55 replies to this topic

[dlindner999]

So Combofix told me I had Rootkit.ZeroAccess. I think I've gotten it removed, (TDSS Killer no longer reports any infection). But now I cannot connect to the internet, (big surprise, right?). After some poking around, I determined that afd, netbt, and tcpip were all problematic. If I try to start DHCP, it tells me that the dependent service was marked for deletion (error 1075 I think). Even after replacing netbt.sys, afd.sys, and tcpip.sys with good versions of the files from another computer, I'm still having the same issue.

This is a desktop computer (no wireless), with Windows XP SP3. I have tried doing SFC /SCANNOW, but I can't get it to work, even though I'm using the same Windows CD that I installed the OS with. It keeps prompting me to insert my windows CD and click Retry. I have tried several other CDs as well, including an OEM CD from Dell with SP3 on it, (I thought maybe the problem with my original CD was that it doesn't have SP3). I also tried to do a Repair install with the Windows CD, but no matter which CD I use, I cannot get the repair option to appear. Very strange and frustrating. I've tried uninstalling/reinstalling TCP/IP. I've tried running several tools to repair Winsock, TCP/IP, etc. I'm stumped and pissed off at this point.

I also want to mention that I am a computer repair technician and don't usually encounter many problems I can't fix, although I'm not quite an expert at virus removal yet. What should I do next? I'd appreciate any suggestions. Merry Christmas. =)

[dlindner999]

Did I do something wrong? No replies??? I could still use some help here if anyone has any ideas.

[LDTate]

Rootkit.ZeroAccess is also a BackDoor Trojan.
This is what we tell the users who have it.

Quote

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

• Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  
• Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  
• Consider what other private information could possibly have been taken from your computer and take appropriate steps
  
• Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Beings you have the OS CD, Have you tried a Repair Install?

http://www.geekstogo...air-windows-xp/

[dlindner999]

LDTate, on 28 December 2011 - 09:42 AM, said:

Beings you have the OS CD, Have you tried a Repair Install?

As I have already said above, I'm having trouble getting a repair install to work.

[LDTate]

If need be, Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer.



Please do not attach the scan results from Combofx. Use copy/paste.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  
  Note: If you have XP SP3, use the XP SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[LDTate]

Please don't use the Combofix you have now.
We need to get the latest version

[dlindner999]

LDTate, on 29 December 2011 - 06:59 PM, said:

Please don't use the Combofix you have now.
We need to get the latest version

Ok, I ran the latest Combofix. Here's the log file. I still have no connection to the internet. If I try connecting to the internet it simply says "Acquiring network address" forever. If I try doing "ipconfig /renew" in cmd it says the RPC server is unavailable. If I go into Services, DHCP is not started. If I attempt to start it, I get Error 1075: The dependency service does not exist or has been marked for deletion. This is the same problem I had before. I'm just stating this to provide as much info as possible, please know that I haven't done anything else to try to fix it after running Combofix. Just trying to be helpful.

I have a Combofix log file from the previous time I ran it, also, if that would help.


Newest Combofix log file:

