|
#1
May 7th, 2012, 07:06 PM
|
||||
|
||||
|
Smart Fortress 2012/Zero Access
Hi
On April 29 desktop pc was attacked by SmartFortress 2012-fake security pop ups,disabled AV and MS Security Center,disabled Windows defender,disabled CD/dvd drives. Rogue Killer indicated ZeroAccess was on PC. I followed this malware removal thread on cybertechhelp http://www.cybertechhelp.com/forums/...d.php?t=218141 since the same infection was being cleaned: [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present! Several other trojans and viruses were identified in clean up- Combofix identified infection with w/ Rootkit.ZeroAccess! inserted into the tcp//ipstack and appears to have cleaned it. I followed this thread up to instruction to use ESET Online Scanner-I was unable to run this tool and ran F-secure online scanner instead. At this point I realized I need expert help  in order to properly clean machine and to be sure all security programs are working properly.I have not removed Combo fix- and I have all logs from the beginning of this nightmare if you would like to see any of them. I realize I should have come here from the beginning and appreciate any help at this point. I am able to boot normally, however I do not think system is entirely clean -when I run the windows malware prevention troubleshooter and windows security troubleshooter as well as Microsft safety scanner, it indicates I have NO AV running and windows firewall failed to start- however security center accessed thru control panel indicates all security programs are "on"-ie, firewall, automated updates and virus protection. I have MSiInstaller errors in event viewer every day since trojan struck and one instance of crypt32 event 11 on day/time of attack. Thanks for reading and I look forward to your response. 
|
|
#2
May 7th, 2012, 08:02 PM
|
||||
|
||||
|
Welcome to CTH, Deborahh!
Not every system is the same, so what works for one User, may not work for another. Let's see what your system presently shows... Please download RogueKiller •When you get to the website, go to where it says: (Download link) Lien de téléchargement:  •Click the dark-blue button to download. •Save to the Desktop •Close all windows and browsers •XP: Double-click the program to run it •Vista/seven: Right-click and select 'Run as Administrator' •Press: SCAN •A report opens on the Desktop: RKreport.txt Please copy/paste the RKreport.txt , and provide it in your reply. Note: If RogueKiller is blocked, do not hesitate to try running it again. If it still fails to run, right-click on the downloaded icon and select: Rename Then, rename it to winlogon.exe and try again. If you cannot download, but can run programs, instead of downloading the program requested to the problem computer, download it to a clean computer. Next, save it to a USB flash drive (or removable media), move it to the Desktop of the infected computer, and run the program as described at the beginning of these instructions.
|
|
#3
May 7th, 2012, 08:18 PM
|
||||
|
||||
|
HI Aaflac
Thks for the quick reply As requested, RogueKiller SCAN report RogueKiller V7.4.3 [05/04/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Owner [Admin rights] Mode: Scan -- Date: 05/07/2012 15:15:38 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: MAXTOR 6L080L4 +++++ --- User --- [MBR] 37743bab05beaf4fbaee6f657ea72f92 [BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++ --- User --- [MBR] 8c578824a997fcb025e0b9f618ad7cab [BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++ --- User --- [MBR] 0be45aedd714228582a3c39eb483c4cf [BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
|
|
#5
May 7th, 2012, 11:07 PM
|
||||
|
||||
|
I will start with RogueKiller Log Reports (there are 17 in total)
