Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old May 7th, 2012, 07:06 PM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
Smart Fortress 2012/Zero Access

Hi
On April 29 desktop pc was attacked by SmartFortress 2012-fake security pop ups,disabled AV and MS Security Center,disabled Windows defender,disabled CD/dvd drives.
Rogue Killer indicated ZeroAccess was on PC. I followed this malware removal thread on cybertechhelp http://www.cybertechhelp.com/forums/...d.php?t=218141
since the same infection was being cleaned:
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

Several other trojans and viruses were identified in clean up- Combofix
identified infection with w/ Rootkit.ZeroAccess! inserted into the tcp//ipstack
and appears to have cleaned it.

I followed this thread up to instruction to use ESET Online Scanner-I was unable to run this tool and ran F-secure online scanner instead. At this point I realized I need expert help in order to properly clean machine and to be sure all security programs are working properly.

I have not removed Combo fix- and I have all logs from the beginning of this nightmare if you would like to see any of them. I realize I should have come here from the beginning and appreciate any help at this point.

I am able to boot normally, however I do not think system is entirely
clean -when I run the windows malware prevention troubleshooter and windows security troubleshooter as well as Microsft safety scanner, it indicates I have NO AV running and windows firewall failed to start- however security center accessed thru control panel indicates all security programs are "on"-ie, firewall, automated updates and virus protection. I have MSiInstaller errors in event viewer every day since trojan struck and one instance of crypt32 event 11 on day/time of attack.

Thanks for reading and I look forward to your response.
Reply With Quote


  #2  
Old May 7th, 2012, 08:02 PM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Welcome to CTH, Deborahh!

Not every system is the same, so what works for one User, may not work for another.

Let's see what your system presently shows...

Please download RogueKiller

•When you get to the website, go to where it says:
(Download link) Lien de téléchargement:
•Click the dark-blue button to download.
•Save to the Desktop

•Close all windows and browsers
•XP: Double-click the program to run it
•Vista/seven: Right-click and select 'Run as Administrator'
•Press: SCAN
•A report opens on the Desktop: RKreport.txt

Please copy/paste the RKreport.txt , and provide it in your reply.

Note:
If RogueKiller is blocked, do not hesitate to try running it again.
If it still fails to run, right-click on the downloaded icon and select: Rename
Then, rename it to winlogon.exe and try again.


If you cannot download, but can run programs, instead of downloading the program requested to the problem computer, download it to a clean computer.

Next, save it to a USB flash drive (or removable media), move it to the Desktop of the infected computer, and run the program as described at the beginning of these instructions.
Reply With Quote
  #3  
Old May 7th, 2012, 08:18 PM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
HI Aaflac
Thks for the quick reply

As requested, RogueKiller SCAN report

RogueKiller V7.4.3 [05/04/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date: 05/07/2012 15:15:38

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR 6L080L4 +++++
--- User ---
[MBR] 37743bab05beaf4fbaee6f657ea72f92
[BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++
--- User ---
[MBR] 8c578824a997fcb025e0b9f618ad7cab
[BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++
--- User ---
[MBR] 0be45aedd714228582a3c39eb483c4cf
[BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
Reply With Quote
  #4  
Old May 7th, 2012, 10:36 PM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Quote:
...I have all logs from the beginning of this nightmare if you would like to see any of them...
Please post the logs you already ran, and we will take it from there.
Reply With Quote
  #5  
Old May 7th, 2012, 11:07 PM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
I will start with RogueKiller Log Reports (there are 17 in total)
Also, a folder RogueKiller labeled RK_Quarantine has a log file. I will post that last after RKreport17.
Please let me know if you would like add'l logs from other removal tools after you've had a chance to review RogueKillers-
Thanks!

RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date: 04/29/2012 22:27:29

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : SM1BG (C:\WINDOWS\SM1BG.EXE) -> FOUND
[SUSP PATH] HKCU\[...]\RunOnce : F4D5618A0001836300216024D151FC4E (C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1993962763-1647877149-842925246-1003[...]\RunOnce : F4D5618A0001836300216024D151FC4E (C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[122] : NtOpenProcess @ 0x8057F93A -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741B2A)
SSDT[128] : NtOpenThread @ 0x80596743 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741C1A)

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR 6L080L4 +++++
--- User ---
[MBR] 37743bab05beaf4fbaee6f657ea72f92
[BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++
--- User ---
[MBR] 8c578824a997fcb025e0b9f618ad7cab
[BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++
--- User ---
[MBR] 0be45aedd714228582a3c39eb483c4cf
[BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Remove -- Date: 04/29/2012 22:28:35

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : SM1BG (C:\WINDOWS\SM1BG.EXE) -> DELETED
[SUSP PATH] HKCU\[...]\RunOnce : F4D5618A0001836300216024D151FC4E (C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[122] : NtOpenProcess @ 0x8057F93A -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741B2A)
SSDT[128] : NtOpenThread @ 0x80596743 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741C1A)

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR 6L080L4 +++++
--- User ---
[MBR] 37743bab05beaf4fbaee6f657ea72f92
[BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++
--- User ---
[MBR] 8c578824a997fcb025e0b9f618ad7cab
[BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++
--- User ---
[MBR] 0be45aedd714228582a3c39eb483c4cf
[BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date: 04/29/2012 23:04:04

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[122] : NtOpenProcess @ 0x8057F93A -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741B2A)
SSDT[128] : NtOpenThread @ 0x80596743 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741C1A)

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR 6L080L4 +++++
--- User ---
[MBR] 37743bab05beaf4fbaee6f657ea72f92
[BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++
--- User ---
[MBR] 8c578824a997fcb025e0b9f618ad7cab
[BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++
--- User ---
[MBR] 0be45aedd714228582a3c39eb483c4cf
[BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: HP v125w USB Device +++++
--- User ---
[MBR] b305a011d887843cbf51c81be0226f72
[BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 3846 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Remove -- Date: 04/29/2012 23:04:57

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[122] : NtOpenProcess @ 0x8057F93A -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741B2A)
SSDT[128] : NtOpenThread @ 0x80596743 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741C1A)

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR 6L080L4 +++++
--- User ---
[MBR] 37743bab05beaf4fbaee6f657ea72f92
[BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++
--- User ---
[MBR] 8c578824a997fcb025e0b9f618ad7cab
[BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++
--- User ---
[MBR] 0be45aedd714228582a3c39eb483c4cf
[BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: HP v125w USB Device +++++
--- User ---
[MBR] b305a011d887843cbf51c81be0226f72
[BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 3846 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date: 04/29/2012 23:46:53

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[122] : NtOpenProcess @ 0x8057F93A -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741B2A)
SSDT[128] : NtOpenThread @ 0x80596743 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741C1A)

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR 6L080L4 +++++
--- User ---
[MBR] 37743bab05beaf4fbaee6f657ea72f92
[BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++
--- User ---
[MBR] 8c578824a997fcb025e0b9f618ad7cab
[BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++
--- User ---
[MBR] 0be45aedd714228582a3c39eb483c4cf
[BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Remove -- Date: 04/29/2012 23:53:15

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[122] : NtOpenProcess @ 0x8057F93A -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741B2A)
SSDT[128] : NtOpenThread @ 0x80596743 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741C1A)

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR 6L080L4 +++++
--- User ---
[MBR] 37743bab05beaf4fbaee6f657ea72f92
[BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++
--- User ---
[MBR] 8c578824a997fcb025e0b9f618ad7cab
[BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++
--- User ---
[MBR] 0be45aedd714228582a3c39eb483c4cf
[BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt



RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date: 04/30/2012 00:10:43

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR 6L080L4 +++++
--- User ---
[MBR] 37743bab05beaf4fbaee6f657ea72f92
[BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++
--- User ---
[MBR] 8c578824a997fcb025e0b9f618ad7cab
[BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++
--- User ---
[MBR] 0be45aedd714228582a3c39eb483c4cf
[BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[7].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt



RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date: 04/30/2012 10:54:50

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR 6L080L4 +++++
--- User ---
[MBR] 37743bab05beaf4fbaee6f657ea72f92
[BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++
--- User ---
[MBR] 8c578824a997fcb025e0b9f618ad7cab
[BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++
--- User ---
[MBR] 0be45aedd714228582a3c39eb483c4cf
[BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[8].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt

RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Remove -- Date: 04/30/2012 10:55:11

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR 6L080L4 +++++
--- User ---
[MBR] 37743bab05beaf4fbaee6f657ea72f92
[BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++
--- User ---
[MBR] 8c578824a997fcb025e0b9f618ad7cab
[BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++
--- User ---
[MBR] 0be45aedd714228582a3c39eb483c4cf
[BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[9].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date: 04/30/2012 17:17:31

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR 6L080L4 +++++
--- User ---
[MBR] 37743bab05beaf4fbaee6f657ea72f92
[BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++
--- User ---
[MBR] 8c578824a997fcb025e0b9f618ad7cab
[BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++
--- User ---
[MBR] 0be45aedd714228582a3c39eb483c4cf
[BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[10].txt >>
RKreport[10].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ;
RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Shortcuts HJfix -- Date: 04/30/2012 17:31:40

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 6 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 54 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1959 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[F:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[G:] \Device\HarddiskDmVolumes\Home_sys1Dg0\Volume1 -- 0x3 --> Restored

¤¤¤ Infection : ZeroAccess ¤¤¤

Finished : << RKreport[11].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ;
RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ;
RKreport[9].txt
RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date: 04/30/2012 17:37:02

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR 6L080L4 +++++
--- User ---
[MBR] 37743bab05beaf4fbaee6f657ea72f92
[BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++
--- User ---
[MBR] 8c578824a997fcb025e0b9f618ad7cab
[BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++
--- User ---
[MBR] 0be45aedd714228582a3c39eb483c4cf
[BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[12].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[1].txt ; RKreport[2].txt ;
RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ;
RKreport[8].txt ; RKreport[9].txt

RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User: Owner [Admin rights]
Mode: Scan -- Date: 04/30/2012 17:50:51

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR 6L080L4 +++++
--- User ---
[MBR] 37743bab05beaf4fbaee6f657ea72f92
[BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++
--- User ---
[MBR] 8c578824a997fcb025e0b9f618ad7cab
[BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++
--- User ---
[MBR] 0be45aedd714228582a3c39eb483c4cf
[BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[13].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[1].txt ;
RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ;
RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User: Owner [Admin rights]
Mode: Remove -- Date: 04/30/2012 17:51:15

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR 6L080L4 +++++
--- User ---
[MBR] 37743bab05beaf4fbaee6f657ea72f92
[BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++
--- User ---
[MBR] 8c578824a997fcb025e0b9f618ad7cab
[BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++
--- User ---
[MBR] 0be45aedd714228582a3c39eb483c4cf
[BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[14].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date: 05/01/2012 04:53:06

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR 6L080L4 +++++
--- User ---
[MBR] 37743bab05beaf4fbaee6f657ea72f92
[BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++
--- User ---
[MBR] 8c578824a997fcb025e0b9f618ad7cab
[BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++
--- User ---
[MBR] 0be45aedd714228582a3c39eb483c4cf
[BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[15].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;
RKreport[15].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ;
RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Remove -- Date: 05/01/2012 04:53:43

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR 6L080L4 +++++
--- User ---
[MBR] 37743bab05beaf4fbaee6f657ea72f92
[BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++
--- User ---
[MBR] 8c578824a997fcb025e0b9f618ad7cab
[BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++
--- User ---
[MBR] 0be45aedd714228582a3c39eb483c4cf
[BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[16].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;
RKreport[15].txt ; RKreport[16].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ;
RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ;
RKreport[9].txt

RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Shortcuts HJfix -- Date: 05/01/2012 05:02:50

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 17 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 40 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[F:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[G:] \Device\HarddiskDmVolumes\Home_sys1Dg0\Volume1 -- 0x3 --> Restored

¤¤¤ Infection : ZeroAccess ¤¤¤

Finished : << RKreport[17].txt >>
RKreport[16].txt ; RKreport[17].txt ; RKreport[2].txt ; RKreport[6].txt


QUARANTINE REPORT-found in desktop folder labeled RK_Quarantine
Time : 29/04/2012 22:27:28
--------------------------
[SM1BG.EXE.vir] -> C:\WINDOWS\SM1BG.EXE
[F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe
[F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe


Time : 29/04/2012 22:28:35
--------------------------
ERROR [SM1BG.EXE.vir] -> C:\WINDOWS\SM1BG.EXE
[F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe
[F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe
ERROR [SM1BG.EXE.vir] -> C:\WINDOWS\SM1BG.EXE
[F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe


Time : 29/04/2012 23:04:04
--------------------------
ERROR [SM1BG.EXE.vir] -> C:\WINDOWS\SM1BG.EXE
[F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe
[F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe
ERROR [SM1BG.EXE.vir] -> C:\WINDOWS\SM1BG.EXE
[F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe


Time : 29/04/2012 23:04:57
--------------------------
ERROR [SM1BG.EXE.vir] -> C:\WINDOWS\SM1BG.EXE
[F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe
[F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe
ERROR [SM1BG.EXE.vir] -> C:\WINDOWS\SM1BG.EXE
[F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe


Time : 29/04/2012 23:46:52
--------------------------


Time : 29/04/2012 23:53:15
--------------------------


Time : 30/04/2012 00:10:41
--------------------------


Time : 30/04/2012 10:54:49
--------------------------


Time : 30/04/2012 10:55:10
--------------------------


Time : 30/04/2012 10:55:18
--------------------------


Time : 30/04/2012 10:55:24
--------------------------


Time : 30/04/2012 10:55:29
--------------------------


Time : 30/04/2012 10:55:37
--------------------------


Time : 30/04/2012 17:17:30
--------------------------


Time : 30/04/2012 17:31:40
--------------------------


Time : 30/04/2012 17:37:02
--------------------------


Time : 30/04/2012 17:50:50
--------------------------


Time : 30/04/2012 17:51:14
--------------------------


Time : 01/05/2012 04:53:05
--------------------------


Time : 01/05/2012 04:53:43
--------------------------


Time : 01/05/2012 05:02:49
--------------------------


Time : 01/05/2012 09:09:47
--------------------------


Time : 01/05/2012 10:03:03
--------------------------


Time : 01/05/2012 10:05:26
--------------------------


Time : 01/05/2012 10:06:18
--------------------------


Time : 01/05/2012 10:06:39
--------------------------


Time : 01/05/2012 10:06:48
--------------------------


Time : 01/05/2012 10:11:14
--------------------------


Time : 01/05/2012 10:23:40
--------------------------


Time : 01/05/2012 10:23:45
--------------------------


Time : 01/05/2012 10:29:49
--------------------------


Time : 01/05/2012 11:14:33
--------------------------


Time : 01/05/2012 11:18:30
--------------------------


Time : 01/05/2012 11:19:11
--------------------------


Time : 01/05/2012 11:21:28
--------------------------


Time : 01/05/2012 11:46:57
--------------------------


Time : 01/05/2012 11:47:14
--------------------------


Time : 01/05/2012 12:20:43
--------------------------


Time : 01/05/2012 12:23:54
--------------------------


Time : 01/05/2012 17:34:42
--------------------------


Time : 01/05/2012 17:35:32
--------------------------


Time : 01/05/2012 17:37:48
--------------------------


Time : 01/05/2012 18:03:45
--------------------------


Time : 01/05/2012 18:04:31
--------------------------


Time : 01/05/2012 18:05:13
--------------------------


Time : 01/05/2012 18:49:19
--------------------------


Time : 01/05/2012 19:50:58
--------------------------


Time : 01/05/2012 19:51:39
--------------------------


Time : 01/05/2012 21:26:58
--------------------------


Time : 01/05/2012 21:28:27
--------------------------


Time : 01/05/2012 21:30:21
--------------------------


Time : 05/05/2012 16:06:18
--------------------------


Time : 05/05/2012 16:12:07
--------------------------


Time : 05/05/2012 16:37:29
--------------------------


Time : 05/05/2012 16:38:05
--------------------------


Time : 06/05/2012 14:02:24
--------------------------


Time : 06/05/2012 14:02:52
--------------------------


Time : 06/05/2012 14:02:57
--------------------------


Time : 06/05/2012 14:03:06
--------------------------


Time : 06/05/2012 14:03:09
--------------------------


Time : 07/05/2012 15:12:32
--------------------------


Time : 07/05/2012 15:13:17
--------------------------


Time : 07/05/2012 15:15:38
--------------------------
Reply With Quote
  #6  
Old May 8th, 2012, 04:50 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Never seen so many RogueKiller reports!!

Quote:
Please let me know if you would like add'l logs from other removal tools after you've had a chance to review RogueKillers-
Just post which reports you have, and how many of each. Do not post their content, though. Will let you know which ones to post.
Reply With Quote
  #7  
Old May 8th, 2012, 02:13 PM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
Quote:
Originally Posted by Aaflac View Post
Never seen so many RogueKiller reports!!