ComboFix 11-12-29.05 - Dan 12/29/2011 18:03:36.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2750 [GMT -7:00]
Running from: c:\documents and settings\Dan\Desktop\ComboFixDec29.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET107.tmp
c:\windows\system32\SET108.tmp
c:\windows\system32\SET109.tmp
c:\windows\system32\SET10A.tmp
c:\windows\system32\SET10B.tmp
c:\windows\system32\SET10C.tmp
c:\windows\system32\SET10D.tmp
c:\windows\system32\SET10F.tmp
c:\windows\system32\SET110.tmp
c:\windows\system32\SET115.tmp
c:\windows\system32\SET116.tmp
c:\windows\system32\SET11F.tmp
c:\windows\system32\SET123.tmp
c:\windows\system32\SET155.tmp
c:\windows\system32\SET156.tmp
c:\windows\system32\SET157.tmp
c:\windows\system32\SET158.tmp
c:\windows\system32\SET159.tmp
c:\windows\system32\SET15A.tmp
c:\windows\system32\SET15B.tmp
c:\windows\system32\SET15C.tmp
c:\windows\system32\SET160.tmp
c:\windows\system32\SET161.tmp
c:\windows\system32\SET162.tmp
c:\windows\system32\SET163.tmp
c:\windows\system32\SET164.tmp
c:\windows\system32\SET168.tmp
c:\windows\system32\SET16A.tmp
c:\windows\system32\SET16C.tmp
c:\windows\system32\SET16D.tmp
c:\windows\system32\SET16F.tmp
c:\windows\system32\SET171.tmp
c:\windows\system32\SET172.tmp
c:\windows\system32\SET174.tmp
c:\windows\system32\SET177.tmp
c:\windows\system32\SET178.tmp
c:\windows\system32\SET17B.tmp
c:\windows\system32\SET17C.tmp
c:\windows\system32\SET17D.tmp
c:\windows\system32\SET17E.tmp
c:\windows\system32\SET17F.tmp
c:\windows\system32\SET183.tmp
c:\windows\system32\SET184.tmp
c:\windows\system32\SET185.tmp
c:\windows\system32\SET187.tmp
c:\windows\system32\SET188.tmp
c:\windows\system32\SET189.tmp
c:\windows\system32\SET1B3.tmp
c:\windows\system32\SET1B4.tmp
c:\windows\system32\SET1B7.tmp
c:\windows\system32\SET1B8.tmp
c:\windows\system32\SET1B9.tmp
c:\windows\system32\SET1BC.tmp
c:\windows\system32\SET1BD.tmp
c:\windows\system32\SET1BE.tmp
c:\windows\system32\SET1F2.tmp
c:\windows\system32\SET205.tmp
c:\windows\system32\SET206.tmp
c:\windows\system32\SET207.tmp
c:\windows\system32\SET209.tmp
c:\windows\system32\SET219.tmp
c:\windows\system32\SET21D.tmp
c:\windows\system32\SET21E.tmp
c:\windows\system32\SET22A.tmp
c:\windows\system32\SET22B.tmp
c:\windows\system32\SET231.tmp
c:\windows\system32\SET250.tmp
c:\windows\system32\SET251.tmp
c:\windows\system32\SET252.tmp
c:\windows\system32\SET261.tmp
c:\windows\system32\SET29.tmp
c:\windows\system32\SET306.tmp
c:\windows\system32\SET308.tmp
c:\windows\system32\SET30C.tmp
c:\windows\system32\SET30E.tmp
c:\windows\system32\SET31.tmp
c:\windows\system32\SET324.tmp
c:\windows\system32\SET326.tmp
c:\windows\system32\SET328.tmp
c:\windows\system32\SET32C.tmp
c:\windows\system32\SET32E.tmp
c:\windows\system32\SET336.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3D.tmp
c:\windows\system32\SET408.tmp
c:\windows\system32\SET41.tmp
c:\windows\system32\SET41C.tmp
c:\windows\system32\SET425.tmp
c:\windows\system32\SET49.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\SET4F.tmp
c:\windows\system32\SET51.tmp
c:\windows\system32\SET541.tmp
c:\windows\system32\SET55.tmp
c:\windows\system32\SET561C.tmp
c:\windows\system32\SET561D.tmp
c:\windows\system32\SET561E.tmp
c:\windows\system32\SET581C.tmp
c:\windows\system32\SET5822.tmp
c:\windows\system32\SET5A.tmp
c:\windows\system32\SET5AF5.tmp
c:\windows\system32\SET5AF7.tmp
c:\windows\system32\SET5AFB.tmp
c:\windows\system32\SET5AFC.tmp
c:\windows\system32\SET5AFD.tmp
c:\windows\system32\SET5B.tmp
c:\windows\system32\SET5B01.tmp
c:\windows\system32\SET5B03.tmp
c:\windows\system32\SET5E.tmp
c:\windows\system32\SET62.tmp
c:\windows\system32\SET66.tmp
c:\windows\system32\SET6B.tmp
c:\windows\system32\SET6E.tmp
c:\windows\system32\SET7A.tmp
c:\windows\system32\SET81.tmp
c:\windows\system32\SETA9.tmp
c:\windows\system32\SETB5.tmp
c:\windows\system32\SETB6.tmp
c:\windows\system32\SETB7.tmp
c:\windows\system32\SETB8.tmp
c:\windows\system32\SETB9.tmp
c:\windows\system32\SETBA.tmp
c:\windows\system32\SETBB.tmp
c:\windows\system32\SETBC.tmp
c:\windows\system32\SETBD.tmp
c:\windows\system32\SETBE.tmp
c:\windows\system32\SETBF.tmp
c:\windows\system32\SETC0.tmp
c:\windows\system32\SETC1.tmp
c:\windows\system32\SETC2.tmp
c:\windows\system32\SETC4.tmp
c:\windows\system32\SETC6.tmp
c:\windows\system32\SETC8.tmp
c:\windows\system32\SETC9.tmp
c:\windows\system32\SETCA.tmp
c:\windows\system32\SETCC.tmp
c:\windows\system32\SETCD.tmp
c:\windows\system32\SETCE.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\SETD2.tmp
c:\windows\system32\SETD3.tmp
c:\windows\system32\SETD5.tmp
c:\windows\system32\SETD6.tmp
c:\windows\system32\SETD7.tmp
c:\windows\system32\SETD8.tmp
c:\windows\system32\SETD9.tmp
c:\windows\system32\SETDA.tmp
c:\windows\system32\SETDB.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\SETDE.tmp
c:\windows\system32\SETDF.tmp
c:\windows\system32\SETE0.tmp
c:\windows\system32\SETE7.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-30 00:55 . 2011-12-30 00:55 -------- d-----w- c:\windows\LastGood
2011-12-24 23:14 . 2001-08-17 20:28 130942 -c--a-w- c:\windows\system32\dllcache\OLDAED.tmp
2011-12-24 23:14 . 2001-08-17 20:28 112574 -c--a-w- c:\windows\system32\dllcache\OLDAE9.tmp
2011-12-24 23:14 . 2008-04-14 12:42 159232 -c--a-w- c:\windows\system32\dllcache\OLDAE1.tmp
2011-12-24 23:14 . 2001-08-17 20:28 128286 -c--a-w- c:\windows\system32\dllcache\OLDAE5.tmp
2011-12-24 23:14 . 2011-12-24 23:14 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-12-24 01:10 . 2011-12-24 01:10 -------- d-----w- c:\program files\Magical Jelly Bean
2011-12-24 00:40 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2011-12-24 00:40 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-24 00:40 . 2008-06-20 11:51 361600 -c--a-w- c:\windows\system32\dllcache\tcpip.sys
2011-12-24 00:40 . 2008-06-20 11:51 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-12-24 00:40 . 2008-04-14 07:51 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2011-12-24 00:40 . 2008-04-14 07:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-12-17 00:37 . 2008-04-14 12:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-12-17 00:37 . 2001-08-18 05:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-12-17 00:37 . 2008-04-14 12:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-12-17 00:37 . 2001-08-18 05:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-12-17 00:37 . 2001-08-18 05:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-12-17 00:37 . 2001-08-18 05:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-12-17 00:37 . 2001-08-17 19:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-12-17 00:37 . 2008-04-14 05:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-12-17 00:37 . 2008-04-14 07:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-12-17 00:37 . 2008-04-14 12:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-12-17 00:37 . 2008-04-14 05:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-12-17 00:35 . 2001-08-18 05:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-12-17 00:34 . 2001-08-17 20:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2011-12-17 00:33 . 2001-08-17 21:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-12-17 00:32 . 2001-08-18 05:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-12-17 00:31 . 2001-08-17 20:28 347550 -c--a-w- c:\windows\system32\dllcache\es56tpi.sys
2011-12-17 00:30 . 2008-04-14 07:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2011-12-17 00:29 . 2001-08-17 19:48 36128 -c--a-w- c:\windows\system32\dllcache\banshee.sys
2011-12-15 14:26 . 2011-12-16 14:27 -------- d-----w- C:\## aswSnx private storage
2011-12-14 03:40 . 2001-08-17 19:12 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys
2011-12-14 03:40 . 2001-08-17 20:52 22400 -c--a-w- c:\windows\system32\dllcache\asc3350p.sys
2011-12-14 03:40 . 2001-08-17 20:51 14848 -c--a-w- c:\windows\system32\dllcache\asc3550.sys
2011-12-14 03:40 . 2001-08-17 20:52 26496 -c--a-w- c:\windows\system32\dllcache\asc.sys
2011-12-14 03:39 . 2001-08-17 20:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2011-12-14 03:39 . 2008-04-14 05:05 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2011-12-14 03:39 . 2001-08-17 20:52 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2011-12-14 03:39 . 2001-08-17 20:51 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2011-12-14 03:39 . 2001-08-17 20:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2011-12-14 03:39 . 2001-08-17 19:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2011-12-14 03:39 . 2001-08-17 21:07 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
