.1.961\pcwiz_x64.sys
10:51:12.0790 4960 cpuz134 - ok
10:51:12.0822 4960 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:51:12.0822 4960 crcdisk - ok
10:51:12.0915 4960 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:51:12.0931 4960 DfsC - ok
10:51:12.0931 4960 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:51:12.0946 4960 discache - ok
10:51:13.0009 4960 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:51:13.0009 4960 Disk - ok
10:51:13.0071 4960 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:51:13.0071 4960 drmkaud - ok
10:51:13.0149 4960 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:51:13.0149 4960 DXGKrnl - ok
10:51:13.0180 4960 EagleX64 - ok
10:51:13.0243 4960 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:51:13.0290 4960 ebdrv - ok
10:51:13.0321 4960 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:51:13.0321 4960 elxstor - ok
10:51:13.0383 4960 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:51:13.0383 4960 ErrDev - ok
10:51:13.0446 4960 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:51:13.0446 4960 exfat - ok
10:51:13.0477 4960 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:51:13.0477 4960 fastfat - ok
10:51:13.0508 4960 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:51:13.0508 4960 fdc - ok
10:51:13.0539 4960 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:51:13.0539 4960 FileInfo - ok
10:51:13.0555 4960 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:51:13.0555 4960 Filetrace - ok
10:51:13.0570 4960 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:51:13.0570 4960 flpydisk - ok
10:51:13.0586 4960 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:51:13.0602 4960 FltMgr - ok
10:51:13.0664 4960 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:51:13.0664 4960 FsDepends - ok
10:51:13.0742 4960 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
10:51:13.0742 4960 fssfltr - ok
10:51:13.0789 4960 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:51:13.0789 4960 Fs_Rec - ok
10:51:13.0820 4960 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:51:13.0820 4960 fvevol - ok
10:51:13.0836 4960 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:51:13.0836 4960 gagp30kx - ok
10:51:13.0867 4960 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:51:13.0867 4960 GEARAspiWDM - ok
10:51:13.0929 4960 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:51:13.0929 4960 hcw85cir - ok
10:51:13.0976 4960 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:51:13.0976 4960 HdAudAddService - ok
10:51:14.0038 4960 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:51:14.0054 4960 HDAudBus - ok
10:51:14.0148 4960 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
10:51:14.0148 4960 HECIx64 - ok
10:51:14.0163 4960 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:51:14.0163 4960 HidBatt - ok
10:51:14.0179 4960 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:51:14.0194 4960 HidBth - ok
10:51:14.0210 4960 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:51:14.0210 4960 HidIr - ok
10:51:14.0257 4960 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:51:14.0257 4960 HidUsb - ok
10:51:14.0335 4960 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:51:14.0335 4960 HpSAMD - ok
10:51:14.0397 4960 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:51:14.0397 4960 HTTP - ok
10:51:14.0460 4960 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:51:14.0460 4960 hwpolicy - ok
10:51:14.0475 4960 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:51:14.0491 4960 i8042prt - ok
10:51:14.0522 4960 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
10:51:14.0522 4960 iaStor - ok
10:51:14.0600 4960 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:51:14.0600 4960 iaStorV - ok
10:51:14.0662 4960 IDMWFP (ecb18e43ab0302406d4a9a643209d4f0) C:\Windows\system32\DRIVERS\idmwfp.sys
10:51:14.0662 4960 IDMWFP - ok
10:51:14.0694 4960 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:51:14.0694 4960 iirsp - ok
10:51:14.0772 4960 IntcAzAudAddService (88798b4381fd58fae2da07880c177c5c) C:\Windows\system32\drivers\RTKVHD64.sys
10:51:14.0772 4960 IntcAzAudAddService - ok
10:51:14.0803 4960 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:51:14.0803 4960 intelide - ok
10:51:14.0818 4960 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:51:14.0818 4960 intelppm - ok