Just post which reports you have, and how many of each. Do not post their content, though. Will let you know which ones to post.

re: many RogueKiller reports--I ran RougeKiller after other removal tools to see if ZeroAccess has been killed. All reports are for the same day.
Reports:
RogueKiller (17)
RKQuarantine (1)
Malewarebytes (1)
ComboFix
-Directory folder named Qoobox contains files named:
Add-remove programs.txt (1)
Combo-fix quarantined files.txt (1)
Combofix2.txt (1)
folder in Qoobox named "Quarantine"
-contains report named Catchme.log
this folder also had other folders named, C ,Doc&Settings,All users, Application Data,Temp-A folder named BACKENV cannot be opened "Denied access"
TDSSKiller (1)
FSecureOnline Scanner report (1)
Unhide.txt (1)
RSIT (3)
SecurityCheck (1)
MS SafetyScan

I must leave for work now and will be able to work on this after 6pm tonite
Thanks
Reply With Quote
  #8  
Old May 8th, 2012, 10:56 PM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Just post the following:

1. TDSSKiller

2. On ComboFix...do you have the original ComboFix.txt on the Desktop?
Also post:
Add-remove programs.txt (1)
Combo-fix quarantined files.txt (1)
Combofix2.txt (1)
Reply With Quote
  #9  
Old May 9th, 2012, 03:07 AM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
hi Aaflac
Been searching for the files you requested---thanks for reading :-)
Getting error msg posting 131134 characters-I will put in three replies

re: TDSSKILLER log
I ran this tool on two consecutive days 4/30/12(safe mode) and 5/1/12 (normal)- I have posted both reports.

re:ComboFix
Original Combofix.txt was not on desktop-I did find it in system disk root folder C -I noticed
combofix.txt report is dated later than combofix2.txt- is that odd?