2011-12-14 03:39 . 2001-08-17 21:07 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2011-12-14 03:39 . 2001-08-17 19:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2011-12-14 03:39 . 2001-08-17 20:52 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2011-12-14 03:39 . 2001-08-17 21:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2011-12-14 03:39 . 2001-08-17 19:11 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2011-12-14 03:35 . 2001-08-17 21:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-12-14 02:51 . 2011-12-14 02:51 -------- d-----w- c:\program files\ERUNT
2011-12-14 01:31 . 2011-09-27 00:15 117920 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2011-12-13 00:27 . 2011-12-13 00:27 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-06 23:48 . 2011-05-14 23:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-29 04:52 . 2011-11-29 04:51 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-11-29 04:52 . 2011-11-29 04:51 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-11-29 04:52 . 2011-11-29 04:51 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-11-29 04:52 . 2011-11-29 04:51 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-11-03 13:22 . 2011-01-11 18:16 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-03 13:22 . 2011-01-11 18:16 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-10-26 17:41 . 2011-10-26 17:41 667256 ----a-w- c:\windows\system32\ncs2dmix.dll
2011-10-26 17:41 . 2011-10-26 17:41 517752 ----a-w- c:\windows\system32\accesor.dll
2011-10-26 17:01 . 2011-10-26 17:01 142456 ----a-w- c:\windows\system32\ncs2instutility.dll
2011-10-26 16:31 . 2011-10-26 16:31 2208888 ----a-w- c:\windows\system32\ncscolib.dll
2011-10-25 18:04 . 2011-10-25 18:04 193536 ----a-w- c:\windows\system32\Ncs2Setp.dll
2011-10-14 17:40 . 2010-03-26 06:59 253656 ----a-w- c:\windows\system32\drivers\e1e5132.sys
2011-10-10 14:22 . 2008-10-06 03:39 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-05 07:28 . 2011-10-05 07:28 30368 ----a-w- c:\windows\system32\drivers\iqvw32.sys
2011-11-23 14:16 . 2011-05-03 06:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-19_07.24.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-30 00:50 . 2011-12-30 00:50 16384 c:\windows\Temp\Perflib_Perfdata_c8.dat
+ 2011-12-30 00:50 . 2011-12-30 00:50 16384 c:\windows\Temp\Perflib_Perfdata_20c.dat
- 2004-08-04 12:00 . 2011-12-19 07:12 92390 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2011-12-30 00:54 92390 c:\windows\system32\perfc009.dat
+ 2008-10-06 03:45 . 2008-04-14 12:00 29760 c:\windows\system32\dllcache\znetm.dll
- 2008-10-06 03:45 . 2004-08-04 12:00 29760 c:\windows\system32\dllcache\znetm.dll
+ 2008-10-06 03:45 . 2008-04-14 12:00 36937 c:\windows\system32\dllcache\zclientm.exe
- 2008-10-06 03:45 . 2004-08-04 12:00 36937 c:\windows\system32\dllcache\zclientm.exe
- 2008-10-06 03:45 . 2004-08-04 12:00 31232 c:\windows\system32\dllcache\weitekp9.sys
+ 2008-10-06 03:45 . 2008-04-14 12:00 31232 c:\windows\system32\dllcache\weitekp9.sys
- 2008-10-06 03:45 . 2004-08-04 12:00 41600 c:\windows\system32\dllcache\weitekp9.dll
+ 2008-10-06 03:45 . 2008-04-14 12:00 41600 c:\windows\system32\dllcache\weitekp9.dll
+ 2008-10-06 03:45 . 2008-04-14 12:00 73728 c:\windows\system32\dllcache\w3ext.dll
- 2008-10-06 03:45 . 2004-08-04 12:00 73728 c:\windows\system32\dllcache\w3ext.dll
+ 2008-10-06 03:45 . 2008-04-14 12:00 48256 c:\windows\system32\dllcache\w32.dll
- 2008-10-06 03:45 . 2004-08-04 12:00 48256 c:\windows\system32\dllcache\w32.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 32339 c:\windows\system32\dllcache\uniansi.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 32339 c:\windows\system32\dllcache\uniansi.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 14336 c:\windows\system32\dllcache\tsprof.exe
+ 2008-10-06 03:44 . 2008-04-14 12:00 14336 c:\windows\system32\dllcache\tsprof.exe
- 2008-10-06 03:44 . 2004-08-04 12:00 19464 c:\windows\system32\dllcache\tdspx.sys
+ 2008-10-06 03:44 . 2008-04-14 12:00 19464 c:\windows\system32\dllcache\tdspx.sys
+ 2008-10-06 03:44 . 2008-04-14 12:00 21896 c:\windows\system32\dllcache\tdipx.sys
- 2008-10-06 03:44 . 2004-08-04 12:00 21896 c:\windows\system32\dllcache\tdipx.sys
+ 2008-10-06 03:44 . 2008-04-14 12:00 13192 c:\windows\system32\dllcache\tdasync.sys
- 2008-10-06 03:44 . 2004-08-04 12:00 13192 c:\windows\system32\dllcache\tdasync.sys
- 2008-10-06 03:44 . 2004-08-04 12:00 16896 c:\windows\system32\dllcache\status.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 16896 c:\windows\system32\dllcache\status.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 10240 c:\windows\system32\dllcache\snmpstup.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 10240 c:\windows\system32\dllcache\snmpstup.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 15872 c:\windows\system32\dllcache\smierrsm.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 15872 c:\windows\system32\dllcache\smierrsm.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 31744 c:\windows\system32\dllcache\smb6w.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 31744 c:\windows\system32\dllcache\smb6w.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 31744 c:\windows\system32\dllcache\sma3w.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 31744 c:\windows\system32\dllcache\sma3w.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 38912 c:\windows\system32\dllcache\sm9aw.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 38912 c:\windows\system32\dllcache\sm9aw.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 26624 c:\windows\system32\dllcache\sm93w.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 26624 c:\windows\system32\dllcache\sm93w.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 26624 c:\windows\system32\dllcache\sm92w.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 26624 c:\windows\system32\dllcache\sm92w.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 26112 c:\windows\system32\dllcache\sm90w.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 26112 c:\windows\system32\dllcache\sm90w.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 26112 c:\windows\system32\dllcache\sm8dw.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 26112 c:\windows\system32\dllcache\sm8dw.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 29184 c:\windows\system32\dllcache\sm8cw.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 29184 c:\windows\system32\dllcache\sm8cw.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 26112 c:\windows\system32\dllcache\sm8aw.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 26112 c:\windows\system32\dllcache\sm8aw.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 26112 c:\windows\system32\dllcache\sm89w.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 26112 c:\windows\system32\dllcache\sm89w.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 30208 c:\windows\system32\dllcache\sm87w.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 30208 c:\windows\system32\dllcache\sm87w.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 30208 c:\windows\system32\dllcache\sm81w.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 30208 c:\windows\system32\dllcache\sm81w.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 25088 c:\windows\system32\dllcache\sm59w.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 25088 c:\windows\system32\dllcache\sm59w.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 18944 c:\windows\system32\dllcache\simptcp.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 18944 c:\windows\system32\dllcache\simptcp.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 42573 c:\windows\system32\dllcache\shvlzm.exe
- 2008-10-06 03:44 . 2004-08-04 12:00 42573 c:\windows\system32\dllcache\shvlzm.exe
- 2008-10-06 03:44 . 2004-08-04 12:00 66113 c:\windows\system32\dllcache\shvl.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 66113 c:\windows\system32\dllcache\shvl.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 79872 c:\windows\system32\dllcache\rwia330.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 79872 c:\windows\system32\dllcache\rwia330.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 79872 c:\windows\system32\dllcache\rwia001.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 79872 c:\windows\system32\dllcache\rwia001.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 42574 c:\windows\system32\dllcache\rvsezm.exe
+ 2008-10-06 03:44 . 2008-04-14 12:00 42574 c:\windows\system32\dllcache\rvsezm.exe
- 2008-10-06 03:44 . 2004-08-04 12:00 48706 c:\windows\system32\dllcache\rvse.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 48706 c:\windows\system32\dllcache\rvse.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 14848 c:\windows\system32\dllcache\register.exe
- 2008-10-06 03:44 . 2004-08-04 12:00 14848 c:\windows\system32\dllcache\register.exe
+ 2008-10-06 03:44 . 2008-04-14 12:00 16384 c:\windows\system32\dllcache\quser.exe
- 2008-10-06 03:44 . 2004-08-04 12:00 16384 c:\windows\system32\dllcache\quser.exe