10:51:14.0881 4960 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:51:14.0881 4960 IpFilterDriver - ok
10:51:14.0974 4960 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:51:14.0974 4960 IPMIDRV - ok
10:51:15.0006 4960 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:51:15.0006 4960 IPNAT - ok
10:51:15.0068 4960 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:51:15.0068 4960 IRENUM - ok
10:51:15.0084 4960 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:51:15.0084 4960 isapnp - ok
10:51:15.0115 4960 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:51:15.0115 4960 iScsiPrt - ok
10:51:15.0146 4960 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:51:15.0146 4960 kbdclass - ok
10:51:15.0193 4960 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:51:15.0208 4960 kbdhid - ok
10:51:15.0255 4960 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
10:51:15.0255 4960 KSecDD - ok
10:51:15.0318 4960 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
10:51:15.0333 4960 KSecPkg - ok
10:51:15.0349 4960 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:51:15.0349 4960 ksthunk - ok
10:51:15.0364 4960 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:51:15.0380 4960 lltdio - ok
10:51:15.0442 4960 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:51:15.0442 4960 LSI_FC - ok
10:51:15.0458 4960 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:51:15.0458 4960 LSI_SAS - ok
10:51:15.0474 4960 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:51:15.0474 4960 LSI_SAS2 - ok
10:51:15.0489 4960 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:51:15.0505 4960 LSI_SCSI - ok
10:51:15.0520 4960 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:51:15.0520 4960 luafv - ok
10:51:15.0536 4960 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:51:15.0536 4960 megasas - ok
10:51:15.0567 4960 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:51:15.0567 4960 MegaSR - ok
10:51:15.0583 4960 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:51:15.0583 4960 Modem - ok
10:51:15.0614 4960 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:51:15.0614 4960 monitor - ok
10:51:15.0708 4960 MotioninJoyXFilter (16f9f464da6e02a020bce626c56a1797) C:\Windows\system32\DRIVERS\MijXfilt.sys
10:51:15.0708 4960 MotioninJoyXFilter - ok
10:51:15.0754 4960 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:51:15.0754 4960 mouclass - ok
10:51:15.0770 4960 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:51:15.0770 4960 mouhid - ok
10:51:15.0832 4960 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:51:15.0832 4960 mountmgr - ok
10:51:15.0848 4960 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:51:15.0848 4960 mpio - ok
10:51:15.0879 4960 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:51:15.0879 4960 mpsdrv - ok
10:51:15.0973 4960 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:51:15.0973 4960 MRxDAV - ok
10:51:16.0051 4960 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:51:16.0051 4960 mrxsmb - ok
10:51:16.0129 4960 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:51:16.0129 4960 mrxsmb10 - ok
10:51:16.0176 4960 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:51:16.0176 4960 mrxsmb20 - ok
10:51:16.0285 4960 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:51:16.0285 4960 msahci - ok
10:51:16.0316 4960 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:51:16.0332 4960 msdsm - ok
10:51:16.0410 4960 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:51:16.0425 4960 Msfs - ok
10:51:16.0441 4960 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:51:16.0441 4960 mshidkmdf - ok
10:51:16.0456 4960 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:51:16.0456 4960 msisadrv - ok
10:51:16.0612 4960 MSI_MSIBIOS_010507 (192476c10371dc83243d67432b2cdcbf) C:\PROGRA~1\MSI\MSIWDev\msibios64_100507.sys
10:51:16.0612 4960 MSI_MSIBIOS_010507 - ok
10:51:16.0675 4960 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:51:16.0675 4960 MSKSSRV - ok
10:51:16.0706 4960 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:51:16.0706 4960 MSPCLOCK - ok
10:51:16.0722 4960 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:51:16.0737 4960 MSPQM - ok
10:51:16.0831 4960 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:51:16.0831 4960 MsRPC - ok
10:51:16.0846 4960 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:51:16.0846 4960 mssmbios - ok