TDSSKiller Safe mode dated 4.30.12

17:55:24.0000 1608 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
17:55:24.0265 1608 ================================================== ==========
17:55:24.0265 1608 Current date / time: 2012/04/30 17:55:24.0265
17:55:24.0265 1608 SystemInfo:
17:55:24.0265 1608
17:55:24.0265 1608 OS Version: 5.1.2600 ServicePack: 3.0
17:55:24.0265 1608 Product type: Workstation
17:55:24.0265 1608 ComputerName: HOME_SYS1
17:55:24.0265 1608 UserName: Owner
17:55:24.0265 1608 Windows directory: C:\WINDOWS
17:55:24.0265 1608 System windows directory: C:\WINDOWS
17:55:24.0265 1608 Processor architecture: Intel x86
17:55:24.0265 1608 Number of processors: 2
17:55:24.0265 1608 Page size: 0x1000
17:55:24.0265 1608 Boot type: Safe boot with network
17:55:24.0265 1608 ================================================== ==========
17:55:24.0687 1608 Drive \Device\Harddisk0\DR0 - Size: 0x12A3980000 (74.56 Gb), SectorSize: 0x200, Cylinders: 0x2604, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:55:24.0703 1608 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:55:24.0703 1608 Drive \Device\Harddisk2\DR2 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:55:24.0703 1608 ================================================== ==========
17:55:24.0703 1608 \Device\Harddisk0\DR0:
17:55:24.0703 1608 MBR partitions:
17:55:24.0703 1608 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9516204
17:55:24.0703 1608 \Device\Harddisk1\DR1:
17:55:24.0703 1608 MBR partitions:
17:55:24.0703 1608 \Device\Harddisk2\DR2:
17:55:24.0703 1608 MBR partitions:
17:55:24.0703 1608 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
17:55:24.0703 1608 ================================================== ==========
17:55:24.0703 1608 C: <-> \Device\Harddisk2\DR2\Partition0
17:55:24.0718 1608 F: <-> \Device\Harddisk0\DR0\Partition0
17:55:24.0718 1608 ================================================== ==========
17:55:24.0718 1608 Initialize success
17:55:24.0718 1608 ================================================== ==========
17:55:32.0312 1524 ================================================== ==========
17:55:32.0312 1524 Scan started
17:55:32.0312 1524 Mode: Manual; SigCheck; TDLFS;
17:55:32.0312 1524 ================================================== ==========
17:55:32.0500 1524 .redbook - ok
17:55:32.0546 1524 Abiosdsk - ok
17:55:32.0578 1524 abp480n5 - ok
17:55:32.0609 1524 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:55:33.0656 1524 ACPI - ok
17:55:33.0671 1524 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:55:33.0843 1524 ACPIEC - ok
17:55:33.0875 1524 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
17:55:33.0890 1524 AdobeFlashPlayerUpdateSvc - ok
17:55:33.0906 1524 adpu160m - ok
17:55:33.0953 1524 aeaudio (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\aeaudio.sys
17:55:33.0984 1524 aeaudio - ok
17:55:34.0015 1524 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:55:34.0171 1524 aec - ok
17:55:34.0203 1524 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
17:55:34.0218 1524 AFD - ok
17:55:34.0234 1524 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:55:34.0406 1524 agp440 - ok
17:55:34.0421 1524 Aha154x - ok
17:55:34.0453 1524 aic78u2 - ok
17:55:34.0484 1524 aic78xx - ok
17:55:34.0500 1524 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:55:34.0671 1524 Alerter - ok
17:55:34.0687 1524 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:55:34.0765 1524 ALG - ok
17:55:34.0781 1524 AliIde - ok
17:55:34.0796 1524 amsint - ok
17:55:34.0843 1524 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:55:34.0906 1524 AppMgmt - ok
17:55:34.0921 1524 asc - ok
17:55:34.0953 1524 asc3350p - ok
17:55:34.0984 1524 asc3550 - ok
17:55:35.0062 1524 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspn et_state.exe
17:55:35.0093 1524 aspnet_state - ok
17:55:35.0109 1524 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:55:35.0265 1524 AsyncMac - ok
17:55:35.0296 1524 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:55:35.0453 1524 atapi - ok
17:55:35.0468 1524 Atdisk - ok
17:55:35.0500 1524 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:55:35.0671 1524 Atmarpc - ok
17:55:35.0687 1524 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:55:35.0859 1524 AudioSrv - ok
17:55:35.0875 1524 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:55:36.0062 1524 audstub - ok
17:55:36.0078 1524 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:55:36.0250 1524 Beep - ok
17:55:36.0281 1524 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:55:36.0468 1524 BITS - ok
17:55:36.0484 1524 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:55:36.0671 1524 Browser - ok
17:55:36.0687 1524 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:55:36.0859 1524 cbidf2k - ok
17:55:36.0875 1524 cd20xrnt - ok
17:55:36.0906 1524 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:55:37.0093 1524 Cdaudio - ok
17:55:37.0109 1524 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:55:37.0281 1524 Cdfs - ok
17:55:37.0296 1524 Cdr4_xp (6674bb4a919220d05bd002bbf6081aaa) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
17:55:37.0296 1524 Cdr4_xp ( UnsignedFile.Multi.Generic ) - warning
17:55:37.0296 1524 Cdr4_xp - detected UnsignedFile.Multi.Generic (1)
17:55:37.0328 1524 Cdralw2k (8822a9246c20af99686e65710c7d6a5d) C:\WINDOWS\system32\drivers\Cdralw2k.sys
17:55:37.0328 1524 Cdralw2k ( UnsignedFile.Multi.Generic ) - warning
17:55:37.0328 1524 Cdralw2k - detected UnsignedFile.Multi.Generic (1)
17:55:37.0359 1524 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:55:37.0375 1524 Cdrom - ok
17:55:37.0406 1524 cdudf_xp (66b9f9c62721f2347211c0c9bcce4e98) C:\WINDOWS\system32\drivers\cdudf_xp.sys
17:55:37.0421 1524 cdudf_xp ( UnsignedFile.Multi.Generic ) - warning
17:55:37.0421 1524 cdudf_xp - detected UnsignedFile.Multi.Generic (1)
17:55:37.0437 1524 Changer - ok
17:55:37.0468 1524 Cinemsup (f6a0f51706cb4b0d5b8718ff69f831ba) C:\WINDOWS\system32\drivers\Cinemsup.sys
17:55:37.0468 1524 Cinemsup ( UnsignedFile.Multi.Generic ) - warning
17:55:37.0468 1524 Cinemsup - detected UnsignedFile.Multi.Generic (1)
17:55:37.0484 1524 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:55:37.0671 1524 CiSvc - ok
17:55:37.0687 1524 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:55:37.0859 1524 ClipSrv - ok
17:55:37.0875 1524 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
17:55:37.0906 1524 clr_optimization_v2.0.50727_32 - ok
17:55:37.0937 1524 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
17:55:37.0968 1524 clr_optimization_v4.0.30319_32 - ok
17:55:37.0984 1524 CmdIde - ok
17:55:38.0000 1524 COMSysApp - ok
17:55:38.0062 1524 Cpqarray - ok
17:55:38.0093 1524 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe
17:55:38.0109 1524 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
17:55:38.0109 1524 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
17:55:38.0125 1524 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:55:38.0296 1524 CryptSvc - ok
17:55:38.0328 1524 ctsfm2k (fcbb8ea6fe935d2c531d3a4dee9f985b) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
17:55:38.0359 1524 ctsfm2k - ok
17:55:38.0375 1524 CTUSFSYN (12a7b253f9128b3b68a9979827047b76) C:\WINDOWS\system32\drivers\ctusfsyn.sys
17:55:38.0406 1524 CTUSFSYN - ok
17:55:38.0421 1524 dac2w2k - ok
17:55:38.0453 1524 dac960nt - ok
17:55:38.0484 1524 DcomLaunch (9222562d44021b988b9f9f62207fb6f2) C:\WINDOWS\system32\rpcss.dll
17:55:38.0515 1524 DcomLaunch - ok
17:55:38.0546 1524 Dhcp (c51de19619d50cbd03708647aca10e70) C:\WINDOWS\System32\dhcpcsvc.dll
17:55:38.0562 1524 Dhcp - ok
17:55:38.0578 1524 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
17:55:38.0609 1524 Disk - ok
17:55:38.0625 1524 dmadmin - ok
17:55:38.0687 1524 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:55:38.0875 1524 dmboot - ok
17:55:38.0906 1524 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:55:39.0078 1524 dmio - ok
17:55:39.0093 1524 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:55:39.0250 1524 dmload - ok
17:55:39.0281 1524 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:55:39.0453 1524 dmserver - ok
17:55:39.0468 1524 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:55:39.0640 1524 DMusic - ok
17:55:39.0656 1524 Dnscache (d977659ae4d8ece5286d99d1ed34614d) C:\WINDOWS\System32\dnsrslvr.dll
17:55:39.0687 1524 Dnscache - ok
17:55:39.0718 1524 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:55:39.0890 1524 Dot3svc - ok
17:55:39.0906 1524 dpti2o - ok
17:55:39.0937 1524 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:55:40.0109 1524 drmkaud - ok
17:55:40.0125 1524 drvmcdb (7df2e645fbda7cde94fcabba7f0de4c2) C:\WINDOWS\system32\DRIVERS\drvmcdb.sys
17:55:40.0140 1524 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
17:55:40.0140 1524 drvmcdb - detected UnsignedFile.Multi.Generic (1)
17:55:40.0156 1524 DVDVRRdr_xp (1d5eda9961b16b8e800639038d7492ad) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
17:55:40.0171 1524 DVDVRRdr_xp ( UnsignedFile.Multi.Generic ) - warning
17:55:40.0171 1524 DVDVRRdr_xp - detected UnsignedFile.Multi.Generic (1)
17:55:40.0187 1524 dvd_2K (df112f6f01efedc21c9bc5ce822ce1d3) C:\WINDOWS\system32\drivers\dvd_2K.sys
17:55:40.0203 1524 dvd_2K ( UnsignedFile.Multi.Generic ) - warning
17:55:40.0203 1524 dvd_2K - detected UnsignedFile.Multi.Generic (1)
17:55:40.0218 1524 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:55:40.0390 1524 EapHost - ok
17:55:40.0406 1524 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:55:40.0578 1524 ERSvc - ok
17:55:40.0609 1524 Eventlog (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe
17:55:40.0625 1524 Eventlog - ok
17:55:40.0656 1524 EventSystem (f17f6226bdc0cd5f0bef0daf84d29bec) C:\WINDOWS\system32\es.dll
17:55:40.0687 1524 EventSystem - ok
17:55:40.0718 1524 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:55:40.0875 1524 Fastfat - ok
17:55:40.0890 1524 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:55:40.0921 1524 FastUserSwitchingCompatibility - ok
17:55:40.0937 1524 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:55:41.0109 1524 Fdc - ok
17:55:41.0140 1524 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:55:41.0296 1524 Fips - ok
17:55:41.0328 1524 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:55:41.0484 1524 Flpydisk - ok
17:55:41.0500 1524 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:55:41.0687 1524 FltMgr - ok
17:55:41.0703 1524 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
17:55:41.0734 1524 FontCache3.0.0.0 - ok
17:55:41.0750 1524 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:55:41.0921 1524 Fs_Rec - ok
17:55:41.0937 1524 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:55:42.0109 1524 Ftdisk - ok
17:55:42.0125 1524 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:55:42.0296 1524 Gpc - ok
17:55:42.0312 1524 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:55:42.0484 1524 helpsvc - ok
17:55:42.0500 1524 HidServ - ok
17:55:42.0531 1524 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:55:42.0703 1524 HidUsb - ok
17:55:42.0718 1524 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:55:42.0890 1524 hkmsvc - ok
17:55:42.0906 1524 hpn - ok
17:55:42.0953 1524 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:55:42.0968 1524 HTTP - ok
17:55:42.0984 1524 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:55:43.0171 1524 HTTPFilter - ok
17:55:43.0187 1524 i2omgmt - ok
17:55:43.0218 1524 i2omp - ok
17:55:43.0250 1524 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:55:43.0421 1524 i8042prt - ok
17:55:43.0468 1524 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:55:43.0484 1524 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:55:43.0484 1524 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:55:43.0531 1524 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:55:43.0593 1524 idsvc - ok
17:55:43.0609 1524 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:55:43.0781 1524 Imapi - ok
17:55:43.0812 1524 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:55:43.0984 1524 ImapiService - ok
17:55:44.0015 1524 ini910u - ok
17:55:44.0046 1524 IntelIde - ok
17:55:44.0078 1524 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:55:44.0250 1524 intelppm - ok
17:55:44.0281 1524 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:55:44.0453 1524 Ip6Fw - ok
17:55:44.0468 1524 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:55:44.0640 1524 IpFilterDriver - ok
17:55:44.0656 1524 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:55:44.0843 1524 IpInIp - ok
17:55:44.0859 1524 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:55:45.0031 1524 IpNat - ok
17:55:45.0046 1524 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:55:45.0234 1524 IPSec - ok
17:55:45.0250 1524 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:55:45.0328 1524 IRENUM - ok
17:55:45.0359 1524 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:55:45.0515 1524 isapnp - ok
17:55:45.0546 1524 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
17:55:45.0578 1524 JavaQuickStarterService - ok
17:55:45.0593 1524 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:55:45.0750 1524 Kbdclass - ok
17:55:45.0781 1524 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:55:45.0953 1524 kmixer - ok
17:55:45.0968 1524 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
17:55:46.0000 1524 KSecDD - ok
17:55:46.0015 1524 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:55:46.0046 1524 LanmanServer - ok
17:55:46.0078 1524 lanmanworkstation (3b9324d60dd321bab7bf6f77931d3fd1) C:\WINDOWS\System32\wkssvc.dll
17:55:46.0093 1524 lanmanworkstation - ok
17:55:46.0109 1524 lbrtfdc - ok
17:55:46.0156 1524 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:55:46.0343 1524 LmHosts - ok
17:55:46.0359 1524 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys
17:55:46.0406 1524 mbamchameleon - ok
17:55:46.0437 1524 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:55:46.0609 1524 Messenger - ok
17:55:46.0640 1524 MidiSyn (8c7d037a53b495e7c250fd70b158b581) C:\WINDOWS\system32\drivers\MidiSyn.sys
17:55:46.0656 1524 MidiSyn - ok
17:55:46.0671 1524 mmc_2K (a52ed33515755e825d090a47793b773f) C:\WINDOWS\system32\drivers\mmc_2K.sys
17:55:46.0687 1524 mmc_2K ( UnsignedFile.Multi.Generic ) - warning
17:55:46.0687 1524 mmc_2K - detected UnsignedFile.Multi.Generic (1)
17:55:46.0703 1524 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:55:46.0875 1524 mnmdd - ok
17:55:46.0890 1524 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:55:47.0062 1524 mnmsrvc - ok
17:55:47.0078 1524 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:55:47.0250 1524 Modem - ok
17:55:47.0265 1524 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:55:47.0437 1524 Mouclass - ok
17:55:47.0453 1524 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:55:47.0625 1524 mouhid - ok
17:55:47.0640 1524 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:55:47.0796 1524 MountMgr - ok
17:55:47.0828 1524 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:55:47.0859 1524 MozillaMaintenance - ok
17:55:47.0875 1524 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:55:47.0906 1524 MpFilter - ok
17:55:47.0921 1524 mraid35x - ok
17:55:47.0953 1524 MRxDAV (65e818c473e220b6ab762e1966296fd1) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:55:47.0984 1524 MRxDAV - ok
17:55:48.0015 1524 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:55:48.0046 1524 MRxSmb - ok
17:55:48.0062 1524 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:55:48.0234 1524 MSDTC - ok
17:55:48.0281 1524 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:55:48.0453 1524 Msfs - ok
17:55:48.0468 1524 MSIServer - ok
17:55:48.0484 1524 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:55:48.0656 1524 MSKSSRV - ok
17:55:48.0671 1524 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
17:55:48.0703 1524 MsMpSvc - ok
17:55:48.0718 1524 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:55:48.0875 1524 MSPCLOCK - ok
17:55:48.0890 1524 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:55:49.0046 1524 MSPQM - ok
17:55:49.0062 1524 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:55:49.0234 1524 mssmbios - ok
17:55:49.0250 1524 MSSQL$MSSMLBIZ - ok
17:55:49.0281 1524 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:55:49.0296 1524 MSSQLServerADHelper - ok
17:55:49.0328 1524 Mup (f7b1ad991491f02af6da70b00b8bf114) C:\WINDOWS\system32\drivers\Mup.sys
17:55:49.0359 1524 Mup - ok
17:55:49.0390 1524 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:55:49.0546 1524 napagent - ok
17:55:49.0578 1524 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:55:49.0734 1524 NDIS - ok
17:55:49.0750 1524 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:55:49.0781 1524 NdisTapi - ok
17:55:49.0796 1524 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:55:49.0968 1524 Ndisuio - ok
17:55:50.0000 1524 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:55:50.0156 1524 NdisWan - ok
17:55:50.0171 1524 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:55:50.0203 1524 NDProxy - ok
17:55:50.0218 1524 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:55:50.0390 1524 NetBIOS - ok
17:55:50.0421 1524 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:55:50.0562 1524 NetBT - ok
17:55:50.0593 1524 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:55:50.0765 1524 NetDDE - ok
17:55:50.0781 1524 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:55:50.0937 1524 NetDDEdsdm - ok
17:55:50.0968 1524 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:55:51.0125 1524 Netlogon - ok
17:55:51.0156 1524 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:55:51.0312 1524 Netman - ok
17:55:51.0343 1524 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe
17:55:51.0375 1524 NetTcpPortSharing - ok
17:55:51.0406 1524 Nla (290c1a30defc723bbe10910ac2d6f6d0) C:\WINDOWS\System32\mswsock.dll
17:55:51.0421 1524 Nla - ok
17:55:51.0453 1524 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files\CDBurnerXP\NMSAccessU.exe
17:55:51.0484 1524 NMSAccessU - ok
17:55:51.0500 1524 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:55:51.0671 1524 Npfs - ok
17:55:51.0703 1524 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys
17:55:51.0734 1524 Ntfs - ok
17:55:51.0750 1524 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:55:51.0921 1524 NtLmSsp - ok
17:55:51.0968 1524 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:55:52.0140 1524 NtmsSvc - ok
17:55:52.0156 1524 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:55:52.0312 1524 Null - ok
17:55:52.0562 1524 nv (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:55:52.0750 1524 nv - ok
17:55:52.0781 1524 NVSvc (934833b3cd462a6f8a96f64d024c8b20) C:\WINDOWS\system32\nvsvc32.exe
17:55:52.0812 1524 NVSvc - ok
17:55:52.0828 1524 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:55:53.0000 1524 NwlnkFlt - ok
17:55:53.0015 1524 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:55:53.0187 1524 NwlnkFwd - ok
17:55:53.0218 1524 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:55:53.0250 1524 odserv - ok
17:55:53.0281 1524 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:55:53.0296 1524 ose - ok
17:55:53.0328 1524 ossrv (3649eefa90990249267dd6c7808cbc86) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
17:55:53.0359 1524 ossrv - ok
17:55:53.0421 1524 P17xfi (230780e5ace287e0a550a523d494b3d0) C:\WINDOWS\system32\drivers\P17xfi.sys
17:55:53.0468 1524 P17xfi - ok
17:55:53.0546 1524 p17xfilt (13229088b5fac03fdf1dd72f114618b6) C:\WINDOWS\system32\drivers\p17xfilt.sys
17:55:53.0609 1524 p17xfilt - ok
17:55:53.0656 1524 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:55:53.0812 1524 Parport - ok
17:55:53.0828 1524 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:55:54.0000 1524 PartMgr - ok
17:55:54.0015 1524 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:55:54.0171 1524 ParVdm - ok
17:55:54.0203 1524 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:55:54.0375 1524 PCI - ok
17:55:54.0390 1524 PCIDump - ok
17:55:54.0406 1524 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:55:54.0578 1524 PCIIde - ok
17:55:54.0609 1524 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:55:54.0750 1524 Pcmcia - ok
17:55:54.0765 1524 PDCOMP - ok
17:55:54.0796 1524 PDFRAME - ok
17:55:54.0828 1524 PDRELI - ok
17:55:54.0859 1524 PDRFRAME - ok
17:55:54.0875 1524 perc2 - ok
17:55:54.0906 1524 perc2hib - ok
17:55:55.0000 1524 PlugPlay (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe
17:55:55.0015 1524 PlugPlay - ok
17:55:55.0031 1524 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:55:55.0203 1524 PolicyAgent - ok
17:55:55.0234 1524 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:55:55.0390 1524 PptpMiniport - ok
17:55:55.0406 1524 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:55:55.0578 1524 ProtectedStorage - ok
17:55:55.0593 1524 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:55:55.0750 1524 PSched - ok
17:55:55.0765 1524 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:55:55.0937 1524 Ptilink - ok
17:55:55.0953 1524 pwd_2k (62d29677f6a7f018c5d49119cea67de5) C:\WINDOWS\system32\drivers\pwd_2k.sys
17:55:55.0968 1524 pwd_2k ( UnsignedFile.Multi.Generic ) - warning
17:55:55.0968 1524 pwd_2k - detected UnsignedFile.Multi.Generic (1)
17:55:55.0984 1524 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:55:56.0000 1524 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
17:55:56.0000 1524 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
17:55:56.0015 1524 QBCFMonitorService (996f0d2e6ad456e12b0190660a5713a0) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
17:55:56.0031 1524 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
17:55:56.0031 1524 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
17:55:56.0046 1524 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe
17:55:56.0062 1524 QBFCService ( UnsignedFile.Multi.Generic ) - warning
17:55:56.0062 1524 QBFCService - detected UnsignedFile.Multi.Generic (1)
17:55:56.0125 1524 QBVSS (25fc19badf78b7fb1d835aac4b0b91a5) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
17:55:56.0171 1524 QBVSS ( UnsignedFile.Multi.Generic ) - warning
17:55:56.0171 1524 QBVSS - detected UnsignedFile.Multi.Generic (1)
17:55:56.0187 1524 ql1080 - ok
17:55:56.0218 1524 Ql10wnt - ok
17:55:56.0250 1524 ql12160 - ok
17:55:56.0281 1524 ql1240 - ok
17:55:56.0296 1524 ql1280 - ok
17:55:56.0328 1524 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:55:56.0484 1524 RasAcd - ok
17:55:56.0515 1524 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:55:56.0687 1524 RasAuto - ok
17:55:56.0703 1524 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:55:56.0875 1524 Rasl2tp - ok
17:55:56.0906 1524 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:55:57.0062 1524 RasMan - ok
17:55:57.0078 1524 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:55:57.0250 1524 RasPppoe - ok
17:55:57.0265 1524 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:55:57.0421 1524 Raspti - ok
17:55:57.0453 1524 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:55:57.0468 1524 Rdbss - ok
17:55:57.0484 1524 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:55:57.0656 1524 RDPCDD - ok
17:55:57.0703 1524 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:55:57.0859 1524 rdpdr - ok
17:55:57.0906 1524 RDPWD (2d293b720c206473a05950ce007db12a) C:\WINDOWS\system32\drivers\RDPWD.sys
17:55:57.0921 1524 RDPWD - ok
17:55:57.0953 1524 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:55:58.0109 1524 RDSessMgr - ok
17:55:58.0140 1524 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:55:58.0296 1524 RemoteAccess - ok
17:55:58.0312 1524 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:55:58.0484 1524 RemoteRegistry - ok
17:55:58.0500 1524 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:55:58.0671 1524 RpcLocator - ok
17:55:58.0703 1524 RpcSs (9222562d44021b988b9f9f62207fb6f2) C:\WINDOWS\system32\rpcss.dll
17:55:58.0734 1524 RpcSs - ok
17:55:58.0750 1524 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
17:55:58.0781 1524 rspndr - ok
17:55:58.0812 1524 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:55:58.0968 1524 RSVP - ok
17:55:58.0984 1524 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:55:59.0156 1524 SamSs - ok
17:55:59.0187 1524 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:55:59.0343 1524 SCardSvr - ok
17:55:59.0359 1524 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:55:59.0531 1524 Schedule - ok
17:55:59.0546 1524 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:55:59.0640 1524 Secdrv - ok
17:55:59.0656 1524 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:55:59.0812 1524 seclogon - ok
17:55:59.0859 1524 senfilt (bb596a578330ad794c6769b588af6bb4) C:\WINDOWS\system32\drivers\senfilt.sys
17:55:59.0890 1524 senfilt - ok
17:55:59.0906 1524 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:56:00.0062 1524 SENS - ok
17:56:00.0078 1524 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:56:00.0250 1524 serenum - ok
17:56:00.0281 1524 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:56:00.0437 1524 Serial - ok
17:56:00.0531 1524 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:56:00.0703 1524 Sfloppy - ok
17:56:00.0750 1524 SharedAccess (4f10a2fa76b5bd54cd68afa94e8adb39) C:\WINDOWS\System32\ipnathlp.dll
17:56:00.0781 1524 SharedAccess - ok
17:56:00.0796 1524 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:56:00.0812 1524 ShellHWDetection - ok
17:56:00.0828 1524 Simbad - ok
17:56:00.0906 1524 smwdm (1319ea66a96250d59665d133c0ff7cd0) C:\WINDOWS\system32\drivers\smwdm.sys
17:56:00.0921 1524 smwdm - ok
17:56:00.0937 1524 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
17:56:00.0953 1524 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning
17:56:00.0953 1524 SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1)
17:56:00.0968 1524 Sparrow - ok
17:56:01.0000 1524 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:56:01.0156 1524 splitter - ok
17:56:01.0171 1524 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:56:01.0203 1524 Spooler - ok
17:56:01.0234 1524 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:56:01.0250 1524 SQLBrowser - ok
17:56:01.0265 1524 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:56:01.0296 1524 SQLWriter - ok
17:56:01.0312 1524 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:56:01.0390 1524 sr - ok
17:56:01.0421 1524 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:56:01.0484 1524 srservice - ok
17:56:01.0531 1524 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
17:56:01.0546 1524 Srv - ok
17:56:01.0578 1524 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:56:01.0656 1524 SSDPSRV - ok
17:56:01.0687 1524 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:56:01.0843 1524 stisvc - ok
17:56:01.0859 1524 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:56:02.0031 1524 swenum - ok
17:56:02.0046 1524 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
Reply With Quote
  #10  
Old May 9th, 2012, 03:08 AM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
PAGE 2
17:56:02.0218 1524 swmidi - ok
17:56:02.0234 1524 SwPrv - ok
17:56:02.0250 1524 symc810 - ok
17:56:02.0281 1524 symc8xx - ok
17:56:02.0312 1524 sym_hi - ok
17:56:02.0343 1524 sym_u3 - ok
17:56:02.0375 1524 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:56:02.0531 1524 sysaudio - ok
17:56:02.0562 1524 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:56:02.0718 1524 SysmonLog - ok
17:56:02.0750 1524 TapiSrv (e2b32b10acc5d97623275aafb67e5f03) C:\WINDOWS\System32\tapisrv.dll
17:56:02.0781 1524 TapiSrv - ok
17:56:02.0812 1524 Tcpip (6772154a2185f5fb42e37a87087c2398) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:56:02.0828 1524 Tcpip ( UnsignedFile.Multi.Generic ) - warning
17:56:02.0828 1524 Tcpip - detected UnsignedFile.Multi.Generic (1)
17:56:02.0843 1524 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:56:03.0015 1524 TDPIPE - ok
17:56:03.0031 1524 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:56:03.0203 1524 TDTCP - ok
17:56:03.0218 1524 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:56:03.0390 1524 TermDD - ok
17:56:03.0421 1524 TermService (37981a741ad7b04258e87129ffe79ab9) C:\WINDOWS\System32\termsrv.dll
17:56:03.0453 1524 TermService - ok
17:56:03.0468 1524 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:56:03.0500 1524 Themes - ok
17:56:03.0515 1524 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
17:56:03.0593 1524 TlntSvr - ok
17:56:03.0609 1524 TosIde - ok
17:56:03.0640 1524 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:56:03.0796 1524 TrkWks - ok
17:56:03.0843 1524 UDFReadr (fd0b16f8828f360390135031d8924ccd) C:\WINDOWS\system32\drivers\UDFReadr.sys
17:56:03.0843 1524 UDFReadr ( UnsignedFile.Multi.Generic ) - warning
17:56:03.0843 1524 UDFReadr - detected UnsignedFile.Multi.Generic (1)
17:56:03.0875 1524 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:56:04.0031 1524 Udfs - ok
17:56:04.0046 1524 ultra - ok
17:56:04.0093 1524 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:56:04.0265 1524 Update - ok
17:56:04.0281 1524 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:56:04.0359 1524 upnphost - ok
17:56:04.0375 1524 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:56:04.0546 1524 UPS - ok
17:56:04.0562 1524 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:56:04.0734 1524 usbccgp - ok
17:56:04.0750 1524 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:56:04.0765 1524 usbehci - ok
17:56:04.0796 1524 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:56:04.0953 1524 usbhub - ok
17:56:04.0968 1524 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:56:05.0140 1524 USBSTOR - ok
17:56:05.0156 1524 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:56:05.0312 1524 usbuhci - ok
17:56:05.0328 1524 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:56:05.0500 1524 VgaSave - ok
17:56:05.0515 1524 ViaIde - ok
17:56:05.0546 1524 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:56:05.0718 1524 VolSnap - ok
17:56:05.0750 1524 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:56:05.0828 1524 VSS - ok
17:56:05.0859 1524 W32Time (9f8a0d0cbb2fa265a754516128c00e22) C:\WINDOWS\system32\w32time.dll
17:56:05.0890 1524 W32Time - ok
17:56:05.0921 1524 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:56:06.0062 1524 Wanarp - ok
17:56:06.0078 1524 WDICA - ok
17:56:06.0125 1524 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:56:06.0281 1524 wdmaud - ok
17:56:06.0296 1524 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:56:06.0468 1524 WebClient - ok
17:56:06.0531 1524 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:56:06.0687 1524 winmgmt - ok
17:56:06.0750 1524 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
17:56:06.0781 1524 WmdmPmSN - ok
17:56:06.0812 1524 Wmi (c8a6c82f90b055149925dc7526b2d78c) C:\WINDOWS\System32\advapi32.dll
17:56:06.0859 1524 Wmi - ok
17:56:06.0890 1524 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:56:07.0046 1524 WmiApSrv - ok
17:56:07.0093 1524 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:56:07.0140 1524 WMPNetworkSvc - ok
17:56:07.0187 1524 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe
17:56:07.0234 1524 WPFFontCache_v0400 - ok
17:56:07.0281 1524 wuauserv (aae1a6ffba2b0436e91795120f48c461) C:\WINDOWS\system32\wuauserv.dll
17:56:07.0312 1524 wuauserv - ok
17:56:07.0328 1524 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:56:07.0343 1524 WudfPf - ok
17:56:07.0375 1524 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:56:07.0406 1524 WudfRd - ok
17:56:07.0421 1524 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:56:07.0453 1524 WudfSvc - ok
17:56:07.0484 1524 WZCSVC (349b8d2bb755e8c3b0e3e82a87663e55) C:\WINDOWS\System32\wzcsvc.dll
17:56:07.0531 1524 WZCSVC - ok
17:56:07.0546 1524 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:56:07.0703 1524 xmlprov - ok
17:56:07.0750 1524 yukonwxp (89f8c4875e19c7081cf9c37539242ae3) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
17:56:07.0796 1524 yukonwxp - ok
17:56:07.0812 1524 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:56:08.0031 1524 \Device\Harddisk0\DR0 - ok
17:56:08.0062 1524 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
17:56:08.0828 1524 \Device\Harddisk1\DR1 - ok
17:56:08.0843 1524 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
17:56:08.0921 1524 \Device\Harddisk2\DR2 - ok
17:56:08.0968 1524 Boot (0x1200) (1c36917ff34068ed34b8c5677c159fe1) \Device\Harddisk0\DR0\Partition0
17:56:08.0968 1524 \Device\Harddisk0\DR0\Partition0 - ok
17:56:08.0984 1524 Boot (0x1200) (df94ce3469ac2d696cc1ee66a5348902) \Device\Harddisk2\DR2\Partition0
17:56:08.0984 1524 \Device\Harddisk2\DR2\Partition0 - ok
17:56:08.0984 1524 ================================================== ==========
17:56:08.0984 1524 Scan finished
17:56:08.0984 1524 ================================================== ==========
17:56:09.0125 1836 Detected object count: 18
17:56:09.0125 1836 Actual detected object count: 18
17:57:04.0468 1836 Cdr4_xp ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:04.0468 1836 Cdr4_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:04.0468 1836 Cdralw2k ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:04.0468 1836 Cdralw2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:04.0484 1836 cdudf_xp ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:04.0484 1836 cdudf_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:04.0484 1836 Cinemsup ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:04.0484 1836 Cinemsup ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:04.0500 1836 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:04.0500 1836 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:04.0515 1836 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:04.0515 1836 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:04.0531 1836 DVDVRRdr_xp ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:04.0531 1836 DVDVRRdr_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:04.0546 1836 dvd_2K ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:04.0546 1836 dvd_2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:04.0562 1836 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:04.0562 1836 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:04.0562 1836 mmc_2K ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:04.0562 1836 mmc_2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:04.0578 1836 pwd_2k ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:04.0578 1836 pwd_2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:04.0593 1836 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:04.0593 1836 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:04.0609 1836 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:04.0609 1836 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:04.0625 1836 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:04.0625 1836 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:04.0640 1836 QBVSS ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:04.0640 1836 QBVSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:04.0640 1836 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:04.0640 1836 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:04.0656 1836 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:04.0656 1836 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:04.0671 1836 UDFReadr ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:04.0671 1836 UDFReadr ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:06.0843 1584 Deinitialize success