+ 2008-10-06 03:44 . 2008-04-14 12:00 11264 c:\windows\system32\dllcache\pmxmcro.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 11264 c:\windows\system32\dllcache\pmxmcro.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 20992 c:\windows\system32\dllcache\permchk.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 20992 c:\windows\system32\dllcache\permchk.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 31744 c:\windows\system32\dllcache\pagecnt.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 31744 c:\windows\system32\dllcache\pagecnt.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 14336 c:\windows\system32\dllcache\padrs412.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 14336 c:\windows\system32\dllcache\padrs412.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 36927 c:\windows\system32\dllcache\padrs411.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 36927 c:\windows\system32\dllcache\padrs411.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 53248 c:\windows\system32\dllcache\nextlink.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 53248 c:\windows\system32\dllcache\nextlink.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 98304 c:\windows\system32\dllcache\msir3jp.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 98304 c:\windows\system32\dllcache\msir3jp.dll
+ 2004-08-04 12:00 . 2008-04-14 12:00 34304 c:\windows\system32\dllcache\migisol.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 34304 c:\windows\system32\dllcache\migisol.exe
+ 2008-10-06 03:44 . 2008-04-14 12:00 92416 c:\windows\system32\dllcache\mga.sys
- 2008-10-06 03:44 . 2004-08-04 12:00 92416 c:\windows\system32\dllcache\mga.sys
+ 2008-10-06 03:44 . 2008-04-14 12:00 92032 c:\windows\system32\dllcache\mga.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 92032 c:\windows\system32\dllcache\mga.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 26624 c:\windows\system32\dllcache\mdsync.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 26624 c:\windows\system32\dllcache\mdsync.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 22016 c:\windows\system32\dllcache\logscrpt.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 22016 c:\windows\system32\dllcache\logscrpt.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 70656 c:\windows\system32\dllcache\korwbrkr.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 70656 c:\windows\system32\dllcache\korwbrkr.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 18432 c:\windows\system32\dllcache\jupiw.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 18432 c:\windows\system32\dllcache\jupiw.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 59904 c:\windows\system32\dllcache\imkrinst.exe
+ 2008-10-06 03:43 . 2001-08-23 11:00 59904 c:\windows\system32\dllcache\imkrinst.exe
- 2008-10-06 03:43 . 2004-08-04 12:00 45109 c:\windows\system32\dllcache\imjpuex.exe
+ 2008-10-06 03:43 . 2001-08-23 11:00 45109 c:\windows\system32\dllcache\imjpuex.exe
+ 2008-10-06 03:43 . 2001-08-23 11:00 57398 c:\windows\system32\dllcache\imjpdadm.exe
- 2008-10-06 03:43 . 2004-08-04 12:00 57398 c:\windows\system32\dllcache\imjpdadm.exe
- 2008-10-06 03:43 . 2004-08-04 12:00 44032 c:\windows\system32\dllcache\imekrmig.exe
+ 2008-10-06 03:43 . 2001-08-23 11:00 44032 c:\windows\system32\dllcache\imekrmig.exe
+ 2008-10-06 03:43 . 2001-08-23 11:00 19456 c:\windows\system32\dllcache\iiscrmap.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 19456 c:\windows\system32\dllcache\iiscrmap.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 60928 c:\windows\system32\dllcache\iisclex4.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 60928 c:\windows\system32\dllcache\iisclex4.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 42573 c:\windows\system32\dllcache\hrtzzm.exe
+ 2008-10-06 03:43 . 2001-08-23 11:00 42573 c:\windows\system32\dllcache\hrtzzm.exe
+ 2008-10-06 03:43 . 2001-08-23 11:00 57409 c:\windows\system32\dllcache\hrtz.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 57409 c:\windows\system32\dllcache\hrtz.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 36864 c:\windows\system32\dllcache\hanjadic.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 36864 c:\windows\system32\dllcache\hanjadic.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 11264 c:\windows\system32\dllcache\fxssend.exe
+ 2008-10-06 03:43 . 2001-08-23 11:00 11264 c:\windows\system32\dllcache\fxssend.exe
+ 2008-10-06 03:43 . 2001-08-23 11:00 31744 c:\windows\system32\dllcache\fxsroute.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 31744 c:\windows\system32\dllcache\fxsroute.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 14848 c:\windows\system32\dllcache\flattemp.exe
- 2008-10-06 03:43 . 2004-08-04 12:00 14848 c:\windows\system32\dllcache\flattemp.exe
- 2008-10-06 03:43 . 2004-08-04 12:00 25856 c:\windows\system32\dllcache\et4000.sys
+ 2008-10-06 03:43 . 2001-08-23 11:00 25856 c:\windows\system32\dllcache\et4000.sys
- 2008-10-06 03:43 . 2004-08-04 12:00 45056 c:\windows\system32\dllcache\esunid.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 45056 c:\windows\system32\dllcache\esunid.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 57856 c:\windows\system32\dllcache\esuimgd.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 57856 c:\windows\system32\dllcache\esuimgd.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 31744 c:\windows\system32\dllcache\esucmd.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 31744 c:\windows\system32\dllcache\esucmd.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 18944 c:\windows\system32\dllcache\cprofile.exe
+ 2008-10-06 03:43 . 2001-08-23 11:00 18944 c:\windows\system32\dllcache\cprofile.exe
- 2008-10-06 03:43 . 2004-08-04 12:00 20480 c:\windows\system32\dllcache\counters.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 20480 c:\windows\system32\dllcache\counters.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 56320 c:\windows\system32\dllcache\convlog.exe
+ 2008-10-06 03:43 . 2001-08-23 11:00 56320 c:\windows\system32\dllcache\convlog.exe
+ 2008-10-06 03:43 . 2001-08-23 11:00 33792 c:\windows\system32\dllcache\controt.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 33792 c:\windows\system32\dllcache\controt.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 42575 c:\windows\system32\dllcache\chkrzm.exe
- 2008-10-06 03:43 . 2004-08-04 12:00 42575 c:\windows\system32\dllcache\chkrzm.exe
- 2008-10-06 03:43 . 2004-08-04 12:00 40515 c:\windows\system32\dllcache\chkr.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 40515 c:\windows\system32\dllcache\chkr.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 14336 c:\windows\system32\dllcache\chgusr.exe
+ 2008-10-06 03:43 . 2001-08-23 11:00 14336 c:\windows\system32\dllcache\chgusr.exe
+ 2008-10-06 03:43 . 2001-08-23 11:00 15872 c:\windows\system32\dllcache\chgport.exe
- 2008-10-06 03:43 . 2004-08-04 12:00 15872 c:\windows\system32\dllcache\chgport.exe
- 2008-10-06 03:43 . 2004-08-04 12:00 13312 c:\windows\system32\dllcache\chglogon.exe
+ 2008-10-06 03:43 . 2001-08-23 11:00 13312 c:\windows\system32\dllcache\chglogon.exe
+ 2008-10-06 03:43 . 2001-08-23 11:00 54528 c:\windows\system32\dllcache\cap7146.sys
- 2008-10-06 03:43 . 2004-08-04 12:00 54528 c:\windows\system32\dllcache\cap7146.sys
- 2008-10-06 03:43 . 2004-08-04 12:00 45568 c:\windows\system32\dllcache\browscap.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 45568 c:\windows\system32\dllcache\browscap.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 42577 c:\windows\system32\dllcache\bckgzm.exe
+ 2008-10-06 03:43 . 2001-08-23 11:00 42577 c:\windows\system32\dllcache\bckgzm.exe
+ 2008-10-06 03:43 . 2008-04-14 12:00 82501 c:\windows\system32\dllcache\bckg.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 82501 c:\windows\system32\dllcache\bckg.dll
+ 2011-12-30 00:55 . 2011-05-10 11:40 12112 c:\windows\LastGood\system32\DRIVERS\aswNdis.sys
- 2008-10-06 03:45 . 2004-08-04 12:00 4677 c:\windows\system32\dllcache\zeeverm.dll
+ 2008-10-06 03:45 . 2008-04-14 12:00 4677 c:\windows\system32\dllcache\zeeverm.dll
- 2008-10-06 03:45 . 2004-08-04 12:00 9216 c:\windows\system32\dllcache\wamps51.dll
+ 2008-10-06 03:45 . 2008-04-14 12:00 9216 c:\windows\system32\dllcache\wamps51.dll
- 2008-10-06 03:45 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\w3svapi.dll
+ 2008-10-06 03:45 . 2008-04-14 12:00 5632 c:\windows\system32\dllcache\w3svapi.dll
+ 2008-10-06 03:45 . 2008-04-14 12:00 4608 c:\windows\system32\dllcache\w3ctrs51.dll
- 2008-10-06 03:45 . 2004-08-04 12:00 4608 c:\windows\system32\dllcache\w3ctrs51.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 5632 c:\windows\system32\dllcache\smimsgif.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\smimsgif.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\smierrsy.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 5632 c:\windows\system32\dllcache\smierrsy.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 9728 c:\windows\system32\dllcache\query.exe