10:51:16.0862 4960 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:51:16.0862 4960 MSTEE - ok
10:51:16.0878 4960 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:51:16.0878 4960 MTConfig - ok
10:51:16.0893 4960 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:51:16.0893 4960 Mup - ok
10:51:16.0987 4960 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:51:17.0002 4960 NativeWifiP - ok
10:51:17.0127 4960 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:51:17.0143 4960 NDIS - ok
10:51:17.0205 4960 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:51:17.0205 4960 NdisCap - ok
10:51:17.0283 4960 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:51:17.0283 4960 NdisTapi - ok
10:51:17.0377 4960 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:51:17.0377 4960 Ndisuio - ok
10:51:17.0439 4960 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:51:17.0455 4960 NdisWan - ok
10:51:17.0564 4960 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:51:17.0564 4960 NDProxy - ok
10:51:17.0580 4960 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:51:17.0580 4960 NetBIOS - ok
10:51:17.0642 4960 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:51:17.0642 4960 NetBT - ok
10:51:17.0673 4960 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:51:17.0673 4960 nfrd960 - ok
10:51:17.0751 4960 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:51:17.0751 4960 Npfs - ok
10:51:17.0782 4960 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:51:17.0798 4960 nsiproxy - ok
10:51:17.0892 4960 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:51:17.0923 4960 Ntfs - ok
10:51:18.0110 4960 NTIOLib_1_0_8 (490b1f404c4f31f4538b36736c990136) C:\PROGRA~1\MSI\MSIWDev\NTIOLib_X64.sys
10:51:18.0110 4960 NTIOLib_1_0_8 - ok
10:51:18.0157 4960 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:51:18.0157 4960 Null - ok
10:51:18.0438 4960 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:51:18.0438 4960 nvraid - ok
10:51:18.0703 4960 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:51:18.0718 4960 nvstor - ok
10:51:18.0812 4960 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:51:18.0828 4960 nv_agp - ok
10:51:18.0984 4960 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:51:19.0030 4960 ohci1394 - ok
10:51:19.0108 4960 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:51:19.0108 4960 Parport - ok
10:51:19.0171 4960 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:51:19.0171 4960 partmgr - ok
10:51:19.0202 4960 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:51:19.0202 4960 pci - ok
10:51:19.0280 4960 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:51:19.0280 4960 pciide - ok
10:51:19.0327 4960 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:51:19.0342 4960 pcmcia - ok
10:51:19.0358 4960 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:51:19.0358 4960 pcw - ok
10:51:19.0389 4960 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:51:19.0389 4960 PEAUTH - ok
10:51:19.0498 4960 pnarp (fb83b6c62dff5abe36304351d2bed581) C:\Windows\system32\DRIVERS\pnarp.sys
10:51:19.0498 4960 pnarp - ok
10:51:19.0608 4960 Point64 (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
10:51:19.0623 4960 Point64 - ok
10:51:19.0732 4960 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:51:19.0732 4960 PptpMiniport - ok
10:51:19.0795 4960 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:51:19.0795 4960 Processor - ok
10:51:19.0920 4960 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:51:19.0920 4960 Psched - ok
10:51:20.0060 4960 purendis (1b3434642ce3c26e6f24d3a76d749c2a) C:\Windows\system32\DRIVERS\purendis.sys
10:51:20.0060 4960 purendis - ok
10:51:20.0138 4960 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:51:20.0169 4960 ql2300 - ok
10:51:20.0232 4960 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:51:20.0232 4960 ql40xx - ok
10:51:20.0278 4960 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:51:20.0294 4960 QWAVEdrv - ok
10:51:20.0325 4960 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:51:20.0341 4960 RasAcd - ok
10:51:20.0434 4960 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:51:20.0450 4960 RasAgileVpn - ok
10:51:20.0512 4960 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:51:20.0528 4960 Rasl2tp - ok
10:51:20.0575 4960 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:51:20.0575 4960 RasPppoe - ok