10:34:48.0375 3004 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
10:34:48.0640 3004 ================================================== ==========
10:34:48.0640 3004 Current date / time: 2012/05/01 10:34:48.0640
10:34:48.0640 3004 SystemInfo:
10:34:48.0640 3004
10:34:48.0640 3004 OS Version: 5.1.2600 ServicePack: 3.0
10:34:48.0640 3004 Product type: Workstation
10:34:48.0640 3004 ComputerName: HOME_SYS1
10:34:48.0640 3004 UserName: Owner
10:34:48.0640 3004 Windows directory: C:\WINDOWS
10:34:48.0640 3004 System windows directory: C:\WINDOWS
10:34:48.0640 3004 Processor architecture: Intel x86
10:34:48.0640 3004 Number of processors: 2
10:34:48.0640 3004 Page size: 0x1000
10:34:48.0640 3004 Boot type: Normal boot
10:34:48.0640 3004 ================================================== ==========
10:34:50.0921 3004 Drive \Device\Harddisk0\DR0 - Size: 0x12A3980000 (74.56 Gb), SectorSize: 0x200, Cylinders: 0x2604, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:34:50.0937 3004 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:34:50.0937 3004 Drive \Device\Harddisk2\DR2 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:34:50.0937 3004 ================================================== ==========
10:34:50.0937 3004 \Device\Harddisk0\DR0:
10:34:50.0937 3004 MBR partitions:
10:34:50.0937 3004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9516204
10:34:50.0937 3004 \Device\Harddisk1\DR1:
10:34:50.0937 3004 MBR partitions:
10:34:50.0937 3004 \Device\Harddisk2\DR2:
10:34:50.0937 3004 MBR partitions:
10:34:50.0937 3004 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
10:34:50.0937 3004 ================================================== ==========
10:34:50.0937 3004 C: <-> \Device\Harddisk2\DR2\Partition0
10:34:50.0968 3004 F: <-> \Device\Harddisk0\DR0\Partition0
10:34:50.0968 3004 ================================================== ==========
10:34:50.0968 3004 Initialize success
10:34:50.0968 3004 ================================================== ==========
10:35:00.0984 3312 ================================================== ==========
10:35:00.0984 3312 Scan started
10:35:00.0984 3312 Mode: Manual; SigCheck; TDLFS;
10:35:00.0984 3312 ================================================== ==========
10:35:01.0187 3312 .redbook - ok
10:35:01.0203 3312 Abiosdsk - ok
10:35:01.0218 3312 abp480n5 - ok
10:35:01.0234 3312 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:35:01.0468 3312 ACPI - ok
10:35:01.0484 3312 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:35:01.0578 3312 ACPIEC - ok
10:35:01.0593 3312 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
10:35:01.0609 3312 AdobeFlashPlayerUpdateSvc - ok
10:35:01.0625 3312 adpu160m - ok
10:35:01.0640 3312 aeaudio (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\aeaudio.sys
10:35:01.0656 3312 aeaudio - ok
10:35:01.0671 3312 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:35:01.0781 3312 aec - ok
10:35:01.0796 3312 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
10:35:01.0812 3312 AFD - ok
10:35:01.0812 3312 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:35:01.0921 3312 agp440 - ok
10:35:01.0937 3312 Aha154x - ok
10:35:01.0937 3312 aic78u2 - ok
10:35:01.0937 3312 aic78xx - ok
10:35:01.0953 3312 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
10:35:02.0062 3312 Alerter - ok
10:35:02.0078 3312 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
10:35:02.0125 3312 ALG - ok
10:35:02.0125 3312 AliIde - ok
10:35:02.0140 3312 amsint - ok
10:35:02.0156 3312 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
10:35:02.0203 3312 AppMgmt - ok
10:35:02.0203 3312 asc - ok
10:35:02.0218 3312 asc3350p - ok
10:35:02.0218 3312 asc3550 - ok
10:35:02.0250 3312 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspn et_state.exe
10:35:02.0265 3312 aspnet_state - ok
10:35:02.0265 3312 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:35:02.0375 3312 AsyncMac - ok
10:35:02.0390 3312 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:35:02.0500 3312 atapi - ok
10:35:02.0515 3312 Atdisk - ok
10:35:02.0531 3312 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:35:02.0640 3312 Atmarpc - ok
10:35:02.0656 3312 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
10:35:02.0781 3312 AudioSrv - ok
10:35:02.0781 3312 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:35:02.0890 3312 audstub - ok
10:35:02.0906 3312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:35:03.0015 3312 Beep - ok
10:35:03.0046 3312 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
10:35:03.0171 3312 BITS - ok
10:35:03.0187 3312 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
10:35:03.0296 3312 Browser - ok
10:35:03.0312 3312 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:35:03.0421 3312 cbidf2k - ok
10:35:03.0437 3312 cd20xrnt - ok
10:35:03.0437 3312 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:35:03.0562 3312 Cdaudio - ok
10:35:03.0578 3312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:35:03.0687 3312 Cdfs - ok
10:35:03.0687 3312 Cdr4_xp (6674bb4a919220d05bd002bbf6081aaa) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
10:35:03.0703 3312 Cdr4_xp ( UnsignedFile.Multi.Generic ) - warning
10:35:03.0703 3312 Cdr4_xp - detected UnsignedFile.Multi.Generic (1)
10:35:03.0703 3312 Cdralw2k (8822a9246c20af99686e65710c7d6a5d) C:\WINDOWS\system32\drivers\Cdralw2k.sys
10:35:03.0703 3312 Cdralw2k ( UnsignedFile.Multi.Generic ) - warning
10:35:03.0703 3312 Cdralw2k - detected UnsignedFile.Multi.Generic (1)
10:35:03.0718 3312 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:35:03.0734 3312 Cdrom - ok
10:35:03.0750 3312 cdudf_xp (66b9f9c62721f2347211c0c9bcce4e98) C:\WINDOWS\system32\drivers\cdudf_xp.sys
10:35:03.0765 3312 cdudf_xp ( UnsignedFile.Multi.Generic ) - warning
10:35:03.0765 3312 cdudf_xp - detected UnsignedFile.Multi.Generic (1)
10:35:03.0765 3312 Changer - ok
10:35:03.0765 3312 Cinemsup (f6a0f51706cb4b0d5b8718ff69f831ba) C:\WINDOWS\system32\drivers\Cinemsup.sys
10:35:03.0781 3312 Cinemsup ( UnsignedFile.Multi.Generic ) - warning
10:35:03.0781 3312 Cinemsup - detected UnsignedFile.Multi.Generic (1)
10:35:03.0781 3312 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
10:35:03.0890 3312 CiSvc - ok
10:35:03.0906 3312 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
10:35:04.0031 3312 ClipSrv - ok
10:35:04.0031 3312 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
10:35:04.0046 3312 clr_optimization_v2.0.50727_32 - ok
10:35:04.0062 3312 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
10:35:04.0078 3312 clr_optimization_v4.0.30319_32 - ok
10:35:04.0078 3312 CmdIde - ok
10:35:04.0093 3312 COMSysApp - ok
10:35:04.0093 3312 Cpqarray - ok
10:35:04.0109 3312 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe
10:35:04.0109 3312 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
10:35:04.0109 3312 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
10:35:04.0125 3312 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
10:35:04.0250 3312 CryptSvc - ok
10:35:04.0265 3312 ctsfm2k (fcbb8ea6fe935d2c531d3a4dee9f985b) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
10:35:04.0281 3312 ctsfm2k - ok
10:35:04.0296 3312 CTUSFSYN (12a7b253f9128b3b68a9979827047b76) C:\WINDOWS\system32\drivers\ctusfsyn.sys
10:35:04.0312 3312 CTUSFSYN - ok
10:35:04.0312 3312 dac2w2k - ok
10:35:04.0312 3312 dac960nt - ok
10:35:04.0343 3312 DcomLaunch (9222562d44021b988b9f9f62207fb6f2) C:\WINDOWS\system32\rpcss.dll
10:35:04.0359 3312 DcomLaunch - ok
10:35:04.0375 3312 Dhcp (c51de19619d50cbd03708647aca10e70) C:\WINDOWS\System32\dhcpcsvc.dll
10:35:04.0375 3312 Dhcp - ok
10:35:04.0390 3312 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
10:35:04.0406 3312 Disk - ok
10:35:04.0406 3312 dmadmin - ok
10:35:04.0453 3312 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:35:04.0578 3312 dmboot - ok
10:35:04.0593 3312 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:35:04.0703 3312 dmio - ok
10:35:04.0718 3312 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:35:04.0828 3312 dmload - ok
10:35:04.0843 3312 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
10:35:04.0968 3312 dmserver - ok
10:35:04.0968 3312 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:35:05.0093 3312 DMusic - ok
10:35:05.0109 3312 Dnscache (d977659ae4d8ece5286d99d1ed34614d) C:\WINDOWS\System32\dnsrslvr.dll
10:35:05.0109 3312 Dnscache - ok
10:35:05.0125 3312 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
10:35:05.0250 3312 Dot3svc - ok
10:35:05.0250 3312 dpti2o - ok
10:35:05.0265 3312 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:35:05.0390 3312 drmkaud - ok
10:35:05.0390 3312 drvmcdb (7df2e645fbda7cde94fcabba7f0de4c2) C:\WINDOWS\system32\DRIVERS\drvmcdb.sys
10:35:05.0390 3312 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
10:35:05.0390 3312 drvmcdb - detected UnsignedFile.Multi.Generic (1)
10:35:05.0406 3312 DVDVRRdr_xp (1d5eda9961b16b8e800639038d7492ad) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
10:35:05.0406 3312 DVDVRRdr_xp ( UnsignedFile.Multi.Generic ) - warning
10:35:05.0406 3312 DVDVRRdr_xp - detected UnsignedFile.Multi.Generic (1)
10:35:05.0421 3312 dvd_2K (df112f6f01efedc21c9bc5ce822ce1d3) C:\WINDOWS\system32\drivers\dvd_2K.sys
10:35:05.0421 3312 dvd_2K ( UnsignedFile.Multi.Generic ) - warning
10:35:05.0421 3312 dvd_2K - detected UnsignedFile.Multi.Generic (1)
10:35:05.0437 3312 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
10:35:05.0562 3312 EapHost - ok
10:35:05.0562 3312 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
10:35:05.0687 3312 ERSvc - ok
10:35:05.0687 3312 Eventlog (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe
10:35:05.0703 3312 Eventlog - ok
10:35:05.0718 3312 EventSystem (f17f6226bdc0cd5f0bef0daf84d29bec) C:\WINDOWS\system32\es.dll
10:35:05.0734 3312 EventSystem - ok
10:35:05.0750 3312 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:35:05.0875 3312 Fastfat - ok
10:35:05.0875 3312 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:35:05.0890 3312 FastUserSwitchingCompatibility - ok
10:35:05.0906 3312 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:35:06.0031 3312 Fdc - ok
10:35:06.0031 3312 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:35:06.0156 3312 Fips - ok
10:35:06.0156 3312 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:35:06.0281 3312 Flpydisk - ok
10:35:06.0296 3312 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:35:06.0406 3312 FltMgr - ok
10:35:06.0421 3312 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
10:35:06.0437 3312 FontCache3.0.0.0 - ok
10:35:06.0437 3312 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:35:06.0562 3312 Fs_Rec - ok
10:35:06.0578 3312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:35:06.0687 3312 Ftdisk - ok
10:35:06.0687 3312 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:35:06.0828 3312 Gpc - ok
10:35:06.0828 3312 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:35:06.0953 3312 helpsvc - ok
10:35:06.0953 3312 HidServ - ok
10:35:06.0953 3312 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:35:07.0078 3312 HidUsb - ok
10:35:07.0078 3312 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
10:35:07.0203 3312 hkmsvc - ok
10:35:07.0203 3312 hpn - ok
10:35:07.0218 3312 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:35:07.0234 3312 HTTP - ok
10:35:07.0250 3312 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
10:35:07.0359 3312 HTTPFilter - ok
10:35:07.0375 3312 i2omgmt - ok
10:35:07.0375 3312 i2omp - ok
10:35:07.0390 3312 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:35:07.0515 3312 i8042prt - ok
10:35:07.0531 3312 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:35:07.0531 3312 IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:35:07.0531 3312 IDriverT - detected UnsignedFile.Multi.Generic (1)
10:35:07.0562 3312 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:35:07.0593 3312 idsvc - ok
10:35:07.0609 3312 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:35:07.0734 3312 Imapi - ok
10:35:07.0734 3312 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
10:35:07.0859 3312 ImapiService - ok
10:35:07.0859 3312 ini910u - ok
10:35:07.0875 3312 IntelIde - ok
10:35:07.0875 3312 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:35:08.0000 3312 intelppm - ok
10:35:08.0015 3312 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:35:08.0125 3312 Ip6Fw - ok
10:35:08.0140 3312 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:35:08.0265 3312 IpFilterDriver - ok
10:35:08.0265 3312 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:35:08.0390 3312 IpInIp - ok
10:35:08.0406 3312 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:35:08.0515 3312 IpNat - ok
10:35:08.0531 3312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:35:08.0656 3312 IPSec - ok
10:35:08.0656 3312 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:35:08.0703 3312 IRENUM - ok
10:35:08.0718 3312 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:35:08.0828 3312 isapnp - ok
10:35:08.0843 3312 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
10:35:08.0859 3312 JavaQuickStarterService - ok
10:35:08.0875 3312 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:35:09.0000 3312 Kbdclass - ok
10:35:09.0015 3312 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:35:09.0125 3312 kmixer - ok
10:35:09.0140 3312 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
10:35:09.0140 3312 KSecDD - ok
10:35:09.0156 3312 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
10:35:09.0171 3312 LanmanServer - ok
10:35:09.0187 3312 lanmanworkstation (3b9324d60dd321bab7bf6f77931d3fd1) C:\WINDOWS\System32\wkssvc.dll
10:35:09.0203 3312 lanmanworkstation - ok
10:35:09.0203 3312 lbrtfdc - ok
10:35:09.0218 3312 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
10:35:09.0343 3312 LmHosts - ok
10:35:09.0359 3312 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys
10:35:09.0390 3312 mbamchameleon - ok
10:35:09.0406 3312 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
10:35:09.0531 3312 Messenger - ok
10:35:09.0546 3312 MidiSyn (8c7d037a53b495e7c250fd70b158b581) C:\WINDOWS\system32\drivers\MidiSyn.sys
10:35:09.0562 3312 MidiSyn - ok
10:35:09.0562 3312 mmc_2K (a52ed33515755e825d090a47793b773f) C:\WINDOWS\system32\drivers\mmc_2K.sys
10:35:09.0578 3312 mmc_2K ( UnsignedFile.Multi.Generic ) - warning
10:35:09.0578 3312 mmc_2K - detected UnsignedFile.Multi.Generic (1)
10:35:09.0578 3312 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:35:09.0687 3312 mnmdd - ok
10:35:09.0703 3312 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
10:35:09.0828 3312 mnmsrvc - ok
10:35:09.0843 3312 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:35:09.0953 3312 Modem - ok
10:35:09.0968 3312 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:35:10.0093 3312 Mouclass - ok
10:35:10.0093 3312 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:35:10.0218 3312 mouhid - ok
10:35:10.0218 3312 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:35:10.0343 3312 MountMgr - ok
10:35:10.0359 3312 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:35:10.0375 3312 MozillaMaintenance - ok
10:35:10.0390 3312 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
10:35:10.0406 3312 MpFilter - ok
10:35:10.0406 3312 MpKsl43b015f3 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1299FC64-FCE5-4BBF-99E4-E8C4AE4F470D}\MpKsl43b015f3.sys
10:35:10.0421 3312 MpKsl43b015f3 - ok
10:35:10.0437 3312 mraid35x - ok
10:35:10.0453 3312 MRxDAV (65e818c473e220b6ab762e1966296fd1) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:35:10.0468 3312 MRxDAV - ok
10:35:10.0484 3312 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:35:10.0500 3312 MRxSmb - ok
10:35:10.0515 3312 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
10:35:10.0625 3312 MSDTC - ok
10:35:10.0640 3312 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:35:10.0765 3312 Msfs - ok
10:35:10.0781 3312 MSIServer - ok
10:35:10.0781 3312 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:35:10.0906 3312 MSKSSRV - ok
10:35:10.0906 3312 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
10:35:10.0921 3312 MsMpSvc - ok
10:35:10.0921 3312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:35:11.0062 3312 MSPCLOCK - ok
10:35:11.0062 3312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:35:11.0171 3312 MSPQM - ok
10:35:11.0187 3312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:35:11.0312 3312 mssmbios - ok
10:35:11.0312 3312 MSSQL$MSSMLBIZ - ok
10:35:11.0328 3312 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
10:35:11.0328 3312 MSSQLServerADHelper - ok
10:35:11.0343 3312 Mup (f7b1ad991491f02af6da70b00b8bf114) C:\WINDOWS\system32\drivers\Mup.sys
10:35:11.0359 3312 Mup - ok
10:35:11.0375 3312 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
10:35:11.0484 3312 napagent - ok
10:35:11.0500 3312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:35:11.0625 3312 NDIS - ok
10:35:11.0656 3312 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:35:11.0687 3312 NdisTapi - ok
10:35:11.0687 3312 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:35:11.0859 3312 Ndisuio - ok
10:35:11.0875 3312 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:35:12.0000 3312 NdisWan - ok
10:35:12.0000 3312 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:35:12.0015 3312 NDProxy - ok
10:35:12.0031 3312 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:35:12.0140 3312 NetBIOS - ok
10:35:12.0156 3312 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:35:12.0281 3312 NetBT - ok
10:35:12.0296 3312 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:35:12.0406 3312 NetDDE - ok
10:35:12.0406 3312 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:35:12.0515 3312 NetDDEdsdm - ok
10:35:12.0531 3312 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:35:12.0656 3312 Netlogon - ok
10:35:12.0671 3312 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
10:35:12.0859 3312 Netman - ok
10:35:12.0906 3312 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe
10:35:12.0937 3312 NetTcpPortSharing - ok
10:35:12.0953 3312 Nla (290c1a30defc723bbe10910ac2d6f6d0) C:\WINDOWS\System32\mswsock.dll
10:35:12.0984 3312 Nla - ok
10:35:13.0000 3312 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files\CDBurnerXP\NMSAccessU.exe
10:35:13.0015 3312 NMSAccessU - ok
10:35:13.0031 3312 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:35:13.0234 3312 Npfs - ok
10:35:13.0281 3312 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys
10:35:13.0312 3312 Ntfs - ok
10:35:13.0328 3312 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:35:13.0515 3312 NtLmSsp - ok
10:35:13.0562 3312 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
10:35:13.0734 3312 NtmsSvc - ok