- 2008-10-06 03:44 . 2004-08-04 12:00 9728 c:\windows\system32\dllcache\query.exe
+ 2008-10-06 03:44 . 2008-04-14 12:00 6144 c:\windows\system32\dllcache\pmxgl.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 6144 c:\windows\system32\dllcache\pmxgl.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 5632 c:\windows\system32\dllcache\kbdvntc.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\kbdvntc.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\kbdusa.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 5632 c:\windows\system32\dllcache\kbdusa.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 5632 c:\windows\system32\dllcache\kbdurdu.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\kbdurdu.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 6144 c:\windows\system32\dllcache\kbdth3.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 6144 c:\windows\system32\dllcache\kbdth3.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 6144 c:\windows\system32\dllcache\kbdth2.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 6144 c:\windows\system32\dllcache\kbdth2.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 5632 c:\windows\system32\dllcache\kbdth1.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\kbdth1.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\kbdth0.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 5632 c:\windows\system32\dllcache\kbdth0.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 5632 c:\windows\system32\dllcache\kbdsyr2.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\kbdsyr2.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\kbdsyr1.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 5632 c:\windows\system32\dllcache\kbdsyr1.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 7680 c:\windows\system32\dllcache\kbdnecnt.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 7680 c:\windows\system32\dllcache\kbdnecnt.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 9216 c:\windows\system32\dllcache\kbdnecat.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 9216 c:\windows\system32\dllcache\kbdnecat.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 7168 c:\windows\system32\dllcache\kbdnec95.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 7168 c:\windows\system32\dllcache\kbdnec95.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 5632 c:\windows\system32\dllcache\kbdintel.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\kbdintel.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 5632 c:\windows\system32\dllcache\kbdintam.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\kbdintam.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 6144 c:\windows\system32\dllcache\kbdinpun.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 6144 c:\windows\system32\dllcache\kbdinpun.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\kbdinmar.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 5632 c:\windows\system32\dllcache\kbdinmar.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\kbdinkan.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 5632 c:\windows\system32\dllcache\kbdinkan.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 5632 c:\windows\system32\dllcache\kbdinhin.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\kbdinhin.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\kbdinguj.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 5632 c:\windows\system32\dllcache\kbdinguj.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 5632 c:\windows\system32\dllcache\kbdindev.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\kbdindev.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\kbdheb.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 5632 c:\windows\system32\dllcache\kbdheb.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5120 c:\windows\system32\dllcache\kbdgeo.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 5120 c:\windows\system32\dllcache\kbdgeo.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\kbdfa.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 5632 c:\windows\system32\dllcache\kbdfa.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\kbddiv2.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 5632 c:\windows\system32\dllcache\kbddiv2.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\kbddiv1.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 5632 c:\windows\system32\dllcache\kbddiv1.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5120 c:\windows\system32\dllcache\kbdarmw.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 5120 c:\windows\system32\dllcache\kbdarmw.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 5120 c:\windows\system32\dllcache\kbdarme.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5120 c:\windows\system32\dllcache\kbdarme.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\kbda3.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 5632 c:\windows\system32\dllcache\kbda3.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\kbda2.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 5632 c:\windows\system32\dllcache\kbda2.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 5632 c:\windows\system32\dllcache\kbda1.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 5632 c:\windows\system32\dllcache\kbda1.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 6144 c:\windows\system32\dllcache\kbd101a.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 6144 c:\windows\system32\dllcache\kbd101a.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 9216 c:\windows\system32\dllcache\iwrps.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 9216 c:\windows\system32\dllcache\iwrps.dll
+ 2008-10-06 03:44 . 2001-08-23 11:00 7168 c:\windows\system32\dllcache\isapips.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 7168 c:\windows\system32\dllcache\isapips.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 8704 c:\windows\system32\dllcache\infoctrs.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 8704 c:\windows\system32\dllcache\infoctrs.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 6656 c:\windows\system32\dllcache\iissync.exe
- 2008-10-06 03:43 . 2004-08-04 12:00 6656 c:\windows\system32\dllcache\iissync.exe
+ 2008-10-06 03:43 . 2001-08-23 11:00 3584 c:\windows\system32\dllcache\iismui.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 3584 c:\windows\system32\dllcache\iismui.dll
- 2008-10-06 03:42 . 2008-04-14 12:00 6144 c:\windows\system32\dllcache\ftpsapi2.dll
+ 2008-10-06 03:42 . 2004-08-04 12:00 6144 c:\windows\system32\dllcache\ftpsapi2.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 7680 c:\windows\system32\dllcache\ftpctrs2.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 7680 c:\windows\system32\dllcache\ftpctrs2.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 6144 c:\windows\system32\dllcache\ftlx041e.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 6144 c:\windows\system32\dllcache\ftlx041e.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 9728 c:\windows\system32\dllcache\change.exe
+ 2008-10-06 03:43 . 2001-08-23 11:00 9728 c:\windows\system32\dllcache\change.exe
- 2004-08-04 12:00 . 2011-12-19 07:12 516268 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2011-12-30 00:54 516268 c:\windows\system32\perfh009.dat
+ 2008-10-06 03:44 . 2008-04-14 12:00 185344 c:\windows\system32\dllcache\thawbrkr.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 185344 c:\windows\system32\dllcache\thawbrkr.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 101376 c:\windows\system32\dllcache\srusbusd.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 101376 c:\windows\system32\dllcache\srusbusd.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 143422 c:\windows\system32\dllcache\softkey.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 143422 c:\windows\system32\dllcache\softkey.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 753236 c:\windows\system32\dllcache\rvseres.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 753236 c:\windows\system32\dllcache\rvseres.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 131584 c:\windows\system32\dllcache\pmxviceo.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 131584 c:\windows\system32\dllcache\pmxviceo.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 229439 c:\windows\system32\dllcache\multibox.dll
- 2008-10-06 03:44 . 2004-08-04 12:00 229439 c:\windows\system32\dllcache\multibox.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 471102 c:\windows\system32\dllcache\imskdic.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 471102 c:\windows\system32\dllcache\imskdic.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 311359 c:\windows\system32\dllcache\imepadsv.exe