Also, a folder RogueKiller labeled RK_Quarantine has a log file. I will post that last after RKreport17. Please let me know if you would like add'l logs from other removal tools after you've had a chance to review RogueKillers- Thanks! RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Owner [Admin rights] Mode: Scan -- Date: 04/29/2012 22:27:29 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 4 ¤¤¤ [SUSP PATH] HKLM\[...]\Run : SM1BG (C:\WINDOWS\SM1BG.EXE) -> FOUND [SUSP PATH] HKCU\[...]\RunOnce : F4D5618A0001836300216024D151FC4E (C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe) -> FOUND [SUSP PATH] HKUS\S-1-5-21-1993962763-1647877149-842925246-1003[...]\RunOnce : F4D5618A0001836300216024D151FC4E (C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[122] : NtOpenProcess @ 0x8057F93A -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741B2A) SSDT[128] : NtOpenThread @ 0x80596743 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741C1A) ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present! ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: MAXTOR 6L080L4 +++++ --- User --- [MBR] 37743bab05beaf4fbaee6f657ea72f92 [BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++ --- User --- [MBR] 8c578824a997fcb025e0b9f618ad7cab [BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++ --- User --- [MBR] 0be45aedd714228582a3c39eb483c4cf [BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Owner [Admin rights] Mode: Remove -- Date: 04/29/2012 22:28:35 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 3 ¤¤¤ [SUSP PATH] HKLM\[...]\Run : SM1BG (C:\WINDOWS\SM1BG.EXE) -> DELETED [SUSP PATH] HKCU\[...]\RunOnce : F4D5618A0001836300216024D151FC4E (C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe) -> DELETED [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[122] : NtOpenProcess @ 0x8057F93A -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741B2A) SSDT[128] : NtOpenThread @ 0x80596743 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741C1A) ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present! ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: MAXTOR 6L080L4 +++++ --- User --- [MBR] 37743bab05beaf4fbaee6f657ea72f92 [BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++ --- User --- [MBR] 8c578824a997fcb025e0b9f618ad7cab [BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++ --- User --- [MBR] 0be45aedd714228582a3c39eb483c4cf [BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Owner [Admin rights] Mode: Scan -- Date: 04/29/2012 23:04:04 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[122] : NtOpenProcess @ 0x8057F93A -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741B2A) SSDT[128] : NtOpenThread @ 0x80596743 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741C1A) ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present! ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: MAXTOR 6L080L4 +++++ --- User --- [MBR] 37743bab05beaf4fbaee6f657ea72f92 [BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++ --- User --- [MBR] 8c578824a997fcb025e0b9f618ad7cab [BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++ --- User --- [MBR] 0be45aedd714228582a3c39eb483c4cf [BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: HP v125w USB Device +++++ --- User --- [MBR] b305a011d887843cbf51c81be0226f72 [BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 3846 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Owner [Admin rights] Mode: Remove -- Date: 04/29/2012 23:04:57 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[122] : NtOpenProcess @ 0x8057F93A -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741B2A) SSDT[128] : NtOpenThread @ 0x80596743 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741C1A) ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present! ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: MAXTOR 6L080L4 +++++ --- User --- [MBR] 37743bab05beaf4fbaee6f657ea72f92 [BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++ --- User --- [MBR] 8c578824a997fcb025e0b9f618ad7cab [BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++ --- User --- [MBR] 0be45aedd714228582a3c39eb483c4cf [BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: HP v125w USB Device +++++ --- User --- [MBR] b305a011d887843cbf51c81be0226f72 [BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 3846 Mo User = LL1 ... OK! Error reading LL2 MBR! RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Owner [Admin rights] Mode: Scan -- Date: 04/29/2012 23:46:53 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[122] : NtOpenProcess @ 0x8057F93A -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741B2A) SSDT[128] : NtOpenThread @ 0x80596743 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741C1A) ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present! ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: MAXTOR 6L080L4 +++++ --- User --- [MBR] 37743bab05beaf4fbaee6f657ea72f92 [BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++ --- User --- [MBR] 8c578824a997fcb025e0b9f618ad7cab [BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++ --- User --- [MBR] 0be45aedd714228582a3c39eb483c4cf [BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[5].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Owner [Admin rights] Mode: Remove -- Date: 04/29/2012 23:53:15 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[122] : NtOpenProcess @ 0x8057F93A -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741B2A) SSDT[128] : NtOpenThread @ 0x80596743 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xBA741C1A) ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present! ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: MAXTOR 6L080L4 +++++ --- User --- [MBR] 37743bab05beaf4fbaee6f657ea72f92 [BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++ --- User --- [MBR] 8c578824a997fcb025e0b9f618ad7cab [BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++ --- User --- [MBR] 0be45aedd714228582a3c39eb483c4cf [BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[6].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Owner [Admin rights] Mode: Scan -- Date: 04/30/2012 00:10:43 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present! ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: MAXTOR 6L080L4 +++++ --- User --- [MBR] 37743bab05beaf4fbaee6f657ea72f92 [BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++ --- User --- [MBR] 8c578824a997fcb025e0b9f618ad7cab [BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++ --- User --- [MBR] 0be45aedd714228582a3c39eb483c4cf [BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[7].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Owner [Admin rights] Mode: Scan -- Date: 04/30/2012 10:54:50 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present! ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: MAXTOR 6L080L4 +++++ --- User --- [MBR] 37743bab05beaf4fbaee6f657ea72f92 [BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++ --- User --- [MBR] 8c578824a997fcb025e0b9f618ad7cab [BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++ --- User --- [MBR] 0be45aedd714228582a3c39eb483c4cf [BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[8].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Owner [Admin rights] Mode: Remove -- Date: 04/30/2012 10:55:11 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present! ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: MAXTOR 6L080L4 +++++ --- User --- [MBR] 37743bab05beaf4fbaee6f657ea72f92 [BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++ --- User --- [MBR] 8c578824a997fcb025e0b9f618ad7cab [BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++ --- User --- [MBR] 0be45aedd714228582a3c39eb483c4cf [BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[9].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Owner [Admin rights] Mode: Scan -- Date: 04/30/2012 17:17:31 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present! ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: MAXTOR 6L080L4 +++++ --- User --- [MBR] 37743bab05beaf4fbaee6f657ea72f92 [BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++ --- User --- [MBR] 8c578824a997fcb025e0b9f618ad7cab [BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++ --- User --- [MBR] 0be45aedd714228582a3c39eb483c4cf [BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[10].txt >> RKreport[10].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Owner [Admin rights] Mode: Shortcuts HJfix -- Date: 04/30/2012 17:31:40 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ File attributes restored: ¤¤¤ Desktop: Success 0 / Fail 0 Quick launch: Success 0 / Fail 0 Programs: Success 6 / Fail 0 Start menu: Success 0 / Fail 0 User folder: Success 54 / Fail 0 My documents: Success 0 / Fail 0 My favorites: Success 0 / Fail 0 My pictures: Success 0 / Fail 0 My music: Success 0 / Fail 0 My videos: Success 0 / Fail 0 Local drives: Success 1959 / Fail 0 Backup: [NOT FOUND] Drives: [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored [F:] \Device\HarddiskVolume1 -- 0x3 --> Restored [G:] \Device\HarddiskDmVolumes\Home_sys1Dg0\Volume1 -- 0x3 --> Restored ¤¤¤ Infection : ZeroAccess ¤¤¤ Finished : << RKreport[11].txt >> RKreport[10].txt ; RKreport[11].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Owner [Admin rights] Mode: Scan -- Date: 04/30/2012 17:37:02 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present! ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: MAXTOR 6L080L4 +++++ --- User --- [MBR] 37743bab05beaf4fbaee6f657ea72f92 [BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++ --- User --- [MBR] 8c578824a997fcb025e0b9f618ad7cab [BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++ --- User --- [MBR] 0be45aedd714228582a3c39eb483c4cf [BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[12].txt >> RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Safe mode with network support User: Owner [Admin rights] Mode: Scan -- Date: 04/30/2012 17:50:51 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present! ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: MAXTOR 6L080L4 +++++ --- User --- [MBR] 37743bab05beaf4fbaee6f657ea72f92 [BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++ --- User --- [MBR] 8c578824a997fcb025e0b9f618ad7cab [BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++ --- User --- [MBR] 0be45aedd714228582a3c39eb483c4cf [BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[13].txt >> RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Safe mode with network support User: Owner [Admin rights] Mode: Remove -- Date: 04/30/2012 17:51:15 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present! ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: MAXTOR 6L080L4 +++++ --- User --- [MBR] 37743bab05beaf4fbaee6f657ea72f92 [BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++ --- User --- [MBR] 8c578824a997fcb025e0b9f618ad7cab [BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++ --- User --- [MBR] 0be45aedd714228582a3c39eb483c4cf [BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[14].txt >> RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Owner [Admin rights] Mode: Scan -- Date: 05/01/2012 04:53:06 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present! ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: MAXTOR 6L080L4 +++++ --- User --- [MBR] 37743bab05beaf4fbaee6f657ea72f92 [BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++ --- User --- [MBR] 8c578824a997fcb025e0b9f618ad7cab [BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++ --- User --- [MBR] 0be45aedd714228582a3c39eb483c4cf [BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[15].txt >> RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ; RKreport[15].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Owner [Admin rights] Mode: Remove -- Date: 05/01/2012 04:53:43 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present! ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: MAXTOR 6L080L4 +++++ --- User --- [MBR] 37743bab05beaf4fbaee6f657ea72f92 [BSP] ef6cecd81434d1e7d949f8c81295a0d6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76332 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1600AAJS-00YZCA0 +++++ --- User --- [MBR] 8c578824a997fcb025e0b9f618ad7cab [BSP] e26022e727cd6bcd0c654abe29ae220e : Windows XP MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: INTEL SSDSA2CW080G3 +++++ --- User --- [MBR] 0be45aedd714228582a3c39eb483c4cf [BSP] ae430e96c13c891d26495aade7149a5d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[16].txt >> RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ; RKreport[15].txt ; RKreport[16].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Owner [Admin rights] Mode: Shortcuts HJfix -- Date: 05/01/2012 05:02:50 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ File attributes restored: ¤¤¤ Desktop: Success 0 / Fail 0 Quick launch: Success 0 / Fail 0 Programs: Success 0 / Fail 0 Start menu: Success 0 / Fail 0 User folder: Success 17 / Fail 0 My documents: Success 0 / Fail 0 My favorites: Success 0 / Fail 0 My pictures: Success 0 / Fail 0 My music: Success 0 / Fail 0 My videos: Success 0 / Fail 0 Local drives: Success 40 / Fail 0 Backup: [NOT FOUND] Drives: [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored [F:] \Device\HarddiskVolume1 -- 0x3 --> Restored [G:] \Device\HarddiskDmVolumes\Home_sys1Dg0\Volume1 -- 0x3 --> Restored ¤¤¤ Infection : ZeroAccess ¤¤¤ Finished : << RKreport[17].txt >> RKreport[16].txt ; RKreport[17].txt ; RKreport[2].txt ; RKreport[6].txt QUARANTINE REPORT-found in desktop folder labeled RK_Quarantine Time : 29/04/2012 22:27:28 -------------------------- [SM1BG.EXE.vir] -> C:\WINDOWS\SM1BG.EXE [F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe [F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe Time : 29/04/2012 22:28:35 -------------------------- ERROR [SM1BG.EXE.vir] -> C:\WINDOWS\SM1BG.EXE [F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe [F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe ERROR [SM1BG.EXE.vir] -> C:\WINDOWS\SM1BG.EXE [F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe Time : 29/04/2012 23:04:04 -------------------------- ERROR [SM1BG.EXE.vir] -> C:\WINDOWS\SM1BG.EXE [F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe [F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe ERROR [SM1BG.EXE.vir] -> C:\WINDOWS\SM1BG.EXE [F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe Time : 29/04/2012 23:04:57 -------------------------- ERROR [SM1BG.EXE.vir] -> C:\WINDOWS\SM1BG.EXE [F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe [F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe ERROR [SM1BG.EXE.vir] -> C:\WINDOWS\SM1BG.EXE [F4D5618A0001836300216024D151FC4E.exe.vir] -> C:\Documents and Settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E\F4D5618A0001 836300216024D151FC4E.exe Time : 29/04/2012 23:46:52 -------------------------- Time : 29/04/2012 23:53:15 -------------------------- Time : 30/04/2012 00:10:41 -------------------------- Time : 30/04/2012 10:54:49 -------------------------- Time : 30/04/2012 10:55:10 -------------------------- Time : 30/04/2012 10:55:18 -------------------------- Time : 30/04/2012 10:55:24 -------------------------- Time : 30/04/2012 10:55:29 -------------------------- Time : 30/04/2012 10:55:37 -------------------------- Time : 30/04/2012 17:17:30 -------------------------- Time : 30/04/2012 17:31:40 -------------------------- Time : 30/04/2012 17:37:02 -------------------------- Time : 30/04/2012 17:50:50 -------------------------- Time : 30/04/2012 17:51:14 -------------------------- Time : 01/05/2012 04:53:05 -------------------------- Time : 01/05/2012 04:53:43 -------------------------- Time : 01/05/2012 05:02:49 -------------------------- Time : 01/05/2012 09:09:47 -------------------------- Time : 01/05/2012 10:03:03 -------------------------- Time : 01/05/2012 10:05:26 -------------------------- Time : 01/05/2012 10:06:18 -------------------------- Time : 01/05/2012 10:06:39 -------------------------- Time : 01/05/2012 10:06:48 -------------------------- Time : 01/05/2012 10:11:14 -------------------------- Time : 01/05/2012 10:23:40 -------------------------- Time : 01/05/2012 10:23:45 -------------------------- Time : 01/05/2012 10:29:49 -------------------------- Time : 01/05/2012 11:14:33 -------------------------- Time : 01/05/2012 11:18:30 -------------------------- Time : 01/05/2012 11:19:11 -------------------------- Time : 01/05/2012 11:21:28 -------------------------- Time : 01/05/2012 11:46:57 -------------------------- Time : 01/05/2012 11:47:14 -------------------------- Time : 01/05/2012 12:20:43 -------------------------- Time : 01/05/2012 12:23:54 -------------------------- Time : 01/05/2012 17:34:42 -------------------------- Time : 01/05/2012 17:35:32 -------------------------- Time : 01/05/2012 17:37:48 -------------------------- Time : 01/05/2012 18:03:45 -------------------------- Time : 01/05/2012 18:04:31 -------------------------- Time : 01/05/2012 18:05:13 -------------------------- Time : 01/05/2012 18:49:19 -------------------------- Time : 01/05/2012 19:50:58 -------------------------- Time : 01/05/2012 19:51:39 -------------------------- Time : 01/05/2012 21:26:58 -------------------------- Time : 01/05/2012 21:28:27 -------------------------- Time : 01/05/2012 21:30:21 -------------------------- Time : 05/05/2012 16:06:18 -------------------------- Time : 05/05/2012 16:12:07 -------------------------- Time : 05/05/2012 16:37:29 -------------------------- Time : 05/05/2012 16:38:05 -------------------------- Time : 06/05/2012 14:02:24 -------------------------- Time : 06/05/2012 14:02:52 -------------------------- Time : 06/05/2012 14:02:57 -------------------------- Time : 06/05/2012 14:03:06 -------------------------- Time : 06/05/2012 14:03:09 -------------------------- Time : 07/05/2012 15:12:32 -------------------------- Time : 07/05/2012 15:13:17 -------------------------- Time : 07/05/2012 15:15:38 --------------------------
|
|
#6
May 8th, 2012, 04:50 AM
|
||||
|
||||
|
Never seen so many RogueKiller reports!!