10:35:13.0750 3312 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:35:13.0921 3312 Null - ok
10:35:14.0234 3312 nv (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:35:14.0484 3312 nv - ok
10:35:14.0515 3312 NVSvc (934833b3cd462a6f8a96f64d024c8b20) C:\WINDOWS\system32\nvsvc32.exe
10:35:14.0546 3312 NVSvc - ok
10:35:14.0562 3312 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:35:14.0734 3312 NwlnkFlt - ok
10:35:14.0750 3312 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:35:14.0937 3312 NwlnkFwd - ok
10:35:15.0000 3312 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:35:15.0031 3312 odserv - ok
10:35:15.0046 3312 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:35:15.0062 3312 ose - ok
10:35:15.0078 3312 ossrv (3649eefa90990249267dd6c7808cbc86) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
10:35:15.0109 3312 ossrv - ok
10:35:15.0156 3312 P17xfi (230780e5ace287e0a550a523d494b3d0) C:\WINDOWS\system32\drivers\P17xfi.sys
10:35:15.0218 3312 P17xfi - ok
10:35:15.0296 3312 p17xfilt (13229088b5fac03fdf1dd72f114618b6) C:\WINDOWS\system32\drivers\p17xfilt.sys
10:35:15.0343 3312 p17xfilt - ok
10:35:15.0375 3312 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:35:15.0484 3312 Parport - ok
10:35:15.0484 3312 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:35:15.0609 3312 PartMgr - ok
10:35:15.0609 3312 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:35:15.0718 3312 ParVdm - ok
10:35:15.0734 3312 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:35:15.0843 3312 PCI - ok
10:35:15.0843 3312 PCIDump - ok
10:35:15.0859 3312 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:35:15.0968 3312 PCIIde - ok
10:35:15.0984 3312 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:35:16.0093 3312 Pcmcia - ok
10:35:16.0093 3312 PDCOMP - ok
10:35:16.0109 3312 PDFRAME - ok
10:35:16.0109 3312 PDRELI - ok
10:35:16.0109 3312 PDRFRAME - ok
10:35:16.0125 3312 perc2 - ok
10:35:16.0125 3312 perc2hib - ok
10:35:16.0140 3312 PlugPlay (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe
10:35:16.0156 3312 PlugPlay - ok
10:35:16.0171 3312 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:35:16.0312 3312 PolicyAgent - ok
10:35:16.0328 3312 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:35:16.0453 3312 PptpMiniport - ok
10:35:16.0453 3312 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:35:16.0593 3312 ProtectedStorage - ok
10:35:16.0609 3312 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:35:16.0734 3312 PSched - ok
10:35:16.0734 3312 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:35:16.0875 3312 Ptilink - ok
10:35:16.0875 3312 pwd_2k (62d29677f6a7f018c5d49119cea67de5) C:\WINDOWS\system32\drivers\pwd_2k.sys
10:35:16.0890 3312 pwd_2k ( UnsignedFile.Multi.Generic ) - warning
10:35:16.0890 3312 pwd_2k - detected UnsignedFile.Multi.Generic (1)
10:35:16.0890 3312 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:35:16.0906 3312 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
10:35:16.0906 3312 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
10:35:16.0906 3312 QBCFMonitorService (996f0d2e6ad456e12b0190660a5713a0) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
10:35:16.0921 3312 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
10:35:16.0921 3312 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
10:35:16.0921 3312 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe
10:35:16.0937 3312 QBFCService ( UnsignedFile.Multi.Generic ) - warning
10:35:16.0937 3312 QBFCService - detected UnsignedFile.Multi.Generic (1)
10:35:16.0984 3312 QBVSS (25fc19badf78b7fb1d835aac4b0b91a5) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
10:35:17.0015 3312 QBVSS ( UnsignedFile.Multi.Generic ) - warning
10:35:17.0015 3312 QBVSS - detected UnsignedFile.Multi.Generic (1)
10:35:17.0031 3312 ql1080 - ok
10:35:17.0031 3312 Ql10wnt - ok
10:35:17.0046 3312 ql12160 - ok
10:35:17.0046 3312 ql1240 - ok
10:35:17.0062 3312 ql1280 - ok
10:35:17.0062 3312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:35:17.0171 3312 RasAcd - ok
10:35:17.0187 3312 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
10:35:17.0296 3312 RasAuto - ok
10:35:17.0312 3312 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:35:17.0421 3312 Rasl2tp - ok
10:35:17.0437 3312 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
10:35:17.0546 3312 RasMan - ok
10:35:17.0562 3312 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:35:17.0671 3312 RasPppoe - ok
10:35:17.0687 3312 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:35:17.0796 3312 Raspti - ok
10:35:17.0796 3312 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:35:17.0812 3312 Rdbss - ok
10:35:17.0828 3312 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:35:17.0921 3312 RDPCDD - ok
10:35:17.0953 3312 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:35:18.0062 3312 rdpdr - ok
10:35:18.0062 3312 RDPWD (2d293b720c206473a05950ce007db12a) C:\WINDOWS\system32\drivers\RDPWD.sys
10:35:18.0078 3312 RDPWD - ok
10:35:18.0109 3312 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:35:18.0218 3312 RDSessMgr - ok
10:35:18.0218 3312 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
10:35:18.0359 3312 RemoteAccess - ok
10:35:18.0375 3312 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
10:35:18.0484 3312 RemoteRegistry - ok
10:35:18.0500 3312 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
10:35:18.0609 3312 RpcLocator - ok
10:35:18.0625 3312 RpcSs (9222562d44021b988b9f9f62207fb6f2) C:\WINDOWS\system32\rpcss.dll
10:35:18.0640 3312 RpcSs - ok
10:35:18.0656 3312 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
10:35:18.0671 3312 rspndr - ok
10:35:18.0687 3312 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
10:35:18.0796 3312 RSVP - ok
10:35:18.0812 3312 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:35:18.0921 3312 SamSs - ok
10:35:18.0937 3312 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
10:35:19.0046 3312 SCardSvr - ok
10:35:19.0062 3312 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
10:35:19.0187 3312 Schedule - ok
10:35:19.0187 3312 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:35:19.0265 3312 Secdrv - ok
10:35:19.0265 3312 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
10:35:19.0390 3312 seclogon - ok
10:35:19.0406 3312 senfilt (bb596a578330ad794c6769b588af6bb4) C:\WINDOWS\system32\drivers\senfilt.sys
10:35:19.0437 3312 senfilt - ok
10:35:19.0437 3312 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
10:35:19.0562 3312 SENS - ok
10:35:19.0562 3312 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:35:19.0671 3312 serenum - ok
10:35:19.0687 3312 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:35:19.0796 3312 Serial - ok
10:35:19.0828 3312 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:35:19.0937 3312 Sfloppy - ok
10:35:19.0953 3312 SharedAccess (4f10a2fa76b5bd54cd68afa94e8adb39) C:\WINDOWS\System32\ipnathlp.dll
10:35:19.0968 3312 SharedAccess - ok
10:35:19.0984 3312 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:35:20.0000 3312 ShellHWDetection - ok
10:35:20.0015 3312 Simbad - ok
10:35:20.0031 3312 smwdm (1319ea66a96250d59665d133c0ff7cd0) C:\WINDOWS\system32\drivers\smwdm.sys
10:35:20.0046 3312 smwdm - ok
Reply With Quote
  #11  
Old May 9th, 2012, 03:10 AM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
PAGE 3
10:35:20.0046 3312 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
10:35:20.0062 3312 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning
10:35:20.0062 3312 SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1)
10:35:20.0062 3312 Sparrow - ok
10:35:20.0078 3312 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:35:20.0187 3312 splitter - ok
10:35:20.0203 3312 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:35:20.0218 3312 Spooler - ok
10:35:20.0234 3312 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
10:35:20.0250 3312 SQLBrowser - ok
10:35:20.0265 3312 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:35:20.0281 3312 SQLWriter - ok
10:35:20.0281 3312 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:35:20.0343 3312 sr - ok
10:35:20.0359 3312 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
10:35:20.0406 3312 srservice - ok
10:35:20.0421 3312 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
10:35:20.0437 3312 Srv - ok
10:35:20.0453 3312 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
10:35:20.0515 3312 SSDPSRV - ok
10:35:20.0531 3312 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
10:35:20.0640 3312 stisvc - ok
10:35:20.0640 3312 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:35:20.0765 3312 swenum - ok
10:35:20.0765 3312 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:35:20.0875 3312 swmidi - ok
10:35:20.0890 3312 SwPrv - ok
10:35:20.0890 3312 symc810 - ok
10:35:20.0890 3312 symc8xx - ok
10:35:20.0906 3312 sym_hi - ok
10:35:20.0906 3312 sym_u3 - ok
10:35:20.0921 3312 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:35:21.0031 3312 sysaudio - ok
10:35:21.0046 3312 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
10:35:21.0171 3312 SysmonLog - ok
10:35:21.0171 3312 TapiSrv (e2b32b10acc5d97623275aafb67e5f03) C:\WINDOWS\System32\tapisrv.dll
10:35:21.0203 3312 TapiSrv - ok
10:35:21.0218 3312 Tcpip (6772154a2185f5fb42e37a87087c2398) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:35:21.0234 3312 Tcpip ( UnsignedFile.Multi.Generic ) - warning
10:35:21.0234 3312 Tcpip - detected UnsignedFile.Multi.Generic (1)
10:35:21.0234 3312 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:35:21.0343 3312 TDPIPE - ok
10:35:21.0359 3312 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:35:21.0468 3312 TDTCP - ok
10:35:21.0468 3312 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:35:21.0578 3312 TermDD - ok
10:35:21.0609 3312 TermService (37981a741ad7b04258e87129ffe79ab9) C:\WINDOWS\System32\termsrv.dll
10:35:21.0625 3312 TermService - ok
10:35:21.0625 3312 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:35:21.0640 3312 Themes - ok
10:35:21.0671 3312 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
10:35:21.0734 3312 TlntSvr - ok
10:35:21.0734 3312 TosIde - ok
10:35:21.0750 3312 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
10:35:21.0859 3312 TrkWks - ok
10:35:21.0875 3312 UDFReadr (fd0b16f8828f360390135031d8924ccd) C:\WINDOWS\system32\drivers\UDFReadr.sys
10:35:21.0890 3312 UDFReadr ( UnsignedFile.Multi.Generic ) - warning
10:35:21.0890 3312 UDFReadr - detected UnsignedFile.Multi.Generic (1)
10:35:21.0906 3312 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:35:22.0015 3312 Udfs - ok
10:35:22.0015 3312 ultra - ok
10:35:22.0031 3312 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:35:22.0140 3312 Update - ok
10:35:22.0156 3312 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
10:35:22.0218 3312 upnphost - ok
10:35:22.0218 3312 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
10:35:22.0328 3312 UPS - ok
10:35:22.0343 3312 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:35:22.0453 3312 usbccgp - ok
10:35:22.0453 3312 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:35:22.0468 3312 usbehci - ok
10:35:22.0484 3312 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:35:22.0593 3312 usbhub - ok
10:35:22.0593 3312 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:35:22.0718 3312 USBSTOR - ok
10:35:22.0718 3312 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:35:22.0828 3312 usbuhci - ok
10:35:22.0843 3312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:35:22.0953 3312 VgaSave - ok
10:35:22.0953 3312 ViaIde - ok
10:35:22.0968 3312 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:35:23.0062 3312 VolSnap - ok
10:35:23.0093 3312 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
10:35:23.0140 3312 VSS - ok
10:35:23.0156 3312 W32Time (9f8a0d0cbb2fa265a754516128c00e22) C:\WINDOWS\system32\w32time.dll
10:35:23.0171 3312 W32Time - ok
10:35:23.0187 3312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:35:23.0296 3312 Wanarp - ok
10:35:23.0296 3312 WDICA - ok
10:35:23.0312 3312 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:35:23.0421 3312 wdmaud - ok
10:35:23.0437 3312 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
10:35:23.0546 3312 WebClient - ok
10:35:23.0578 3312 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:35:23.0687 3312 winmgmt - ok
10:35:23.0703 3312 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
10:35:23.0718 3312 WmdmPmSN - ok
10:35:23.0750 3312 Wmi (c8a6c82f90b055149925dc7526b2d78c) C:\WINDOWS\System32\advapi32.dll
10:35:23.0765 3312 Wmi - ok
10:35:23.0781 3312 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:35:23.0890 3312 WmiApSrv - ok
10:35:23.0921 3312 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
10:35:23.0953 3312 WMPNetworkSvc - ok
10:35:23.0984 3312 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe
10:35:24.0015 3312 WPFFontCache_v0400 - ok
10:35:24.0031 3312 wuauserv (aae1a6ffba2b0436e91795120f48c461) C:\WINDOWS\system32\wuauserv.dll
10:35:24.0046 3312 wuauserv - ok
10:35:24.0062 3312 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:35:24.0078 3312 WudfPf - ok
10:35:24.0093 3312 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:35:24.0109 3312 WudfRd - ok
10:35:24.0125 3312 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
10:35:24.0140 3312 WudfSvc - ok
10:35:24.0156 3312 WZCSVC (349b8d2bb755e8c3b0e3e82a87663e55) C:\WINDOWS\System32\wzcsvc.dll
10:35:24.0187 3312 WZCSVC - ok
10:35:24.0203 3312 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
10:35:24.0328 3312 xmlprov - ok
10:35:24.0359 3312 yukonwxp (89f8c4875e19c7081cf9c37539242ae3) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
10:35:24.0390 3312 yukonwxp - ok
10:35:24.0390 3312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:35:24.0593 3312 \Device\Harddisk0\DR0 - ok
10:35:24.0593 3312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
10:35:24.0765 3312 \Device\Harddisk1\DR1 - ok
10:35:24.0765 3312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
10:35:24.0828 3312 \Device\Harddisk2\DR2 - ok
10:35:24.0859 3312 Boot (0x1200) (1c36917ff34068ed34b8c5677c159fe1) \Device\Harddisk0\DR0\Partition0
10:35:24.0859 3312 \Device\Harddisk0\DR0\Partition0 - ok
10:35:24.0859 3312 Boot (0x1200) (df94ce3469ac2d696cc1ee66a5348902) \Device\Harddisk2\DR2\Partition0
10:35:24.0859 3312 \Device\Harddisk2\DR2\Partition0 - ok
10:35:24.0859 3312 ================================================== ==========
10:35:24.0859 3312 Scan finished
10:35:24.0859 3312 ================================================== ==========
10:35:24.0968 2664 Detected object count: 18
10:35:24.0968 2664 Actual detected object count: 18
10:36:18.0703 2664 C:\WINDOWS\system32\drivers\Cdr4_xp.sys - copied to quarantine
10:36:18.0734 2664 HKLM\SYSTEM\ControlSet001\services\Cdr4_xp - will be deleted on reboot
10:36:18.0734 2664 HKLM\SYSTEM\ControlSet002\services\Cdr4_xp - will be deleted on reboot
10:36:18.0734 2664 C:\WINDOWS\system32\drivers\Cdr4_xp.sys - will be deleted on reboot
10:36:18.0734 2664 Cdr4_xp ( UnsignedFile.Multi.Generic ) - User select action: Delete
10:36:18.0750 2664 C:\WINDOWS\system32\drivers\Cdralw2k.sys - copied to quarantine
10:36:18.0781 2664 HKLM\SYSTEM\ControlSet001\services\Cdralw2k - will be deleted on reboot
10:36:18.0781 2664 HKLM\SYSTEM\ControlSet002\services\Cdralw2k - will be deleted on reboot
10:36:18.0781 2664 C:\WINDOWS\system32\drivers\Cdralw2k.sys - will be deleted on reboot
10:36:18.0781 2664 Cdralw2k ( UnsignedFile.Multi.Generic ) - User select action: Delete
10:36:18.0796 2664 C:\WINDOWS\system32\drivers\cdudf_xp.sys - copied to quarantine
10:36:18.0859 2664 HKLM\SYSTEM\ControlSet001\services\cdudf_xp - will be deleted on reboot
10:36:18.0859 2664 HKLM\SYSTEM\ControlSet002\services\cdudf_xp - will be deleted on reboot
10:36:18.0859 2664 C:\WINDOWS\system32\drivers\cdudf_xp.sys - will be deleted on reboot
10:36:18.0859 2664 cdudf_xp ( UnsignedFile.Multi.Generic ) - User select action: Delete
10:36:18.0875 2664 C:\WINDOWS\system32\drivers\Cinemsup.sys - copied to quarantine
10:36:18.0875 2664 HKLM\SYSTEM\ControlSet001\services\Cinemsup - will be deleted on reboot
10:36:18.0875 2664 HKLM\SYSTEM\ControlSet002\services\Cinemsup - will be deleted on reboot
10:36:18.0890 2664 C:\WINDOWS\system32\drivers\Cinemsup.sys - will be deleted on reboot
10:36:18.0890 2664 Cinemsup ( UnsignedFile.Multi.Generic ) - User select action: Delete
10:36:18.0890 2664 C:\WINDOWS\system32\CTsvcCDA.exe - copied to quarantine
10:36:20.0109 2664 HKLM\SYSTEM\ControlSet001\services\Creative Service for CDROM Access - will be deleted on reboot
10:36:20.0109 2664 HKLM\SYSTEM\ControlSet002\services\Creative Service for CDROM Access - will be deleted on reboot
10:36:20.0125 2664 C:\WINDOWS\system32\CTsvcCDA.exe - will be deleted on reboot
10:36:20.0125 2664 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Delete
10:36:20.0125 2664 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:20.0125 2664 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:20.0125 2664 DVDVRRdr_xp ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:20.0125 2664 DVDVRRdr_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:20.0125 2664 dvd_2K ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:20.0125 2664 dvd_2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:20.0125 2664 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:20.0125 2664 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:20.0125 2664 mmc_2K ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:20.0125 2664 mmc_2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:20.0125 2664 pwd_2k ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:20.0125 2664 pwd_2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:20.0140 2664 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:20.0140 2664 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:20.0140 2664 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:20.0140 2664 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:20.0140 2664 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:20.0140 2664 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:20.0140 2664 QBVSS ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:20.0140 2664 QBVSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:20.0140 2664 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:20.0140 2664 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:20.0140 2664 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:20.0140 2664 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:20.0156 2664 UDFReadr ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:20.0156 2664 UDFReadr ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:05:06.0203 3128 Deinitialize success