10:51:20.0606 4960 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:51:20.0606 4960 RasSstp - ok
10:51:20.0622 4960 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:51:20.0637 4960 rdbss - ok
10:51:20.0653 4960 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:51:20.0653 4960 rdpbus - ok
10:51:20.0668 4960 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:51:20.0668 4960 RDPCDD - ok
10:51:20.0684 4960 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:51:20.0684 4960 RDPENCDD - ok
10:51:20.0700 4960 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:51:20.0700 4960 RDPREFMP - ok
10:51:20.0778 4960 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:51:20.0793 4960 RDPWD - ok
10:51:20.0887 4960 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:51:20.0887 4960 rdyboost - ok
10:51:20.0949 4960 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:51:20.0949 4960 rspndr - ok
10:51:21.0027 4960 RTL8167 (47032c855ddcb5ad7236286689ede288) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:51:21.0027 4960 RTL8167 - ok
10:51:21.0105 4960 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:51:21.0105 4960 sbp2port - ok
10:51:21.0199 4960 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:51:21.0199 4960 scfilter - ok
10:51:21.0246 4960 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:51:21.0246 4960 secdrv - ok
10:51:21.0261 4960 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:51:21.0261 4960 Serenum - ok
10:51:21.0277 4960 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:51:21.0277 4960 Serial - ok
10:51:21.0339 4960 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:51:21.0339 4960 sermouse - ok
10:51:21.0402 4960 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:51:21.0402 4960 sffdisk - ok
10:51:21.0417 4960 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:51:21.0417 4960 sffp_mmc - ok
10:51:21.0433 4960 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:51:21.0433 4960 sffp_sd - ok
10:51:21.0480 4960 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:51:21.0480 4960 sfloppy - ok
10:51:21.0542 4960 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:51:21.0542 4960 SiSRaid2 - ok
10:51:21.0573 4960 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:51:21.0573 4960 SiSRaid4 - ok
10:51:21.0620 4960 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:51:21.0620 4960 Smb - ok
10:51:21.0698 4960 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:51:21.0698 4960 spldr - ok
10:51:21.0760 4960 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:51:21.0760 4960 srv - ok
10:51:21.0823 4960 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:51:21.0823 4960 srv2 - ok
10:51:21.0854 4960 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:51:21.0854 4960 srvnet - ok
10:51:21.0932 4960 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:51:21.0932 4960 stexstor - ok
10:51:21.0994 4960 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:51:21.0994 4960 swenum - ok
10:51:22.0119 4960 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:51:22.0166 4960 Tcpip - ok
10:51:22.0306 4960 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:51:22.0306 4960 TCPIP6 - ok
10:51:22.0462 4960 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:51:22.0478 4960 tcpipreg - ok
10:51:22.0494 4960 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:51:22.0525 4960 TDPIPE - ok
10:51:22.0540 4960 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:51:22.0540 4960 TDTCP - ok
10:51:22.0634 4960 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:51:22.0634 4960 tdx - ok
10:51:22.0650 4960 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:51:22.0650 4960 TermDD - ok
10:51:22.0712 4960 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:51:22.0728 4960 tssecsrv - ok
10:51:22.0852 4960 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:51:22.0852 4960 TsUsbFlt - ok
10:51:22.0993 4960 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:51:22.0993 4960 tunnel - ok
10:51:23.0024 4960 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:51:23.0024 4960 uagp35 - ok
10:51:23.0102 4960 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:51:23.0118 4960 udfs - ok
10:51:23.0133 4960 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:51:23.0133 4960 uliagpkx - ok
10:51:23.0196 4960 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:51:23.0211 4960 umbus - ok