- 2008-10-06 03:43 . 2004-08-04 12:00 311359 c:\windows\system32\dllcache\imepadsv.exe
- 2008-10-06 03:43 . 2004-08-04 12:00 102463 c:\windows\system32\dllcache\imepadsm.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 102463 c:\windows\system32\dllcache\imepadsm.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 132608 c:\windows\system32\dllcache\fxsclntr.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 132608 c:\windows\system32\dllcache\fxsclntr.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 111104 c:\windows\system32\dllcache\fxscfgwz.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 111104 c:\windows\system32\dllcache\fxscfgwz.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 514587 c:\windows\system32\dllcache\edb500.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 514587 c:\windows\system32\dllcache\edb500.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 217160 c:\windows\system32\dllcache\cmnclim.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 217160 c:\windows\system32\dllcache\cmnclim.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 838144 c:\windows\system32\dllcache\chtbrkr.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 838144 c:\windows\system32\dllcache\chtbrkr.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 780885 c:\windows\system32\dllcache\chkrres.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 780885 c:\windows\system32\dllcache\chkrres.dll
+ 2011-12-30 00:46 . 2011-12-30 00:46 409600 c:\windows\ERDNT\AutoBackup\12-29-2011\Users\00000002\UsrClass.dat
+ 2011-12-30 00:46 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\12-29-2011\ERDNT.EXE
+ 2011-12-27 14:42 . 2011-12-27 14:42 409600 c:\windows\ERDNT\AutoBackup\12-27-2011\Users\00000002\UsrClass.dat
+ 2011-12-27 14:42 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\12-27-2011\ERDNT.EXE
+ 2011-12-24 00:30 . 2011-12-24 00:30 409600 c:\windows\ERDNT\AutoBackup\12-23-2011\Users\00000002\UsrClass.dat
+ 2011-12-24 00:30 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\12-23-2011\ERDNT.EXE
+ 2011-12-24 00:24 . 2011-12-24 00:24 409600 c:\windows\ERDNT\12-23-2011\Users\00000002\UsrClass.dat
+ 2011-12-24 00:24 . 2005-10-20 19:02 163328 c:\windows\ERDNT\12-23-2011\ERDNT.EXE
- 2008-10-06 03:44 . 2004-08-04 12:00 2178131 c:\windows\system32\dllcache\shvlres.dll
+ 2008-10-06 03:44 . 2008-04-14 12:00 2178131 c:\windows\system32\dllcache\shvlres.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 1175635 c:\windows\system32\dllcache\hrtzres.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 1175635 c:\windows\system32\dllcache\hrtzres.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 1039955 c:\windows\system32\dllcache\cmnresm.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 1039955 c:\windows\system32\dllcache\cmnresm.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 1677824 c:\windows\system32\dllcache\chsbrkr.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 1677824 c:\windows\system32\dllcache\chsbrkr.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 1817687 c:\windows\system32\dllcache\bckgres.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 1817687 c:\windows\system32\dllcache\bckgres.dll
+ 2011-12-30 00:46 . 2011-12-30 00:46 7733248 c:\windows\ERDNT\AutoBackup\12-29-2011\Users\00000001\ntuser.dat
+ 2011-12-27 14:42 . 2011-12-27 14:42 7733248 c:\windows\ERDNT\AutoBackup\12-27-2011\Users\00000001\ntuser.dat
+ 2011-12-24 00:30 . 2011-12-24 00:30 7733248 c:\windows\ERDNT\AutoBackup\12-23-2011\Users\00000001\ntuser.dat
+ 2011-12-24 00:24 . 2011-12-24 00:24 7733248 c:\windows\ERDNT\12-23-2011\Users\00000001\ntuser.dat
- 2008-10-06 03:43 . 2004-08-04 12:00 10129408 c:\windows\system32\dllcache\hwxkor.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 10129408 c:\windows\system32\dllcache\hwxkor.dll
- 2008-10-06 03:43 . 2004-08-04 12:00 10096640 c:\windows\system32\dllcache\hwxcht.dll
+ 2008-10-06 03:43 . 2001-08-23 11:00 10096640 c:\windows\system32\dllcache\hwxcht.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Dan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Dan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Dan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Dan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-03 273528]
.
c:\documents and settings\Dan\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-11-29 04:52 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ClientManager3.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ClientManager3.lnk
backup=c:\windows\pss\ClientManager3.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2011-10-11 15:17 5389944 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 11:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
c:\program files\LogMeIn\x86\LogMeInSystray.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-09-01 00:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-03 13:22 273528 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Dan\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Freemake\\Freemake Video Converter\\FreemakeVC.exe"=
"c:\\Program Files\\Synology\\Assistant\\DSAssistant.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\bwsvc.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\AOSSWPS.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [8/28/2011 11:48 AM 232512]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 4:38 PM 116608]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [10/24/2011 5:00 PM 820568]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [12/13/2011 6:31 PM 117920]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/27/2011 11:11 PM 366152]
R2 UsbClientService;UsbClientService;c:\program files\Synology\Assistant\UsbClientService.exe [2/17/2011 11:18 PM 245760]
R3 busenum;Synology Virtual USB Hub;c:\windows\system32\drivers\busenum.sys [2/17/2011 11:20 PM 46304]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [8/20/2010 11:14 AM 42144]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/27/2011 11:11 PM 22216]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/9/2010 11:48 PM 47360]
S0 vhndu;vhndu;c:\windows\system32\drivers\lswo.sys --> c:\windows\system32\drivers\lswo.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 9:58 AM 11336]
S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [10/24/2011 5:00 PM 239472]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [1/21/2010 4:51 PM 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 7:37 PM 4640000]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [10/24/2011 5:00 PM 30368]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [10/24/2011 5:00 PM 16208]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 5:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 LMIGuardianSvc;LMIGuardianSvc;"c:\program files\LogMeIn\x86\LMIGuardianSvc.exe" --> c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [?]
S4 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [8/10/2011 12:35 PM 227184]
S4 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [3/25/2010 1:39 PM 490280]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ppsio2
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1606980848-839522115-1003Core.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-25 05:25]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1606980848-839522115-1003UA.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-25 05:25]
.
2011-12-24 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
.
2011-12-29 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
.
2011-12-24 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
.
2011-12-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 19:40]
.
2011-12-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-1606980848-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 19:40]
.
2011-12-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 19:40]
.
2011-12-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-1606980848-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 19:40]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\4x0jvxwd.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-29 18:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,12,8e,ab,81,7c,c5,4c,83,6e,8d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,12,8e,ab,81,7c,c5,4c,83,6e,8d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(580)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\LMIinit.dll
c:\program files\BUFFALO\Client Manager3\BwcProv.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-12-29 18:19:57
ComboFix-quarantined-files.txt 2011-12-30 01:19
ComboFix2.txt 2011-12-19 08:56
ComboFix3.txt 2011-12-19 07:29
.
Pre-Run: 34,407,084,032 bytes free
Post-Run: 34,392,223,744 bytes free
.
- - End Of File - - 6284B9179F6EC7486942CFB94987F889