Combofix.txt dated 5.5.12

ComboFix 12-05-01.02 - Owner 05/05/2012 13:35:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1584 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-05 17:32 . 2012-05-05 17:32 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA5B6454-4E5C-4279-8A2F-EBDF362CDAEF}\offreg.dll
2012-05-05 17:32 . 2012-05-05 17:32 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA5B6454-4E5C-4279-8A2F-EBDF362CDAEF}\MpKslf1e8cd4d.sys
2012-05-04 19:08 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA5B6454-4E5C-4279-8A2F-EBDF362CDAEF}\mpengine.dll
2012-05-02 00:23 . 2012-05-02 00:23 -------- d-----w- c:\program files\ESET
2012-05-01 23:44 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-01 23:42 . 2012-05-01 23:42 -------- d-----w- c:\windows\system32\LogFiles
2012-05-01 18:58 . 2012-05-01 19:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FixItCenter
2012-05-01 18:57 . 2012-05-01 18:59 -------- d-----w- c:\windows\MATS
2012-05-01 18:57 . 2012-05-01 18:59 -------- d-----w- c:\program files\Microsoft Fix it Center
2012-05-01 18:45 . 2008-04-14 08:10 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2012-05-01 18:45 . 2008-04-14 08:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-05-01 18:34 . 2012-05-01 18:34 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2012-05-01 15:25 . 2012-05-01 15:25 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-01 14:25 . 2012-05-01 14:25 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-01 09:06 . 2012-05-01 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2012-05-01 09:06 . 2012-05-01 09:06 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF8667 3C38D9F48.exe
2012-05-01 09:06 . 2012-05-01 09:06 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673 C38D9F48.exe
2012-05-01 09:06 . 2012-05-01 09:06 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-05-01 09:06 . 2012-05-01 09:06 -------- d-----w- c:\program files\Sophos
2012-05-01 08:55 . 2012-05-01 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-05-01 08:55 . 2012-05-01 08:55 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp
2012-04-30 23:26 . 2012-05-01 15:25 -------- d-----w- c:\documents and settings\Administrator
2012-04-30 04:01 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-30 04:01 . 2012-04-30 04:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-30 00:42 . 2012-04-30 00:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-04-30 00:16 . 2012-04-30 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-30 00:15 . 2012-04-30 02:46 32072 ----a-w- c:\windows\system32\drivers\48230029.sys
2012-04-30 00:06 . 2012-04-30 00:06 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-04-29 23:23 . 2012-05-01 13:58 -------- d-----w- c:\program files\Common Files\SQLDMO
2012-04-29 23:23 . 2012-05-01 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E
2012-04-26 11:10 . 2012-04-26 11:10 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-25 02:43 . 2012-04-25 02:43 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 02:43 . 2012-04-25 02:43 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 02:43 . 2012-04-25 02:43 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-04-26 11:10 . 2011-10-14 21:47 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-21 00:44 . 2011-04-18 17:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 10:58 . 2009-07-15 19:27 919552 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:58 . 2009-07-15 19:27 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:58 . 2009-07-15 19:26 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:08 . 2009-07-15 18:41 178176 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:08 . 2008-04-14 09:41 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:30 . 2009-07-15 19:26 385024 ----a-w- c:\windows\system32\html.iec
2012-02-23 14:18 . 2011-08-08 15:46 237072 ------w- c:\windows\system32\MpSigStub.exe
2003-08-27 18:19 . 2011-09-20 22:21 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2012-04-25 02:43 . 2011-09-01 12:50 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-15 . 6772154A2185F5FB42E37A87087C2398 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2009-07-15 . F5BFB044C04A155878BAD2C136943E73 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-05-01_23.42.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-05 17:04 . 2012-05-05 17:04 16384 c:\windows\Temp\Perflib_Perfdata_54c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-05-03 86016]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880]
"P17Helper"="SPIRun.dll" [2006-07-03 10752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-08-20 1874264]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-07-15 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-10-13 5904216]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-10-13 1175912]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2008\QBW32.EXE [2011-10-13 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
.
R1 MpKslf1e8cd4d;MpKslf1e8cd4d;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA5B6454-4E5C-4279-8A2F-EBDF362CDAEF}\MpKslf1e8cd4d.sys [5/5/2012 01:32 PM 29904]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [8/19/2011 09:31 PM 1248256]
S0 07092760;07092760;c:\windows\system32\drivers\3095 8625.sys --> c:\windows\system32\drivers\30958625.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [3/18/2010 01:16 PM 130384]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\dr ivers\mbamchameleon.sys [4/29/2012 08:06 PM 32072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [3/18/2010 01:16 PM 753504]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPl ayerUpdateService.exe [4/26/2012 07:10 AM 253088]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 10:43 PM 129976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLF1E8CD4D
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\cs4pkzgg.default\
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-05 13:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2688)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2012-05-05 13:40:07
ComboFix-quarantined-files.txt 2012-05-05 17:40
ComboFix2.txt 2012-05-01 23:43
.
Pre-Run: 57,353,351,168 bytes free
Post-Run: 57,357,312,000 bytes free
.
- - End Of File - - 2F05642E97F4E3EB14F2ED17FC074FEF

Add-remove Programs.txt
ComboFix 12-05-01.02 - Owner 05/05/2012 13:35:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1584 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-05 17:32 . 2012-05-05 17:32 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA5B6454-4E5C-4279-8A2F-EBDF362CDAEF}\offreg.dll
2012-05-05 17:32 . 2012-05-05 17:32 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA5B6454-4E5C-4279-8A2F-EBDF362CDAEF}\MpKslf1e8cd4d.sys
2012-05-04 19:08 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA5B6454-4E5C-4279-8A2F-EBDF362CDAEF}\mpengine.dll
2012-05-02 00:23 . 2012-05-02 00:23 -------- d-----w- c:\program files\ESET
2012-05-01 23:44 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-01 23:42 . 2012-05-01 23:42 -------- d-----w- c:\windows\system32\LogFiles
2012-05-01 18:58 . 2012-05-01 19:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FixItCenter
2012-05-01 18:57 . 2012-05-01 18:59 -------- d-----w- c:\windows\MATS
2012-05-01 18:57 . 2012-05-01 18:59 -------- d-----w- c:\program files\Microsoft Fix it Center
2012-05-01 18:45 . 2008-04-14 08:10 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2012-05-01 18:45 . 2008-04-14 08:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-05-01 18:34 . 2012-05-01 18:34 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2012-05-01 15:25 . 2012-05-01 15:25 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-01 14:25 . 2012-05-01 14:25 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-01 09:06 . 2012-05-01 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2012-05-01 09:06 . 2012-05-01 09:06 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF8667 3C38D9F48.exe
2012-05-01 09:06 . 2012-05-01 09:06 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673 C38D9F48.exe
2012-05-01 09:06 . 2012-05-01 09:06 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-05-01 09:06 . 2012-05-01 09:06 -------- d-----w- c:\program files\Sophos
2012-05-01 08:55 . 2012-05-01 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-05-01 08:55 . 2012-05-01 08:55 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp
2012-04-30 23:26 . 2012-05-01 15:25 -------- d-----w- c:\documents and settings\Administrator
2012-04-30 04:01 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-30 04:01 . 2012-04-30 04:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-30 00:42 . 2012-04-30 00:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-04-30 00:16 . 2012-04-30 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-30 00:15 . 2012-04-30 02:46 32072 ----a-w- c:\windows\system32\drivers\48230029.sys
2012-04-30 00:06 . 2012-04-30 00:06 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-04-29 23:23 . 2012-05-01 13:58 -------- d-----w- c:\program files\Common Files\SQLDMO
2012-04-29 23:23 . 2012-05-01 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E
2012-04-26 11:10 . 2012-04-26 11:10 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-25 02:43 . 2012-04-25 02:43 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 02:43 . 2012-04-25 02:43 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 02:43 . 2012-04-25 02:43 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-04-26 11:10 . 2011-10-14 21:47 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-21 00:44 . 2011-04-18 17:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 10:58 . 2009-07-15 19:27 919552 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:58 . 2009-07-15 19:27 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:58 . 2009-07-15 19:26 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:08 . 2009-07-15 18:41 178176 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:08 . 2008-04-14 09:41 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:30 . 2009-07-15 19:26 385024 ----a-w- c:\windows\system32\html.iec
2012-02-23 14:18 . 2011-08-08 15:46 237072 ------w- c:\windows\system32\MpSigStub.exe
2003-08-27 18:19 . 2011-09-20 22:21 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2012-04-25 02:43 . 2011-09-01 12:50 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-15 . 6772154A2185F5FB42E37A87087C2398 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2009-07-15 . F5BFB044C04A155878BAD2C136943E73 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-05-01_23.42.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-05 17:04 . 2012-05-05 17:04 16384 c:\windows\Temp\Perflib_Perfdata_54c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-05-03 86016]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880]
"P17Helper"="SPIRun.dll" [2006-07-03 10752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-08-20 1874264]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-07-15 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-10-13 5904216]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-10-13 1175912]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2008\QBW32.EXE [2011-10-13 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
.
R1 MpKslf1e8cd4d;MpKslf1e8cd4d;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA5B6454-4E5C-4279-8A2F-EBDF362CDAEF}\MpKslf1e8cd4d.sys [5/5/2012 01:32 PM 29904]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [8/19/2011 09:31 PM 1248256]
S0 07092760;07092760;c:\windows\system32\drivers\3095 8625.sys --> c:\windows\system32\drivers\30958625.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [3/18/2010 01:16 PM 130384]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\dr ivers\mbamchameleon.sys [4/29/2012 08:06 PM 32072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [3/18/2010 01:16 PM 753504]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPl ayerUpdateService.exe [4/26/2012 07:10 AM 253088]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 10:43 PM 129976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLF1E8CD4D
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\cs4pkzgg.default\
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-05 13:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2688)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2012-05-05 13:40:07
ComboFix-quarantined-files.txt 2012-05-05 17:40
ComboFix2.txt 2012-05-01 23:43
.
Pre-Run: 57,353,351,168 bytes free
Post-Run: 57,357,312,000 bytes free
.
- - End Of File - - 2F05642E97F4E3EB14F2ED17FC074FEF

Combofix Quarantined Files.txt

2012-05-01 23:43:05 . 2012-05-01 23:43:05 550 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WinDefend.reg.dat
2012-05-01 23:43:05 . 2012-05-01 23:43:05 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-07092760.sys.reg.dat
2012-05-01 23:40:47 . 2012-05-01 23:40:47 218 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB13985 $\_793881458_.zip
2012-05-01 23:39:59 . 2012-05-01 23:39:59 340 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_.red book.reg.dat
2012-05-01 23:39:54 . 2012-05-05 17:37:30 4,675 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-05-01 23:32:27 . 2012-05-05 17:34:40 805 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-08-08 16:13:13 . 2006-04-20 09:32:16 663,675 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp68.tmp. vir

Combofix2.txt
ComboFix 12-05-01.02 - Owner 05/01/2012 19:38:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1681 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\$NtUninstallKB13985$
c:\windows\$NtUninstallKB13985$\793881458
c:\windows\system32\tmp68.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.redbook
.
.
((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))
.
.
2012-05-01 18:58 . 2012-05-01 19:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FixItCenter
2012-05-01 18:57 . 2012-05-01 18:59 -------- d-----w- c:\windows\MATS
2012-05-01 18:57 . 2012-05-01 18:59 -------- d-----w- c:\program files\Microsoft Fix it Center
2012-05-01 18:45 . 2008-04-14 08:10 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2012-05-01 18:45 . 2008-04-14 08:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-05-01 18:34 . 2012-05-01 18:34 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2012-05-01 18:12 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{930824C7-B067-4E31-94F2-B1BB0E6A6E56}\mpengine.dll
2012-05-01 15:25 . 2012-05-01 15:25 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-01 14:25 . 2012-05-01 14:25 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-01 09:06 . 2012-05-01 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2012-05-01 09:06 . 2012-05-01 09:06 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF8667 3C38D9F48.exe
2012-05-01 09:06 . 2012-05-01 09:06 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673 C38D9F48.exe
2012-05-01 09:06 . 2012-05-01 09:06 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-05-01 09:06 . 2012-05-01 09:06 -------- d-----w- c:\program files\Sophos
2012-05-01 08:59 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-01 08:55 . 2012-05-01 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-05-01 08:55 . 2012-05-01 08:55 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp
2012-04-30 23:26 . 2012-05-01 15:25 -------- d-----w- c:\documents and settings\Administrator
2012-04-30 04:01 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-30 04:01 . 2012-04-30 04:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-30 00:42 . 2012-04-30 00:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-04-30 00:16 . 2012-04-30 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-30 00:15 . 2012-04-30 02:46 32072 ----a-w- c:\windows\system32\drivers\48230029.sys
2012-04-30 00:06 . 2012-04-30 00:06 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-04-29 23:23 . 2012-05-01 13:58 -------- d-----w- c:\program files\Common Files\SQLDMO
2012-04-29 23:23 . 2012-05-01 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E
2012-04-26 11:10 . 2012-04-26 11:10 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-25 02:43 . 2012-04-25 02:43 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 02:43 . 2012-04-25 02:43 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 02:43 . 2012-04-25 02:43 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
Reply With Quote
  #12  
Old May 9th, 2012, 03:11 AM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-04-26 11:10 . 2011-10-14 21:47 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-21 00:44 . 2011-04-18 17:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 10:58 . 2009-07-15 19:27 919552 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:58 . 2009-07-15 19:27 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:58 . 2009-07-15 19:26 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:08 . 2009-07-15 18:41 178176 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:08 . 2008-04-14 09:41 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:30 . 2009-07-15 19:26 385024 ----a-w- c:\windows\system32\html.iec
2012-02-23 14:18 . 2011-08-08 15:46 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-03 09:26 . 2009-07-15 18:41 1869184 ----a-w- c:\windows\system32\win32k.sys
2003-08-27 18:19 . 2011-09-20 22:21 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2012-04-25 02:43 . 2011-09-01 12:50 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-15 . 6772154A2185F5FB42E37A87087C2398 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2009-07-15 . F5BFB044C04A155878BAD2C136943E73 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-05-03 86016]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880]
"P17Helper"="SPIRun.dll" [2006-07-03 10752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-08-20 1874264]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-07-15 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-10-13 5904216]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-10-13 1175912]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2008\QBW32.EXE [2011-10-13 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
.
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [8/19/2011 09:31 PM 1248256]
S0 07092760;07092760;c:\windows\system32\drivers\3095 8625.sys --> c:\windows\system32\drivers\30958625.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [3/18/2010 01:16 PM 130384]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\dr ivers\mbamchameleon.sys [4/29/2012 08:06 PM 32072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [3/18/2010 01:16 PM 753504]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPl ayerUpdateService.exe [4/26/2012 07:10 AM 253088]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 10:43 PM 129976]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-01 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\cs4pkzgg.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-07092760.sys
SafeBoot-WinDefend
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-01 19:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?
.
scanning hidden files ...
.
.
c:\windows\system32\LogFiles
.
scan completed successfully
hidden files: 1
.
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1224)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\Rundll32.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2012-05-01 19:43:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-01 23:43
.
Pre-Run: 57,525,841,920 bytes free
Post-Run: 57,527,603,200 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 1148BD195E97C6E8616149
Reply With Quote
  #13  
Old May 10th, 2012, 03:21 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Thanks for the info.

Since the reports are a few days old, please do the following:

Please do the following:

Remove the previous ComboFix file, and download an updated version of ComboFix

Save ComboFix.exe to the Desktop!!

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications. They may interfere with the running of CF.
Note: For information on how to disable protective programs, refer to this link

XP: Double-click on ComboFix.exe to run the program.

When given the option, DO install the Recovery Console . This program comes in very handy if problems arise, or you cannot boot.

Click on Yes, to continue scanning for malware.
When finished, CF produces a report.

Please provide a copy of the C:\ComboFix.txt in your reply.


Notes:
1. Do not mouse-click the ComboFix window while it is running.
This action may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.




Also, remove the previous TDSSKiller file, and download the latest version of: TDSSKiller.exe
Save to the Desktop.

Execute the downloaded file:
XP: Double-click the file to run the program

In the TDSSKiller Scan prompt, click on: Change parameters
Check the box besides: Detect TDLFS file system
Click: OK

Press the button: Start Scan

The tool scans and detects two object types:
Malicious (where the malware has been identified)
Suspicious (where the malware cannot be identified)

When the scan is over, the tool outputs a list of detected objects (Malicious or Suspicious) with their description.