10:51:23.0242 4960 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:51:23.0242 4960 UmPass - ok
10:51:23.0320 4960 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
10:51:23.0320 4960 USBAAPL64 - ok
10:51:23.0383 4960 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:51:23.0398 4960 usbccgp - ok
10:51:23.0430 4960 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:51:23.0430 4960 usbcir - ok
10:51:23.0476 4960 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:51:23.0476 4960 usbehci - ok
10:51:23.0508 4960 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:51:23.0508 4960 usbhub - ok
10:51:23.0570 4960 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:51:23.0570 4960 usbohci - ok
10:51:23.0617 4960 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:51:23.0632 4960 usbprint - ok
10:51:23.0679 4960 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:51:23.0695 4960 usbscan - ok
10:51:23.0742 4960 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:51:23.0742 4960 USBSTOR - ok
10:51:23.0773 4960 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:51:23.0773 4960 usbuhci - ok
10:51:23.0788 4960 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:51:23.0788 4960 vdrvroot - ok
10:51:23.0851 4960 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:51:23.0851 4960 vga - ok
10:51:23.0882 4960 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:51:23.0882 4960 VgaSave - ok
10:51:23.0913 4960 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:51:23.0913 4960 vhdmp - ok
10:51:23.0960 4960 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:51:23.0960 4960 viaide - ok
10:51:24.0022 4960 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:51:24.0022 4960 volmgr - ok
10:51:24.0210 4960 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:51:24.0225 4960 volmgrx - ok
10:51:24.0256 4960 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:51:24.0256 4960 volsnap - ok
10:51:24.0334 4960 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:51:24.0334 4960 vsmraid - ok
10:51:24.0366 4960 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:51:24.0381 4960 vwifibus - ok
10:51:24.0428 4960 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:51:24.0428 4960 WacomPen - ok
10:51:24.0506 4960 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:51:24.0506 4960 WANARP - ok
10:51:24.0522 4960 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:51:24.0522 4960 Wanarpv6 - ok
10:51:24.0584 4960 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:51:24.0584 4960 Wd - ok
10:51:24.0631 4960 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:51:24.0631 4960 Wdf01000 - ok
10:51:24.0693 4960 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:51:24.0693 4960 WfpLwf - ok
10:51:24.0709 4960 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:51:24.0724 4960 WIMMount - ok
10:51:24.0787 4960 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:51:24.0787 4960 WinUsb - ok
10:51:24.0865 4960 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:51:24.0865 4960 WmiAcpi - ok
10:51:24.0912 4960 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:51:24.0912 4960 ws2ifsl - ok
10:51:25.0005 4960 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:51:25.0005 4960 WudfPf - ok
10:51:25.0036 4960 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:51:25.0036 4960 WUDFRd - ok
10:51:25.0099 4960 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
10:51:25.0114 4960 xusb21 - ok
10:51:25.0130 4960 MBR (0x1B8) (f0e1a3c65dedda7ebfd107667d6021ed) \Device\Harddisk0\DR0
10:51:25.0333 4960 \Device\Harddisk0\DR0 - ok
10:51:25.0333 4960 Boot (0x1200) (dd5bb5877d0abb42990c3ffbd70cc7ad) \Device\Harddisk0\DR0\Partition0
10:51:25.0333 4960 \Device\Harddisk0\DR0\Partition0 - ok
10:51:25.0348 4960 Boot (0x1200) (0181bbb74f58e2c88afcdd44352b5481) \Device\Harddisk0\DR0\Partition1
10:51:25.0348 4960 \Device\Harddisk0\DR0\Partition1 - ok
10:51:25.0380 4960 Boot (0x1200) (1971eed9466568f20497aa54ef4414e9) \Device\Harddisk0\DR0\Partition2
10:51:25.0380 4960 \Device\Harddisk0\DR0\Partition2 - ok
10:51:25.0380 4960 ============================================================
10:51:25.0380 4960 Scan finished
10:51:25.0380 4960 ============================================================
10:51:25.0380 4940 Detected object count: 0
10:51:25.0380 4940 Actual detected object count: 0