[LDTate]

I know it's a pain going back and forth from one box to another.

Please download, open, and run the QueryServices.bat inside the attached zip file and post back the NetworkDetails.txt file (as an attachment) that it will create in the root of the system drive.

Attached Files

•  GetNetworkInfo2.zip   395bytes   34 downloads

[dlindner999]

LDTate, on 30 December 2011 - 07:38 AM, said:

I know it's a pain going back and forth from one box to another.

Please download, open, and run the QueryServices.bat inside the attached zip file and post back the NetworkDetails.txt file (as an attachment) that it will create in the root of the system drive.

It's not that much of a pain going back and forth to the other computer. I'm just glad to have the help, and from a moderator, nonetheless. =)


Query Services version 2
...
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1075 (0x433)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: TCPIP
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\tcpip.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 13
DISPLAY_NAME : TCP/IP Protocol Driver
DEPENDENCIES : IPSec
SERVICE_START_NAME :

SERVICE_NAME: TCPIP
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


[SC] EnumQueryServicesStatus:OpenService FAILED 1060:

The specified service does not exist as an installed service.


[SC] GetServiceConfig SUCCESS

SERVICE_NAME: NetBT
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\netbt.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 15
DISPLAY_NAME : NetBios over Tcpip
DEPENDENCIES : Tcpip
SERVICE_START_NAME :

SERVICE_NAME: NetBT
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: NetBIOS
TYPE : 2 FILE_SYSTEM_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\netbios.sys
LOAD_ORDER_GROUP : NetBIOSGroup
TAG : 1
DISPLAY_NAME : NetBIOS Interface
DEPENDENCIES :
SERVICE_START_NAME :

SERVICE_NAME: NetBIOS
TYPE : 2 FILE_SYSTEM_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: Lmhosts
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: Lmhosts
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1075 (0x433)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: Dnscache
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: Dnscache
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1092
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: PolicyAgent
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: PolicyAgent
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 10050 (0x2742)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: Nla
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Nla
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1075 (0x433)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: lanmanserver
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: lanmanserver
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1000
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: IPSEC
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\ipsec.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 14
DISPLAY_NAME : IPSEC driver
DEPENDENCIES :
SERVICE_START_NAME :

SERVICE_NAME: IPSEC
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: RPCSS
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES :
SERVICE_START_NAME : NT Authority\NetworkService

SERVICE_NAME: RPCSS
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 952
FLAGS :

[LDTate]

I don't see the Afd.sys driver / service loading


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  afd.sys

  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[dlindner999]

LDTate, on 30 December 2011 - 02:16 PM, said:

I don't see the Afd.sys driver / service loading


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  afd.sys

  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook 30.07.11 by jpshortstuff
Log created at 15:20 on 30/12/2011 by Dan
Administrator - Elevation successful

========== filefind ==========

Searching for "afd.sys"
C:\WINDOWS\ServicePackFiles\i386\afd.sys ------- 138112 bytes [07:40 06/10/2008] [06:49 14/04/2008] 322D0E36693D6E24A2398BEE62A268CD
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\afd.sys --a---- 138112 bytes [07:07 06/10/2008] [19:19 13/04/2008] 322D0E36693D6E24A2398BEE62A268CD
C:\WINDOWS\system32\dllcache\afd.sys --a--c- 138496 bytes [00:40 24/12/2011] [13:49 17/08/2011] 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\system32\drivers\afd.sys --a---- 138496 bytes [00:40 24/12/2011] [13:49 17/08/2011] 1E44BC1E83D8FD2305F8D452DB109CF9

-= EOF =-

[LDTate]

It's where it's suppose to be.

Do you know how long it hasn't been working?

[LDTate]

1.Click Start, click Run, type regedit in the Open box, and then click OK.
2.In Registry Editor, locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp
3.Right-click the DependOnService entry,
4.In the Value data box, the only services that are in the DependOnService entry are the following services:
Tcpip
Afd
NetBt

are there any others listed?

[LDTate]

I'd also like you to do this.

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

C:\windows\system32\drivers\lswo.sys

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.


If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky...anforvirus.html

[dlindner999]

LDTate, on 30 December 2011 - 05:46 PM, said:

It's where it's suppose to be.

Do you know how long it hasn't been working?

Well I found what is posted below in the event viewer, stating a problem on Dec. 6, but I didn't experience any problems with the computer until several days later when I rebooted...it might have been up to a week later. Actually the file that is in the system32\drivers folder is not the original file from my computer. I copied afd.sys, netbt.sys, and tcpip.sys from another working computer with the same XP installation, and put those on the infected computer, because I thought that might be what was causing the DHCP 1075 error, (The dependency service does not exist or has been marked for deletion ). You can't see afd, netbt, or tcpip in Computer Management > Services, but if you go into the Device Manager > Show Hidden Devices > Non Plug and Play Drivers, they show up there, and they were all showing as Stopped and I was unable to get them to start, so I figured they were corrupted by the virus. Maybe that's still my problem. What can I do to fix this?

Event Viewer - System
Information 12/6/11 10:39:52pm Source-Windows File Protection Category-None Event 64002 User-N/A
File replacement was attempted on the protected system file c:\windows\system32\drivers\afd.sys. This file was
restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.6142

[LDTate]

You only replaced the one in system32\drivers?

We have them here
C:\WINDOWS\ServicePackFiles\i386\afd.sys

[LDTate]

Is that correct? You only copied them in the drivers folder?

[dlindner999]

LDTate, on 30 December 2011 - 06:18 PM, said:

Is that correct? You only copied them in the drivers folder?

That is correct - I only replaced the files in the Drivers folder.

Ok, I looked up the DHCP registry key, and the 3 you mentioned are the only dependencies.

I cannot locate lswo.sys. It does not exist in C:\windows\system32\drivers. Just to clarify, thats LSWO.SYS, right?

[LDTate]

S0 vhndu;vhndu;c:\windows\system32\drivers\lswo.sys --> c:\windows\system32\drivers\lswo.sys [?]

That's in your combofix scan and I can't find any ifo on it.

Lets give this a try.

I want you to delete these files:

C:\WINDOWS\system32\drivers\afd.sys
C:\WINDOWS\system32\drivers\Tcpip.sys
C:\WINDOWS\system32\drivers\NetBt.sys
C:\WINDOWS\system32\drivers\IPSec.sys

Now run a new combofix scan.
Post the results

[dlindner999]

LDTate, on 30 December 2011 - 06:29 PM, said:

S0 vhndu;vhndu;c:\windows\system32\drivers\lswo.sys --> c:\windows\system32\drivers\lswo.sys [?]

That's in your combofix scan and I can't find any info on it.

Lets give this a try.

I want you to delete these files:

C:\WINDOWS\system32\drivers\afd.sys
C:\WINDOWS\system32\drivers\Tcpip.sys
C:\WINDOWS\system32\drivers\NetBt.sys
C:\WINDOWS\system32\drivers\IPSec.sys

Now run a new combofix scan.
Post the results

Ok. 4 files deleted, Combofix ran. Here's the log. Should I have rebooted after deleting the files? (I didn't).