It automatically selects an action (Cure or Delete) for Malicious objects. Leave the setting as it is.

It also prompts the User to select an action to apply to Suspicious objects (Skip, by default).
Leave the setting as it is.

After clicking 'Next/Continue', the tool applies the selected actions.


A Reboot Required prompt may appear after a disinfection.
Please reboot!!


By default, the tool outputs its log to the system disk root folder (the disk with the Windows operating system,
normally C:\).

Logs have a name like:
C:\TDSSKiller.2.4.7_10.05.2012_15.31.43_log.txt

Please post the TDSSKiller log in your reply.

Also need to know whether TDSSKiller needed a reboot.
Reply With Quote
  #14  
Old May 10th, 2012, 12:06 PM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
Hi Aaflac
Combofix.txt report below
ComboFix 12-05-10.02 - Owner 05/10/2012 6:50.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1555 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-09 22:57 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3B9754D6-DBB0-422E-85A5-7B9D4CC124E5}\mpengine.dll
2012-05-08 12:21 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-07 16:53 . 2012-05-07 16:53 -------- d-----w- c:\program files\Belarc
2012-05-07 16:53 . 2011-08-09 21:33 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2012-05-07 16:44 . 2012-05-07 16:44 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
2012-05-06 18:09 . 2012-05-06 18:09 -------- d-----w- C:\rsit
2012-05-06 18:09 . 2012-05-06 18:09 -------- d-----w- c:\program files\trend micro
2012-05-06 16:20 . 2012-05-06 16:20 -------- d-----w- c:\program files\Common Files\Java
2012-05-06 16:15 . 2012-05-06 16:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-06 16:15 . 2012-05-06 16:15 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-06 16:14 . 2012-05-06 16:14 -------- d-----w- c:\program files\Java
2012-05-06 15:47 . 2012-05-06 15:47 -------- d-----w- c:\documents and settings\Owner\Application Data\f-secure
2012-05-06 15:47 . 2012-05-06 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2012-05-05 20:27 . 2012-05-05 20:27 -------- d-----w- C:\RK_Quarantine
2012-05-01 23:42 . 2012-05-01 23:42 -------- d-----w- c:\windows\system32\LogFiles
2012-05-01 18:45 . 2008-04-14 08:10 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2012-05-01 18:45 . 2008-04-14 08:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-05-01 18:34 . 2012-05-01 18:34 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2012-05-01 15:25 . 2012-05-01 15:25 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-01 14:25 . 2012-05-01 14:25 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-01 09:06 . 2012-05-01 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2012-05-01 08:55 . 2012-05-01 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-05-01 08:55 . 2012-05-01 08:55 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp
2012-04-30 23:26 . 2012-05-01 15:25 -------- d-----w- c:\documents and settings\Administrator
2012-04-30 04:01 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-30 04:01 . 2012-04-30 04:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-30 00:42 . 2012-04-30 00:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-04-30 00:16 . 2012-04-30 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-30 00:15 . 2012-04-30 02:46 32072 ----a-w- c:\windows\system32\drivers\48230029.sys
2012-04-30 00:06 . 2012-04-30 00:06 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-04-29 23:23 . 2012-05-01 13:58 -------- d-----w- c:\program files\Common Files\SQLDMO
2012-04-29 23:23 . 2012-05-01 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E
2012-04-26 11:10 . 2012-05-06 17:08 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-25 02:43 . 2012-04-25 02:43 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 02:43 . 2012-04-25 02:43 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 02:43 . 2012-04-25 02:43 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-05-06 17:08 . 2011-10-14 21:47 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 16:15 . 2011-10-04 17:56 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-21 00:44 . 2011-04-18 17:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 10:58 . 2009-07-15 19:27 919552 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:58 . 2009-07-15 19:27 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:58 . 2009-07-15 19:26 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:08 . 2009-07-15 18:41 178176 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:08 . 2008-04-14 09:41 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:30 . 2009-07-15 19:26 385024 ----a-w- c:\windows\system32\html.iec
2012-02-23 14:18 . 2011-08-08 15:46 237072 ------w- c:\windows\system32\MpSigStub.exe
2003-08-27 18:19 . 2011-09-20 22:21 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2012-04-25 02:43 . 2011-09-01 12:50 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-15 . 6772154A2185F5FB42E37A87087C2398 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2009-07-15 . F5BFB044C04A155878BAD2C136943E73 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-05-01_23.42.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-10 10:32 . 2012-05-10 10:32 16384 c:\windows\Temp\Perflib_Perfdata_534.dat
- 2012-02-22 02:15 . 2012-02-22 02:15 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Windows FormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\Wi ndowsFormsIntegration.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Windows FormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\Wi ndowsFormsIntegration.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutom ationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutoma tionTypes.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutom ationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutoma tionTypes.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutom ationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAut omationProvider.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutom ationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAut omationProvider.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e08 9\System.Windows.Presentation.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e08 9\System.Windows.Presentation.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c56 1934e089\System.Windows.Input.Manipulations.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c56 1934e089\System.Windows.Input.Manipulations.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad36 4e35\System.Web.ApplicationServices.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad36 4e35\System.Web.ApplicationServices.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e 35\System.ServiceModel.Channels.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e 35\System.ServiceModel.Channels.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Num erics.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Num erics.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Device\v4.0_4.0.0.0__b77a5c561934e089\System.Devic e.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Device\v4.0_4.0.0.0__b77a5c561934e089\System.Devic e.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e 089\System.Data.DataSetExtensions.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e 089\System.Data.DataSetExtensions.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a 3a\System.Configuration.Install.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a 3a\System.Configuration.Install.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3 856ad364e35\System.ComponentModel.DataAnnotations. dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3 856ad364e35\System.ComponentModel.DataAnnotations. dll
- 2012-02-22 02:15 . 2012-02-22 02:15 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\Syst em.AddIn.Contract.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\Syst em.AddIn.Contract.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagn ostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostic s.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagn ostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostic s.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microso ft.VisualC.Dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microso ft.VisualC.Dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b 03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibilit y.Data.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b 03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibilit y.Data.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessi bility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibilit y.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessi bility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibilit y.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapp er\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapp er\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMar shalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarsh alers.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMar shalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarsh alers.dll
+ 2012-05-07 19:00 . 2012-05-07 19:00 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System .Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f6a63 d15\System.Drawing.Design.dll
+ 2012-05-07 19:35 . 2012-05-07 19:35 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web.DynamicD#\54086073df249c43189bc8eb4c242818 \System.Web.DynamicData.Design.ni.dll
+ 2012-05-07 14:04 . 2012-05-07 14:04 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.DynamicD#\36124bfc4baaa1c2063d699e77324080 \System.Web.DynamicData.Design.ni.dll
+ 2012-05-07 14:04 . 2012-05-07 14:04 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.SqlServer#\c41effeccd62bd2e864d865a7a8089e6 \Microsoft.SqlServer.CustomControls.ni.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExp ressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.Regu larExpressions.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExp ressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.Regu larExpressions.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design \2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.d ll
- 2012-02-22 02:21 . 2012-02-22 02:21 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design \2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.d ll
- 2012-02-22 02:21 . 2012-02-22 02:21 81920 c:\windows\assembly\GAC_MSIL\System.Configuration. Install\2.0.0.0__b03f5f7f11d50a3a\System.Configura tion.Install.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 81920 c:\windows\assembly\GAC_MSIL\System.Configuration. Install\2.0.0.0__b03f5f7f11d50a3a\System.Configura tion.Install.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0 __b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0 __b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.Code DOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.V sa.Vb.CodeDOMProcessor.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.Code DOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.V sa.Vb.CodeDOMProcessor.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBas ic.Vsa.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBas ic.Vsa.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utili ties\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Uti lities.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utili ties\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Uti lities.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Frame work\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Fra mework.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Frame work\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Fra mework.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5 f7f11d50a3a\IEHost.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5 f7f11d50a3a\IEHost.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b0 3f5f7f11d50a3a\cscompmgd.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b0 3f5f7f11d50a3a\cscompmgd.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0 __b03f5f7f11d50a3a\Accessibility.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0 __b03f5f7f11d50a3a\Accessibility.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b0 3f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b0 3f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0. 0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0. 0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a 3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a 3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0 .0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0 .0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-02-22 02:21 . 2012-02-22 02:21 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f 5f7f11d50a3a\IIEHost.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f 5f7f11d50a3a\IIEHost.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0_ _b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0_ _b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2006-02-28 12:00 . 2012-05-07 18:58 552690 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2012-03-11 12:57 552690 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2012-05-07 18:58 106788 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2012-03-11 12:57 106788 c:\windows\system32\perfc009.dat
+ 2012-05-06 17:08 . 2012-05-06 17:08 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_ 2_202_235_Plugin.exe
+ 2012-04-26 11:10 . 2012-05-06 17:08 257696 c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
- 2011-10-04 17:56 . 2011-10-04 17:56 157472 c:\windows\system32\javaws.exe
+ 2012-05-06 16:15 . 2012-05-06 16:15 157472 c:\windows\system32\javaws.exe
+ 2012-05-06 16:15 . 2012-05-06 16:15 149280 c:\windows\system32\javaw.exe
+ 2012-05-06 16:15 . 2012-05-06 16:15 149280 c:\windows\system32\java.exe
+ 2012-01-21 21:40 . 2012-01-21 21:40 616216 c:\windows\Microsoft.NET\Framework\v4.0.30319\Syst em.Drawing.dll
+ 2012-01-31 07:38 . 2012-01-31 07:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\Syst em.Drawing.dll
+ 2012-01-27 21:35 . 2012-01-27 21:35 471040 c:\windows\Microsoft.NET\Framework\v1.1.4322\Syste m.Drawing.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutom ationClientsideProviders\v4.0_4.0.0.0__31bf3856ad3 64e35\UIAutomationClientsideProviders.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutom ationClientsideProviders\v4.0_4.0.0.0__31bf3856ad3 64e35\UIAutomationClientsideProviders.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutom ationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutom ationClient.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutom ationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutom ationClient.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml .Linq.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml .Linq.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dl l
+ 2012-05-07 18:58 . 2012-05-07 18:58 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dl l
- 2012-02-22 02:15 . 2012-02-22 02:15 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System .Web.Services.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System .Web.Services.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speec h.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speec h.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\Syst em.ServiceProcess.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\Syst em.ServiceProcess.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e3 5\System.ServiceModel.Routing.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e3 5\System.ServiceModel.Routing.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364 e35\System.ServiceModel.Discovery.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364 e35\System.ServiceModel.Discovery.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad36 4e35\System.ServiceModel.Activities.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad36 4e35\System.ServiceModel.Activities.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Sec urity.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Sec urity.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0 __b03f5f7f11d50a3a\System.Runtime.Serialization.Fo rmatters.Soap.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0 __b03f5f7f11d50a3a\System.Runtime.Serialization.Fo rmatters.Soap.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\Sy stem.Runtime.Remoting.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\Sy stem.Runtime.Remoting.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad 364e35\System.Runtime.DurableInstancing.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad 364e35\System.Runtime.DurableInstancing.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Me ssaging.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Me ssaging.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.M anagement.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.M anagement.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Management.Instrumentation\v4.0_4.0.0.0__b77a5c561 934e089\System.Management.Instrumentation.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Management.Instrumentation\v4.0_4.0.0.0__b77a5c561 934e089\System.Management.Instrumentation.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Lo g.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Lo g.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\Syste m.IdentityModel.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\Syste m.IdentityModel.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934 e089\System.IdentityModel.Selectors.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934 e089\System.IdentityModel.Selectors.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dyna mic.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dyna mic.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Draw ing.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\S ystem.DirectoryServices.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\S ystem.DirectoryServices.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f 11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f 11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. DirectoryServices.AccountManagement\v4.0_4.0.0.0__ b77a5c561934e089\System.DirectoryServices.AccountM anagement.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. DirectoryServices.AccountManagement\v4.0_4.0.0.0__ b77a5c561934e089\System.DirectoryServices.AccountM anagement.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.D eployment.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.D eployment.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System. Data.SqlXml.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System. Data.SqlXml.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e08 9\System.Data.Services.Client.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e08 9\System.Data.Services.Client.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Da ta.Linq.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Da ta.Linq.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\Syste m.configuration.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\Syste m.configuration.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561 934e089\System.ComponentModel.Composition.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561 934e089\System.ComponentModel.Composition.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn. dll
- 2012-02-22 02:15 . 2012-02-22 02:15 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn. dll
- 2012-02-22 02:15 . 2012-02-22 02:15 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Activities.DurableInstancing\v4.0_4.0.0.0__31bf385 6ad364e35\System.Activities.DurableInstancing.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Activities.DurableInstancing\v4.0_4.0.0.0__31bf385 6ad364e35\System.Activities.DurableInstancing.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Activities.Core.Presentation\v4.0_4.0.0.0__31bf385 6ad364e35\System.Activities.Core.Presentation.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Activities.Core.Presentation\v4.0_4.0.0.0__31bf385 6ad364e35\System.Activities.Core.Presentation.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglob l\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglob l\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFr amework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramew ork.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFr amework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramew ork.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationUI\v4.0_4.0.0.0__31bf3856ad364e35\Presentatio nUI.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationUI\v4.0_4.0.0.0__31bf3856ad364e35\Presentatio nUI.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e 35\PresentationFramework.Royale.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e 35\PresentationFramework.Royale.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35 \PresentationFramework.Luna.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35 \PresentationFramework.Luna.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364 e35\PresentationFramework.Classic.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364 e35\PresentationFramework.Classic.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35 \PresentationFramework.Aero.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35 \PresentationFramework.Aero.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Mic rosoft.VisualBasic.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Mic rosoft.VisualBasic.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f 7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f 7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50 a3a\Microsoft.Transactions.Bridge.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50 a3a\Microsoft.Transactions.Bridge.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microso ft.JScript.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microso ft.JScript.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft .CSharp.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft .CSharp.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Tr ansactions\v4.0_4.0.0.0__b77a5c561934e089\System.T ransactions.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Tr ansactions\v4.0_4.0.0.0__b77a5c561934e089\System.T ransactions.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Pr inting\v4.0_4.0.0.0__31bf3856ad364e35\System.Print ing.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Pr inting\v4.0_4.0.0.0__31bf3856ad364e35\System.Print ing.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.En terpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\Sy stem.EnterpriseServices.Wrapper.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.En terpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\Sy stem.EnterpriseServices.Wrapper.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.En terpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\Sy stem.EnterpriseServices.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.En terpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\Sy stem.EnterpriseServices.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft .Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d 50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft .Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d 50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-03 03:56 . 2012-02-03 03:56 963584 c:\windows\Installer\b907a.msp
+ 2012-05-06 16:20 . 2012-05-06 16:20 203776 c:\windows\Installer\9a7f4c.msi
+ 2012-05-06 16:14 . 2012-05-06 16:14 900096 c:\windows\Installer\9a7f3a.msi
Reply With Quote
  #15  
Old May 10th, 2012, 12:06 PM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
Page 2 Combofix.txt May 10, 2012