#6 lance_yien

lance_yien

    Forum Deity

  • Malware Support Mod
  • PipPipPipPipPip
  • 2,442 posts

Posted 19 February 2012 - 04:13 AM

Please print out these instructions or copy them to a Notepad file for an easier reading and download to your Desktop SystemLook (by jpshortstuff) from here or here.
Right-click on SystemLook.exe => "Run as Administrator") and copy/ paste the content of the following codebox (starting with :filefind) into the main textfield:

:filefind
consrv.dll

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
The log can also be found on your Desktop entitled SystemLook.txt


Please pgo to "Start" => "Run", type notepad in the Open field and click "OK".
Copy and paste the text present inside the quote box below (starting with @):

@echo off
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems" > %userprofile%\Desktop\results.txt
notepad %userprofile%\Desktop\results.txt

Save this to your Desktop as SubSystems.bat and change the "Save as type" to "All Files".
Then, please close all open windows and right-click SubSystems.bat => "Run as administrator". Click "OK".
Please post the contents of "results.txt" that opens and close it.


>>> In your next reply, please include the following:
  • SystemLook.txt
  • results.txt

EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#7 civicdude590

civicdude590

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 19 February 2012 - 06:42 PM

Here is the System look file

SystemLook 30.07.11 by jpshortstuff
Log created at 15:31 on 19/02/2012 by Phil
Administrator - Elevation successful

========== filefind ==========

Searching for "consrv.dll"
C:\Windows\System32\consrv.dll --a---- 51712 bytes [23:31 13/07/2009] [01:39 14/07/2009] CEF08BD499D029B6E685850CAC86F749

-= EOF =-

Subsystems file


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems
Debug REG_EXPAND_SZ
(Default) REG_SZ mnmsrvc
Kmode REG_EXPAND_SZ \SystemRoot\System32\win32k.sys
Optional REG_MULTI_SZ Posix
Posix REG_EXPAND_SZ %SystemRoot%\system32\psxss.exe
Required REG_MULTI_SZ Debug\0Windows
Windows REG_EXPAND_SZ %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

#8 lance_yien

lance_yien

    Forum Deity

  • Malware Support Mod
  • PipPipPipPipPip
  • 2,442 posts

Posted 20 February 2012 - 02:59 AM

Please print out these instructions or copy them to a Notepad file for an easier reading and go to "Start" => "Run".
Type notepad in the Open field and click "OK".
Copy and paste the text present inside the quote box below (starting with @):

@echo off
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems" /v "Windows" /t REG_EXPAND_SZ /d "%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" /f

Save this to your Desktop as SubSysRepair.bat and change the "Save as type" to "All Files".
Then, please close all open windows and right-click SubSysRepair.bat => "Run as administrator". Click "OK" and restart your computer.
Now, please navigate to and right-click on SubSystems.bat (on your Desktop) => "Run as administrator".
Please post the contents of "results.txt" that opens and close it.


>>> Run Jotti's malware scan: Please copy each line from the following (in bold):

C:\Windows\System32\consrv.dll

  • Go to Jotti's malware scan and click the Browse button.
  • A window will open, right-click in the File name field and choose "Paste".
  • Click the Submit button and let the scan run uninterrupted. If you get a message saying "File has already been analyzed", click "Reanalyze file now".
  • When it's done, right-click the Permalink button and choose "Copy the link". Posted Image
    Paste it in your next reply.
If Jotti is busy, please go to http://www.virustotal.com.


>>> Run aswMBR scan:
  • Close all running programs and disabled all your protection programs: antivirus, firewall and antispyware (see here and/or here to know how to disable your programs).
  • Then, please double-click/right-click on "aswMBR.exe" => "Run as administrator" and allow the program to download latest virus definitions (if prompted).
  • Click the [Scan] button and let it run uninterrupted (you will get a message: "scan finished successfully").
  • Click the [Save log] button and save it to your Desktop as "aswmbr.txt". Please copy and paste its contents in your next reply (DO NOT fix anything!).
  • You will also notice another file created on the desktop named "MBR.dat". Please go here and click on the "Browse" button.
    Navigate to and double-click on "MBR.dat". Click the "Upload" button.
    Please copy the content of the "Download link" field and paste it in your next reply. Posted Image.

>>> In your next reply, please include the following:
  • "results.txt"
  • The link to Jotti page
  • aswmbr.txt
  • The link to MBR.dat
Any improvements?
EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#9 civicdude590

civicdude590

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 25 February 2012 - 03:39 PM

Hi, so I think the comp is doing better but still some malware through the scan.