 Quote:
|
|
#7
May 8th, 2012, 02:13 PM
|
||||
|
||||
|
Quote:
re: many RogueKiller reports--I ran RougeKiller after other removal tools to see if ZeroAccess has been killed. All reports are for the same day. Reports: RogueKiller (17) RKQuarantine (1) Malewarebytes (1) ComboFix -Directory folder named Qoobox contains files named: Add-remove programs.txt (1) Combo-fix quarantined files.txt (1) Combofix2.txt (1) folder in Qoobox named "Quarantine" -contains report named Catchme.log this folder also had other folders named, C ,Doc&Settings,All users, Application Data,Temp-A folder named BACKENV cannot be opened "Denied access" TDSSKiller (1) FSecureOnline Scanner report (1) Unhide.txt (1) RSIT (3) SecurityCheck (1) MS SafetyScan I must leave for work now and will be able to work on this after 6pm tonite Thanks
|
|
#8
May 8th, 2012, 10:56 PM
|
||||
|
||||
|
Just post the following:
1. TDSSKiller 2. On ComboFix...do you have the original ComboFix.txt on the Desktop? Also post: Add-remove programs.txt (1) Combo-fix quarantined files.txt (1) Combofix2.txt (1)
|
|
#9
May 9th, 2012, 03:07 AM
|
||||
|
||||
|
hi Aaflac
Been searching for the files you requested---thanks for reading :-) Getting error msg posting 131134 characters-I will put in three replies re: TDSSKILLER log I ran this tool on two consecutive days 4/30/12(safe mode) and 5/1/12 (normal)- I have posted both reports. re:ComboFix Original Combofix.txt was not on desktop-I did find it in system disk root folder C -I noticed combofix.txt report is dated later than combofix2.txt- is that odd? TDSSKiller Safe mode dated 4.30.12 17:55:24.0000 1608 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43 17:55:24.0265 1608 ================================================== ========== 17:55:24.0265 1608 Current date / time: 2012/04/30 17:55:24.0265 17:55:24.0265 1608 SystemInfo: 17:55:24.0265 1608 17:55:24.0265 1608 OS Version: 5.1.2600 ServicePack: 3.0 17:55:24.0265 1608 Product type: Workstation 17:55:24.0265 1608 ComputerName: HOME_SYS1 17:55:24.0265 1608 UserName: Owner 17:55:24.0265 1608 Windows directory: C:\WINDOWS 17:55:24.0265 1608 System windows directory: C:\WINDOWS 17:55:24.0265 1608 Processor architecture: Intel x86 17:55:24.0265 1608 Number of processors: 2 17:55:24.0265 1608 Page size: 0x1000 17:55:24.0265 1608 Boot type: Safe boot with network 17:55:24.0265 1608 ================================================== ========== 17:55:24.0687 1608 Drive \Device\Harddisk0\DR0 - Size: 0x12A3980000 (74.56 Gb), SectorSize: 0x200, Cylinders: 0x2604, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 17:55:24.0703 1608 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 17:55:24.0703 1608 Drive \Device\Harddisk2\DR2 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 17:55:24.0703 1608 ================================================== ========== 17:55:24.0703 1608 \Device\Harddisk0\DR0: 17:55:24.0703 1608 MBR partitions: 17:55:24.0703 1608 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9516204 17:55:24.0703 1608 \Device\Harddisk1\DR1: 17:55:24.0703 1608 MBR partitions: 17:55:24.0703 1608 \Device\Harddisk2\DR2: 17:55:24.0703 1608 MBR partitions: 17:55:24.0703 1608 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1 17:55:24.0703 1608 ================================================== ========== 17:55:24.0703 1608 C: <-> \Device\Harddisk2\DR2\Partition0 17:55:24.0718 1608 F: <-> \Device\Harddisk0\DR0\Partition0 17:55:24.0718 1608 ================================================== ========== 17:55:24.0718 1608 Initialize success 17:55:24.0718 1608 ================================================== ========== 17:55:32.0312 1524 ================================================== ========== 17:55:32.0312 1524 Scan started 17:55:32.0312 1524 Mode: Manual; SigCheck; TDLFS; 17:55:32.0312 1524 ================================================== ========== 17:55:32.0500 1524 .redbook - ok 17:55:32.0546 1524 Abiosdsk - ok 17:55:32.0578 1524 abp480n5 - ok 17:55:32.0609 1524 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 17:55:33.0656 1524 ACPI - ok 17:55:33.0671 1524 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 17:55:33.0843 1524 ACPIEC - ok 17:55:33.0875 1524 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe 17:55:33.0890 1524 AdobeFlashPlayerUpdateSvc - ok 17:55:33.0906 1524 adpu160m - ok 17:55:33.0953 1524 aeaudio (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\aeaudio.sys 17:55:33.0984 1524 aeaudio - ok 17:55:34.0015 1524 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 17:55:34.0171 1524 aec - ok 17:55:34.0203 1524 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys 17:55:34.0218 1524 AFD - ok 17:55:34.0234 1524 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 17:55:34.0406 1524 agp440 - ok 17:55:34.0421 1524 Aha154x - ok 17:55:34.0453 1524 aic78u2 - ok 17:55:34.0484 1524 aic78xx - ok 17:55:34.0500 1524 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 17:55:34.0671 1524 Alerter - ok 17:55:34.0687 1524 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 17:55:34.0765 1524 ALG - ok 17:55:34.0781 1524 AliIde - ok 17:55:34.0796 1524 amsint - ok 17:55:34.0843 1524 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 17:55:34.0906 1524 AppMgmt - ok 17:55:34.0921 1524 asc - ok 17:55:34.0953 1524 asc3350p - ok 17:55:34.0984 1524 asc3550 - ok 17:55:35.0062 1524 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspn et_state.exe 17:55:35.0093 1524 aspnet_state - ok 17:55:35.0109 1524 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 17:55:35.0265 1524 AsyncMac - ok 17:55:35.0296 1524 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 17:55:35.0453 1524 atapi - ok 17:55:35.0468 1524 Atdisk - ok 17:55:35.0500 1524 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 17:55:35.0671 1524 Atmarpc - ok 17:55:35.0687 1524 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 17:55:35.0859 1524 AudioSrv - ok 17:55:35.0875 1524 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 17:55:36.0062 1524 audstub - ok 17:55:36.0078 1524 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 17:55:36.0250 1524 Beep - ok 17:55:36.0281 1524 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 17:55:36.0468 1524 BITS - ok 17:55:36.0484 1524 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 17:55:36.0671 1524 Browser - ok 17:55:36.0687 1524 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 17:55:36.0859 1524 cbidf2k - ok 17:55:36.0875 1524 cd20xrnt - ok 17:55:36.0906 1524 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 17:55:37.0093 1524 Cdaudio - ok 17:55:37.0109 1524 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 17:55:37.0281 1524 Cdfs - ok 17:55:37.0296 1524 Cdr4_xp (6674bb4a919220d05bd002bbf6081aaa) C:\WINDOWS\system32\drivers\Cdr4_xp.sys 17:55:37.0296 1524 Cdr4_xp ( UnsignedFile.Multi.Generic ) - warning 17:55:37.0296 1524 Cdr4_xp - detected UnsignedFile.Multi.Generic (1) 17:55:37.0328 1524 Cdralw2k (8822a9246c20af99686e65710c7d6a5d) C:\WINDOWS\system32\drivers\Cdralw2k.sys 17:55:37.0328 1524 Cdralw2k ( UnsignedFile.Multi.Generic ) - warning 17:55:37.0328 1524 Cdralw2k - detected UnsignedFile.Multi.Generic (1) 17:55:37.0359 1524 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 17:55:37.0375 1524 Cdrom - ok 17:55:37.0406 1524 cdudf_xp (66b9f9c62721f2347211c0c9bcce4e98) C:\WINDOWS\system32\drivers\cdudf_xp.sys 17:55:37.0421 1524 cdudf_xp ( UnsignedFile.Multi.Generic ) - warning 17:55:37.0421 1524 cdudf_xp - detected UnsignedFile.Multi.Generic (1) 17:55:37.0437 1524 Changer - ok 17:55:37.0468 1524 Cinemsup (f6a0f51706cb4b0d5b8718ff69f831ba) C:\WINDOWS\system32\drivers\Cinemsup.sys 17:55:37.0468 1524 Cinemsup ( UnsignedFile.Multi.Generic ) - warning 17:55:37.0468 1524 Cinemsup - detected UnsignedFile.Multi.Generic (1) 17:55:37.0484 1524 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 17:55:37.0671 1524 CiSvc - ok 17:55:37.0687 1524 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 17:55:37.0859 1524 ClipSrv - ok 17:55:37.0875 1524 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe 17:55:37.0906 1524 clr_optimization_v2.0.50727_32 - ok 17:55:37.0937 1524 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe 17:55:37.0968 1524 clr_optimization_v4.0.30319_32 - ok 17:55:37.0984 1524 CmdIde - ok 17:55:38.0000 1524 COMSysApp - ok 17:55:38.0062 1524 Cpqarray - ok 17:55:38.0093 1524 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe 17:55:38.0109 1524 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning 17:55:38.0109 1524 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1) 17:55:38.0125 1524 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 17:55:38.0296 1524 CryptSvc - ok 17:55:38.0328 1524 ctsfm2k (fcbb8ea6fe935d2c531d3a4dee9f985b) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 