+ 2012-05-07 19:00 . 2012-05-07 19:00 843776 c:\windows\assembly\NativeImages1_v1.1.4322\System .Drawing\1.0.5000.0__b03f5f7f11d50a3a_adc3d663\Sys tem.Drawing.dll
+ 2012-05-07 19:00 . 2012-05-07 19:00 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System .Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_55216 dc2\System.Drawing.Design.dll
+ 2012-05-07 19:35 . 2012-05-07 19:35 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\Win dowsFormsIntegra#\d3f175cefc439ba7d036a7f8f0ebe0c2 \WindowsFormsIntegration.ni.dll
+ 2012-05-07 19:35 . 2012-05-07 19:35 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Windows.Form#\cc43f242e4f24639aece610a95406534 \System.Windows.Forms.DataVisualization.Design.ni. dll
+ 2012-05-07 19:35 . 2012-05-07 19:35 864256 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web.Extensio#\46de13013e975ac2105f2e4b6faf3b45 \System.Web.Extensions.Design.ni.dll
+ 2012-05-07 19:35 . 2012-05-07 19:35 334848 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web.Entity\e810f2696f5cad96f0ae278b520398a2\Sy stem.Web.Entity.ni.dll
+ 2012-05-07 19:35 . 2012-05-07 19:35 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web.Entity.D#\9ae239000870d5e9814d3da3027bf598 \System.Web.Entity.Design.ni.dll
+ 2012-05-07 19:35 . 2012-05-07 19:35 708096 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web.DynamicD#\84448e1d3b362675759f78033ba63142 \System.Web.DynamicData.ni.dll
+ 2012-05-07 19:35 . 2012-05-07 19:35 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web.DataVisu#\bdd27a2ab9021222c7d649a41b2a034d \System.Web.DataVisualization.Design.ni.dll
+ 2012-05-07 19:34 . 2012-05-07 19:34 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceProce#\873202699833a0c3d031c82b556a7296 \System.ServiceProcess.ni.dll
+ 2012-05-07 19:35 . 2012-05-07 19:35 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Messaging\8bbad53639576996991c10977adab5ca\Sys tem.Messaging.ni.dll
+ 2012-05-07 18:59 . 2012-05-07 18:59 226304 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Drawing.Desi#\06f391d52ab00469279819265bd111d2 \System.Drawing.Design.ni.dll
+ 2012-05-07 19:34 . 2012-05-07 19:34 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Mic rosoft.VisualBas#\471bb0cccb42e476fe2aefec0ca91d86 \Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-05-07 19:34 . 2012-05-07 19:34 852480 c:\windows\assembly\NativeImages_v4.0.30319_32\Asp NetMMCExt\b66c764c2b00cb7c7e5ee8d628fedba4\AspNetM MCExt.ni.dll
+ 2012-05-07 14:01 . 2012-05-07 14:01 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\Win dowsFormsIntegra#\5be064066858620a8aa628fca459a888 \WindowsFormsIntegration.ni.dll
+ 2012-05-07 14:04 . 2012-05-07 14:04 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Routing\1107b3a711bab40c83e2561ba2431d62\S ystem.Web.Routing.ni.dll
+ 2012-05-07 14:04 . 2012-05-07 14:04 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Extensio#\d7c8c294920cfe79765215e242308d28 \System.Web.Extensions.Design.ni.dll
+ 2012-05-07 14:04 . 2012-05-07 14:04 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Entity\5176923a8264305118a299419e1c7bde\Sy stem.Web.Entity.ni.dll
+ 2012-05-07 14:04 . 2012-05-07 14:04 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Entity.D#\d746c0f0ed36226efb2e0115de42cdd6 \System.Web.Entity.Design.ni.dll
+ 2012-05-07 14:04 . 2012-05-07 14:04 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.DynamicD#\df5542604898c9ea3fda32c8619ae0e5 \System.Web.DynamicData.ni.dll
+ 2012-05-07 14:04 . 2012-05-07 14:04 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Abstract#\b9c8715157536097b489132574ad5c17 \System.Web.Abstractions.ni.dll
+ 2012-05-07 14:04 . 2012-05-07 14:04 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.ServiceProce#\56e433394df8d44e43690a855e403555 \System.ServiceProcess.ni.dll
+ 2012-05-07 14:01 . 2012-05-07 14:01 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing.Desi#\cc2cd3bc46c9c2b30e47281e404a3230 \System.Drawing.Design.ni.dll
+ 2012-05-07 14:04 . 2012-05-07 14:04 530432 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.SqlServer#\dcf839063ca38232d9f16152e43c99cb \Microsoft.SqlServer.GridControl.ni.dll
+ 2012-05-07 14:04 . 2012-05-07 14:04 989184 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.SqlServer#\52a17c35dd2ed49b8129a533f879a950 \Microsoft.SqlServer.WizardFrameworkLite.ni.dll
+ 2012-05-07 14:04 . 2012-05-07 14:04 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.SqlServer#\075bac1ae40360f525821a6ecd0c88fb \Microsoft.SqlServer.Setup.ni.dll
+ 2012-05-07 14:03 . 2012-05-07 14:03 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.PowerShel#\3e041a29f5dfd7b1063478673fff4376 \Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-05-07 14:03 . 2012-05-07 14:03 231936 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.NetEnterp#\e8e5f62018668d3a0735b7e62bb9d3b0 \Microsoft.NetEnterpriseServers.ExceptionMessageBo x.ni.dll
+ 2012-05-07 14:03 . 2012-05-07 14:03 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\Asp NetMMCExt\8d6cd6a93f679608d52b6c874088b963\AspNetM MCExt.ni.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2 .0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2 .0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0 .0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0 .0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess \2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll
+ 2012-05-06 20:07 . 2012-05-06 20:07 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess \2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll
- 2012-02-22 02:21 . 2012-02-22 02:21 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0 .0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0 .0__b03f5f7f11d50a3a\System.Security.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serial ization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serial ization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ System.Runtime.Serialization.Formatters.Soap.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoti ng\2.0.0.0__b77a5c561934e089\System.Runtime.Remoti ng.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoti ng\2.0.0.0__b77a5c561934e089\System.Runtime.Remoti ng.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0. 0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0. 0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0 .0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0 .0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0. 0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServi ces\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServ ices.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServi ces\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServ ices.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServi ces.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.Dir ectoryServices.Protocols.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServi ces.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.Dir ectoryServices.Protocols.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0 .0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0 .0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2. 0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2. 0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\ 2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\ 2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03 f5f7f11d50a3a\sysglobl.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03 f5f7f11d50a3a\sysglobl.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic \8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.d ll
- 2012-02-22 02:21 . 2012-02-22 02:21 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic \8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.d ll
- 2012-02-22 02:21 . 2012-02-22 02:21 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft .VisualBasic.Compatibility.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft .VisualBasic.Compatibility.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Micr osoft.VisualBasic.Compatibility.Data.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Micr osoft.VisualBasic.Compatibility.Data.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks \2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.d ll
- 2012-02-22 02:21 . 2012-02-22 02:21 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks \2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.d ll
+ 2012-05-06 20:07 . 2012-05-06 20:07 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engin e\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine .dll
- 2012-02-22 02:21 . 2012-02-22 02:21 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engin e\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine .dll
- 2012-02-22 02:21 . 2012-02-22 02:21 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0_ _b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0_ _b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0 .0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0 .0.0__b77a5c561934e089\System.Transactions.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 113664 c:\windows\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.Wrapper.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 113664 c:\windows\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.Wrapper.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 258048 c:\windows\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 258048 c:\windows\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 486400 c:\windows\assembly\GAC_32\System.Data.OracleClien t\2.0.0.0__b77a5c561934e089\System.Data.OracleClie nt.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 486400 c:\windows\assembly\GAC_32\System.Data.OracleClien t\2.0.0.0__b77a5c561934e089\System.Data.OracleClie nt.dll
+ 2012-05-07 19:00 . 2012-05-07 19:00 471040 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0_ _b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-05-06 17:08 . 2012-05-06 17:08 8797856 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_20 2_235.dll
+ 2012-01-31 08:46 . 2012-01-31 08:46 6385664 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updat es\M2656370\M2656370Uninstall.msp
- 2012-02-22 02:15 . 2012-02-22 02:15 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Windows Base\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dl l
+ 2012-05-07 18:58 . 2012-05-07 18:58 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Windows Base\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dl l
- 2012-02-22 02:15 . 2012-02-22 02:15 3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\ v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\ v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\Syste m.Windows.Forms.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\Syste m.Windows.Forms.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf 3856ad364e35\System.Windows.Forms.DataVisualizatio n.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf 3856ad364e35\System.Windows.Forms.DataVisualizatio n.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System .ServiceModel.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System .ServiceModel.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e0 89\System.Runtime.Serialization.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e0 89\System.Runtime.Serialization.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System. Data.Entity.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System. Data.Entity.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dl l
+ 2012-05-07 18:58 . 2012-05-07 18:58 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dl l
- 2012-02-22 02:15 . 2012-02-22 02:15 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.A ctivities.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.A ctivities.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Activities.Presentation\v4.0_4.0.0.0__31bf3856ad36 4e35\System.Activities.Presentation.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Activities.Presentation\v4.0_4.0.0.0__31bf3856ad36 4e35\System.Activities.Presentation.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationFramework\v4.0_4.0.0.0__31bf3856ad364e35\Pres entationFramework.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationFramework\v4.0_4.0.0.0__31bf3856ad364e35\Pres entationFramework.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Da ta\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Da ta\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\Presentat ionCore\v4.0_4.0.0.0__31bf3856ad364e35\Presentatio nCore.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\Presentat ionCore\v4.0_4.0.0.0__31bf3856ad364e35\Presentatio nCore.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\ v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\ v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-02-22 02:15 . 2012-02-22 02:15 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft .VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b0 3f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Co mpiler.dll
+ 2012-05-07 18:58 . 2012-05-07 18:58 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft .VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b0 3f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Co mpiler.dll
+ 2012-05-07 19:00 . 2012-05-07 19:00 7069184 c:\windows\Installer\ae008e.msp
+ 2012-01-22 14:09 . 2012-01-22 14:09 1700352 c:\windows\Installer\ae0085.msp
+ 2012-05-07 19:00 . 2012-05-07 19:00 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System .Windows.Forms\1.0.5000.0__b77a5c561934e089_71d93e d1\System.Windows.Forms.dll
+ 2012-05-07 19:00 . 2012-05-07 19:00 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System .Windows.Forms\1.0.5000.0__b77a5c561934e089_2d4c09 96\System.Windows.Forms.dll
+ 2012-05-07 19:04 . 2012-05-07 19:04 2248704 c:\windows\assembly\NativeImages1_v1.1.4322\System .Drawing\1.0.5000.0__b03f5f7f11d50a3a_cc14f760\Sys tem.Drawing.dll
+ 2012-05-07 19:00 . 2012-05-07 19:00 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System .Design\1.0.5000.0__b03f5f7f11d50a3a_9d862074\Syst em.Design.dll
+ 2012-05-07 19:04 . 2012-05-07 19:04 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System .Design\1.0.5000.0__b03f5f7f11d50a3a_7175f725\Syst em.Design.dll
+ 2012-05-07 18:59 . 2012-05-07 18:59 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\Win dowsBase\64bc66b117a976cc4972e4376290c95d\WindowsB ase.ni.dll
+ 2012-05-07 19:35 . 2012-05-07 19:35 1211904 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.WorkflowServ#\db66b77c7fd405dd85977c7450fdbb4c \System.WorkflowServices.ni.dll
+ 2012-05-07 19:35 . 2012-05-07 19:35 4475904 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Workflow.Com#\5d37895fcb84fc4c1baeda9cdad7a43b \System.Workflow.ComponentModel.ni.dll
+ 2012-05-07 19:35 . 2012-05-07 19:35 2872320 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Workflow.Act#\8b2b77ea27aa46e8f82bb8101df16a19 \System.Workflow.Activities.ni.dll
+ 2012-05-07 19:35 . 2012-05-07 19:35 4586496 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Windows.Form#\e8781973fbd0c7a4703e37052f45b783 \System.Windows.Forms.DataVisualization.ni.dll
+ 2012-05-07 19:35 . 2012-05-07 19:35 2334720 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web.Mobile\d65fbdd263b35421b44256f250463246\Sy stem.Web.Mobile.ni.dll
+ 2012-05-07 19:35 . 2012-05-07 19:35 3123200 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web.Extensio#\70f55c226bc02396fe093a770c954ac8 \System.Web.Extensions.ni.dll
+ 2012-05-07 19:35 . 2012-05-07 19:35 4574720 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web.DataVisu#\7073659b9db193ca851bbcc05c8173c8 \System.Web.DataVisualization.ni.dll
+ 2012-05-07 19:34 . 2012-05-07 19:34 1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Printing\241c6a208037e498657a9e85e398f5a4\Syst em.Printing.ni.dll
+ 2012-05-07 18:59 . 2012-05-07 18:59 1665024 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Drawing\9ac7922025e72297069a82a403cb59fa\Syste m.Drawing.ni.dll
+ 2012-05-07 19:34 . 2012-05-07 19:34 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Deployment\2a3e6c74bc3763eefe27c55d9cad3fda\Sy stem.Deployment.ni.dll
+ 2012-05-07 19:35 . 2012-05-07 19:35 3713024 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Activities.P#\8881093f626f25e558129c833b525ff5 \System.Activities.Presentation.ni.dll
+ 2012-05-07 19:34 . 2012-05-07 19:34 2859008 c:\windows\assembly\NativeImages_v4.0.30319_32\Rea chFramework\385f2b705df4c3fbc6654005f1a38943\Reach Framework.ni.dll
+ 2012-05-07 19:34 . 2012-05-07 19:34 1631744 c:\windows\assembly\NativeImages_v4.0.30319_32\Pre sentationUI\b895a66fa91475e1958d5a2ad63281ca\Prese ntationUI.ni.dll
+ 2012-05-07 19:34 . 2012-05-07 19:34 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Mic rosoft.VisualBas#\3a77b9d9b14daaf01c0347d2523dd69c \Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-05-07 19:34 . 2012-05-07 19:34 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Mic rosoft.VisualBas#\03bc4ff490bc2c544c5f61842a394883 \Microsoft.VisualBasic.ni.dll
+ 2012-05-07 19:34 . 2012-05-07 19:34 2868736 c:\windows\assembly\NativeImages_v4.0.30319_32\Mic rosoft.Build.Tas#\25d27c5881735866f47fb57080989b66 \Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-05-07 14:04 . 2012-05-07 14:04 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.WorkflowServ#\d31d2eb0a862d3c1d3561be5f1570c3e \System.WorkflowServices.ni.dll
+ 2012-05-07 14:04 . 2012-05-07 14:04 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Workflow.Com#\53c2336db392bfa5484850780048e37a \System.Workflow.ComponentModel.ni.dll
+ 2012-05-07 14:04 . 2012-05-07 14:04 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Workflow.Act#\f243723cda77dd647b250dd9c42c35e2 \System.Workflow.Activities.ni.dll
+ 2012-05-07 14:04 . 2012-05-07 14:04 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Mobile\d1dacd5cb445b242b70bf7d606464293\Sy stem.Web.Mobile.ni.dll
+ 2012-05-07 14:04 . 2012-05-07 14:04 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Extensio#\6acbb8bb1a43fab0fdcf55bedd1fbcc3 \System.Web.Extensions.ni.dll
+ 2012-05-07 14:01 . 2012-05-07 14:01 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Printing\44d507a702c1623810e094adf751f687\Syst em.Printing.ni.dll
+ 2012-05-07 14:01 . 2012-05-07 14:01 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\Syste m.Drawing.ni.dll
+ 2012-05-07 14:04 . 2012-05-07 14:04 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Deployment\3d253a2235f7c03630003bc1fbaf34a3\Sy stem.Deployment.ni.dll
+ 2012-05-07 14:00 . 2012-05-07 14:00 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\Rea chFramework\c73e109dbac6b099786cc68fe36e3d0b\Reach Framework.ni.dll
+ 2012-05-07 14:00 . 2012-05-07 14:00 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationUI\20d72aeac1109863b77532d37d3f4fa2\Prese ntationUI.ni.dll
+ 2012-05-07 14:04 . 2012-05-07 14:04 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c \Microsoft.VisualBasic.ni.dll
+ 2012-05-07 14:03 . 2012-05-07 14:03 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Build.Tas#\876b7280cf4e81fd65b120f60d38a7d9 \Microsoft.Build.Tasks.ni.dll
+ 2012-05-07 14:03 . 2012-05-07 14:03 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Build.Tas#\64ba53308e90fa3837fe47977e2d37b6 \Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5 c561934e089\System.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5 c561934e089\System.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b 77a5c561934e089\System.XML.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b 77a5c561934e089\System.XML.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\ 2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\ 2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0 __b03f5f7f11d50a3a\System.Design.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0 __b03f5f7f11d50a3a\System.Design.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03 f5f7f11d50a3a\System.Web.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03 f5f7f11d50a3a\System.Web.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
+ 2012-05-06 20:07 . 2012-05-06 20:07 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\mscorlib.dll
- 2012-02-22 02:21 . 2012-02-22 02:21 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\mscorlib.dll
+ 2012-05-07 18:59 . 2012-05-07 18:59 13196800 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Windows.Forms\67b05b57919dfc3a1521f33198495f5b \System.Windows.Forms.ni.dll
+ 2012-05-07 19:34 . 2012-05-07 19:34 12076544 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web\0541e0facc72aeb8f189dd8ab69344bd\System.We b.ni.dll
+ 2012-05-07 18:59 . 2012-05-07 18:59 11002880 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Design\bb766612c7402195f00054b9809ebed9\System .Design.ni.dll
+ 2012-05-07 18:59 . 2012-05-07 18:59 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\Pre sentationFramewo#\d5be46bcb4eba96a282fb0129b00918d \PresentationFramework.ni.dll
+ 2012-05-07 18:59 . 2012-05-07 18:59 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\Pre sentationCore\503f6775eb81ff6d97a3e93a70ff8d6e\Pre sentationCore.ni.dll
+ 2012-05-07 14:01 . 2012-05-07 14:01 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f \System.Windows.Forms.ni.dll
+ 2012-05-07 14:04 . 2012-05-07 14:04 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web\db1d2470de43ffcb6f562277208d56e5\System.We b.ni.dll
+ 2012-05-07 14:01 . 2012-05-07 14:01 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Design\561138d8d199861578c197c4d24e3934\System .Design.ni.dll
+ 2012-05-07 14:00 . 2012-05-07 14:00 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\029d1d9e6495065aa4f38bcf2315ee8c \PresentationFramework.ni.dll
+ 2012-05-07 14:00 . 2012-05-07 14:00 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationCore\0a059ecfca6e421629a8298b03a7814c\Pre sentationCore.ni.dll
.
-- Snapshot reset to current date --



.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-05-03 86016]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880]
"P17Helper"="SPIRun.dll" [2006-07-03 10752]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-08-20 1874264]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-07-15 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-10-13 5904216]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-10-13 1175912]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2008\QBW32.EXE [2011-10-13 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [8/19/2011 09:31 PM 1248256]
S0 07092760;07092760;c:\windows\system32\drivers\3095 8625.sys --> c:\windows\system32\drivers\30958625.sys [?]
S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPl ayerUpdateService.exe [4/26/2012 07:10 AM 257696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [3/18/2010 01:16 PM 130384]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\dr ivers\mbamchameleon.sys [4/29/2012 08:06 PM 32072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [3/18/2010 01:16 PM 753504]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 10:43 PM 129976]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-04-26 17:08]
.
2012-05-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\cs4pkzgg.default\
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-10 06:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\adsldpc.dll
.
- - - - - - - > 'explorer.exe'(2804)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2012-05-10 06:55:04
ComboFix-quarantined-files.txt 2012-05-10 10:55
ComboFix2.txt 2012-05-01 23:43
.
Pre-Run: 56,889,843,712 bytes free
Post-Run: 57,471,639,552 bytes free
.
- - End Of File - - B93BEAD7BC4E35895E858B611474FBE1
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 10:02 AM.