Here is the subsystems

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems
Debug REG_EXPAND_SZ
(Default) REG_SZ mnmsrvc
Kmode REG_EXPAND_SZ \SystemRoot\System32\win32k.sys
Optional REG_MULTI_SZ Posix
Posix REG_EXPAND_SZ %SystemRoot%\system32\psxss.exe
Required REG_MULTI_SZ Debug\0Windows
Windows REG_EXPAND_SZ C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

I could not find the consrv.dll so I couldn't scan with Jotti

Here is the aswMBR and the link

aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-25 10:58:11
-----------------------------
10:58:11.630 OS Version: Windows x64 6.1.7601 Service Pack 1
10:58:11.630 Number of processors: 8 586 0x1E05
10:58:11.630 ComputerName: PHIL-HP UserName: Phil
10:58:18.307 Initialize success
10:58:18.385 AVAST engine defs: 12022500
10:58:20.288 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:58:20.288 Disk 0 Vendor: ST315003 HP23 Size: 1430799MB BusType: 8
10:58:20.304 Disk 0 MBR read successfully
10:58:20.304 Disk 0 MBR scan
10:58:20.304 Disk 0 unknown MBR code
10:58:20.319 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:58:20.319 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1417932 MB offset 206848
10:58:20.351 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12765 MB offset 2904131584
10:58:20.366 Service scanning
10:58:42.612 Modules scanning
10:58:42.612 Disk 0 trace - called modules:
10:58:42.612 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:58:42.628 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ab6790]
10:58:42.628 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80077df050]
10:58:48.665 AVAST engine scan C:\Windows
10:59:13.313 AVAST engine scan C:\Windows\system32
11:00:12.640 File: C:\Windows\system32\trzC669.tmp **INFECTED** Win32:Sirefef-HO [Rtk]
11:00:34.527 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
11:00:35.868 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
11:00:59.908 AVAST engine scan C:\Windows\system32\drivers
11:01:30.905 AVAST engine scan C:\Users\Phil
11:40:14.410 AVAST engine scan C:\ProgramData
11:51:12.284 Scan finished successfully
12:35:46.426 Disk 0 MBR has been saved successfully to "C:\Users\Phil\Desktop\MBR.dat"
12:35:46.426 The log file has been saved successfully to "C:\Users\Phil\Desktop\aswMBR.txt"



http://www.sendspace.com/file/54r6y2

#10 lance_yien

lance_yien

    Forum Deity

  • Malware Support Mod
  • PipPipPipPipPip
  • 2,442 posts

Posted 26 February 2012 - 01:39 AM

Hi civicdude590

>>> ComboFix scan: Please delete your copy of ComboFix and download its last version from here or here.
Close all running programs and disabled all your protection programs: antivirus, firewall and antispyware (see here and/or here to know how to disable your programs).
Then, right-click on "ComboFix.exe" => "Run as administrator" and follow the on-screen prompts.
Please, DO NOT click ComboFix's window while it is running. This may cause it to hang.
A log file (ComboFix.txt) will be saved at the root of the System drive (typically C:\ComboFix.txt). Please copy and paste its contents in your next reply.


>>> aswMBR scan: Please download aswMBR and save it to your Desktop.
  • Close all running programs and disabled all your protection programs: antivirus, firewall and antispyware (see here and/or here to know how to disable your programs).
  • Then, please right-click on "aswMBR.exe" => "Run as administrator" and allow the program to download latest virus definitions (if prompted).
  • Click the [Scan] button and let it run uninterrupted (you will get a message: "scan finished successfully").
  • Click the [Save log] button and save it to your Desktop as "aswmbr.txt". Please copy and paste its contents in your next reply (DO NOT fix anything!).
  • I don't need to see the "MBR.dat" log.

>>> In your next reply, please include the following (you may need to use two posts to get it all in):
  • ComboFix.txt
  • aswmbr.txt

EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#11 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,034 posts

Posted 16 July 2012 - 07:02 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

a46.gif
 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button