ComboFix 11-12-30.02 - Dan 12/30/2011 16:35:31.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2766 [GMT -7:00]
Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-24 23:14 . 2001-08-17 20:28 130942 -c--a-w- c:\windows\system32\dllcache\OLDAED.tmp
2011-12-24 23:14 . 2001-08-17 20:28 112574 -c--a-w- c:\windows\system32\dllcache\OLDAE9.tmp
2011-12-24 23:14 . 2008-04-14 12:42 159232 -c--a-w- c:\windows\system32\dllcache\OLDAE1.tmp
2011-12-24 23:14 . 2001-08-17 20:28 128286 -c--a-w- c:\windows\system32\dllcache\OLDAE5.tmp
2011-12-24 23:14 . 2011-12-24 23:14 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-12-24 01:10 . 2011-12-24 01:10 -------- d-----w- c:\program files\Magical Jelly Bean
2011-12-24 00:40 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2011-12-24 00:40 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-24 00:40 . 2008-06-20 11:51 361600 -c--a-w- c:\windows\system32\dllcache\tcpip.sys
2011-12-24 00:40 . 2008-06-20 11:51 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-12-24 00:40 . 2008-04-14 07:51 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2011-12-24 00:40 . 2008-04-14 07:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-12-17 00:37 . 2008-04-14 12:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-12-17 00:37 . 2001-08-18 05:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-12-17 00:37 . 2008-04-14 12:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-12-17 00:37 . 2001-08-18 05:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-12-17 00:37 . 2001-08-18 05:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-12-17 00:37 . 2001-08-18 05:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-12-17 00:37 . 2001-08-17 19:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-12-17 00:37 . 2008-04-14 05:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-12-17 00:37 . 2008-04-14 07:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-12-17 00:37 . 2008-04-14 12:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-12-17 00:37 . 2008-04-14 05:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-12-17 00:35 . 2001-08-18 05:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-12-17 00:34 . 2001-08-17 20:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2011-12-17 00:33 . 2001-08-17 21:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-12-17 00:32 . 2001-08-18 05:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-12-17 00:31 . 2001-08-17 20:28 347550 -c--a-w- c:\windows\system32\dllcache\es56tpi.sys
2011-12-17 00:30 . 2008-04-14 07:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2011-12-17 00:29 . 2001-08-17 19:48 36128 -c--a-w- c:\windows\system32\dllcache\banshee.sys
2011-12-14 03:40 . 2001-08-17 19:12 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys
2011-12-14 03:40 . 2001-08-17 20:52 22400 -c--a-w- c:\windows\system32\dllcache\asc3350p.sys
2011-12-14 03:40 . 2001-08-17 20:51 14848 -c--a-w- c:\windows\system32\dllcache\asc3550.sys
2011-12-14 03:40 . 2001-08-17 20:52 26496 -c--a-w- c:\windows\system32\dllcache\asc.sys
2011-12-14 03:39 . 2001-08-17 20:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2011-12-14 03:39 . 2008-04-14 05:05 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2011-12-14 03:39 . 2001-08-17 20:52 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2011-12-14 03:39 . 2001-08-17 20:51 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2011-12-14 03:39 . 2001-08-17 20:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2011-12-14 03:39 . 2001-08-17 19:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2011-12-14 03:39 . 2001-08-17 21:07 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
2011-12-14 03:39 . 2001-08-17 21:07 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2011-12-14 03:39 . 2001-08-17 19:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2011-12-14 03:39 . 2001-08-17 20:52 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2011-12-14 03:39 . 2001-08-17 21:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2011-12-14 03:39 . 2001-08-17 19:11 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2011-12-14 03:35 . 2001-08-17 21:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-12-14 02:51 . 2011-12-14 02:51 -------- d-----w- c:\program files\ERUNT
2011-12-14 01:31 . 2011-09-27 00:15 117920 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2011-12-13 00:27 . 2011-12-13 00:27 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-06 23:48 . 2011-05-14 23:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-29 04:52 . 2011-11-29 04:51 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-11-29 04:52 . 2011-11-29 04:51 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-11-29 04:52 . 2011-11-29 04:51 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-11-29 04:52 . 2011-11-29 04:51 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-11-03 13:22 . 2011-01-11 18:16 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-03 13:22 . 2011-01-11 18:16 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-10-26 17:41 . 2011-10-26 17:41 667256 ----a-w- c:\windows\system32\ncs2dmix.dll
2011-10-26 17:41 . 2011-10-26 17:41 517752 ----a-w- c:\windows\system32\accesor.dll
2011-10-26 17:01 . 2011-10-26 17:01 142456 ----a-w- c:\windows\system32\ncs2instutility.dll
2011-10-26 16:31 . 2011-10-26 16:31 2208888 ----a-w- c:\windows\system32\ncscolib.dll
2011-10-25 18:04 . 2011-10-25 18:04 193536 ----a-w- c:\windows\system32\Ncs2Setp.dll
2011-10-14 17:40 . 2010-03-26 06:59 253656 ----a-w- c:\windows\system32\drivers\e1e5132.sys
2011-10-10 14:22 . 2008-10-06 03:39 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-05 07:28 . 2011-10-05 07:28 30368 ----a-w- c:\windows\system32\drivers\iqvw32.sys
2011-11-23 14:16 . 2011-05-03 06:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-30_01.16.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-30 01:51 . 2011-12-30 01:51 16384 c:\windows\Temp\Perflib_Perfdata_7e8.dat
+ 2011-12-30 01:51 . 2011-12-30 01:51 16384 c:\windows\Temp\Perflib_Perfdata_778.dat
+ 2004-08-04 12:00 . 2011-12-30 06:17 92390 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2011-12-30 00:54 92390 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2011-12-30 06:17 516268 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2011-12-30 00:54 516268 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Dan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Dan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Dan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Dan\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-03 273528]
.
c:\documents and settings\Dan\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-11-29 04:52 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ClientManager3.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ClientManager3.lnk
backup=c:\windows\pss\ClientManager3.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2011-10-11 15:17 5389944 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 11:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
c:\program files\LogMeIn\x86\LogMeInSystray.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-09-01 00:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-03 13:22 273528 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Dan\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Freemake\\Freemake Video Converter\\FreemakeVC.exe"=
"c:\\Program Files\\Synology\\Assistant\\DSAssistant.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\bwsvc.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\AOSSWPS.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [8/28/2011 11:48 AM 232512]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 4:38 PM 116608]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [10/24/2011 5:00 PM 820568]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [12/13/2011 6:31 PM 117920]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/27/2011 11:11 PM 366152]
R2 UsbClientService;UsbClientService;c:\program files\Synology\Assistant\UsbClientService.exe [2/17/2011 11:18 PM 245760]
R3 busenum;Synology Virtual USB Hub;c:\windows\system32\drivers\busenum.sys [2/17/2011 11:20 PM 46304]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [8/20/2010 11:14 AM 42144]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/27/2011 11:11 PM 22216]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/9/2010 11:48 PM 47360]
S0 vhndu;vhndu;c:\windows\system32\drivers\lswo.sys --> c:\windows\system32\drivers\lswo.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 9:58 AM 11336]
S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [10/24/2011 5:00 PM 239472]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [1/21/2010 4:51 PM 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 7:37 PM 4640000]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [10/24/2011 5:00 PM 30368]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [10/24/2011 5:00 PM 16208]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 5:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 LMIGuardianSvc;LMIGuardianSvc;"c:\program files\LogMeIn\x86\LMIGuardianSvc.exe" --> c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [?]
S4 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [8/10/2011 12:35 PM 227184]
S4 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [3/25/2010 1:39 PM 490280]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ppsio2
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1606980848-839522115-1003Core.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-25 05:25]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1606980848-839522115-1003UA.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-25 05:25]
.
2011-12-24 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
.
2011-12-29 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
.
2011-12-24 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
.
2011-12-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 19:40]
.
2011-12-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-1606980848-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 19:40]
.
2011-12-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 19:40]
.
2011-12-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-1606980848-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 19:40]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\4x0jvxwd.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-30 16:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,12,8e,ab,81,7c,c5,4c,83,6e,8d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,12,8e,ab,81,7c,c5,4c,83,6e,8d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(604)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\LMIinit.dll
c:\program files\BUFFALO\Client Manager3\BwcProv.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3140)
c:\windows\system32\WININET.dll
c:\documents and settings\Dan\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-30 16:40:10
ComboFix-quarantined-files.txt 2011-12-30 23:40
ComboFix2.txt 2011-12-30 01:19
ComboFix3.txt 2011-12-19 08:56
ComboFix4.txt 2011-12-19 07:29
.
Pre-Run: 34,401,882,112 bytes free
Post-Run: 34,385,084,416 bytes free
.
- - End Of File - - FF9FB78C98F260782856EE8E49FAE6D1