17:55:38.0359 1524 ctsfm2k - ok 17:55:38.0375 1524 CTUSFSYN (12a7b253f9128b3b68a9979827047b76) C:\WINDOWS\system32\drivers\ctusfsyn.sys 17:55:38.0406 1524 CTUSFSYN - ok 17:55:38.0421 1524 dac2w2k - ok 17:55:38.0453 1524 dac960nt - ok 17:55:38.0484 1524 DcomLaunch (9222562d44021b988b9f9f62207fb6f2) C:\WINDOWS\system32\rpcss.dll 17:55:38.0515 1524 DcomLaunch - ok 17:55:38.0546 1524 Dhcp (c51de19619d50cbd03708647aca10e70) C:\WINDOWS\System32\dhcpcsvc.dll 17:55:38.0562 1524 Dhcp - ok 17:55:38.0578 1524 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys 17:55:38.0609 1524 Disk - ok 17:55:38.0625 1524 dmadmin - ok 17:55:38.0687 1524 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 17:55:38.0875 1524 dmboot - ok 17:55:38.0906 1524 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 17:55:39.0078 1524 dmio - ok 17:55:39.0093 1524 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 17:55:39.0250 1524 dmload - ok 17:55:39.0281 1524 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 17:55:39.0453 1524 dmserver - ok 17:55:39.0468 1524 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 17:55:39.0640 1524 DMusic - ok 17:55:39.0656 1524 Dnscache (d977659ae4d8ece5286d99d1ed34614d) C:\WINDOWS\System32\dnsrslvr.dll 17:55:39.0687 1524 Dnscache - ok 17:55:39.0718 1524 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 17:55:39.0890 1524 Dot3svc - ok 17:55:39.0906 1524 dpti2o - ok 17:55:39.0937 1524 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 17:55:40.0109 1524 drmkaud - ok 17:55:40.0125 1524 drvmcdb (7df2e645fbda7cde94fcabba7f0de4c2) C:\WINDOWS\system32\DRIVERS\drvmcdb.sys 17:55:40.0140 1524 drvmcdb ( UnsignedFile.Multi.Generic ) - warning 17:55:40.0140 1524 drvmcdb - detected UnsignedFile.Multi.Generic (1) 17:55:40.0156 1524 DVDVRRdr_xp (1d5eda9961b16b8e800639038d7492ad) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys 17:55:40.0171 1524 DVDVRRdr_xp ( UnsignedFile.Multi.Generic ) - warning 17:55:40.0171 1524 DVDVRRdr_xp - detected UnsignedFile.Multi.Generic (1) 17:55:40.0187 1524 dvd_2K (df112f6f01efedc21c9bc5ce822ce1d3) C:\WINDOWS\system32\drivers\dvd_2K.sys 17:55:40.0203 1524 dvd_2K ( UnsignedFile.Multi.Generic ) - warning 17:55:40.0203 1524 dvd_2K - detected UnsignedFile.Multi.Generic (1) 17:55:40.0218 1524 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 17:55:40.0390 1524 EapHost - ok 17:55:40.0406 1524 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 17:55:40.0578 1524 ERSvc - ok 17:55:40.0609 1524 Eventlog (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe 17:55:40.0625 1524 Eventlog - ok 17:55:40.0656 1524 EventSystem (f17f6226bdc0cd5f0bef0daf84d29bec) C:\WINDOWS\system32\es.dll 17:55:40.0687 1524 EventSystem - ok 17:55:40.0718 1524 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 17:55:40.0875 1524 Fastfat - ok 17:55:40.0890 1524 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 17:55:40.0921 1524 FastUserSwitchingCompatibility - ok 17:55:40.0937 1524 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 17:55:41.0109 1524 Fdc - ok 17:55:41.0140 1524 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 17:55:41.0296 1524 Fips - ok 17:55:41.0328 1524 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 17:55:41.0484 1524 Flpydisk - ok 17:55:41.0500 1524 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 17:55:41.0687 1524 FltMgr - ok 17:55:41.0703 1524 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe 17:55:41.0734 1524 FontCache3.0.0.0 - ok 17:55:41.0750 1524 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 17:55:41.0921 1524 Fs_Rec - ok 17:55:41.0937 1524 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 17:55:42.0109 1524 Ftdisk - ok 17:55:42.0125 1524 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 17:55:42.0296 1524 Gpc - ok 17:55:42.0312 1524 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 17:55:42.0484 1524 helpsvc - ok 17:55:42.0500 1524 HidServ - ok 17:55:42.0531 1524 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 17:55:42.0703 1524 HidUsb - ok 17:55:42.0718 1524 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 17:55:42.0890 1524 hkmsvc - ok 17:55:42.0906 1524 hpn - ok 17:55:42.0953 1524 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 17:55:42.0968 1524 HTTP - ok 17:55:42.0984 1524 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 17:55:43.0171 1524 HTTPFilter - ok 17:55:43.0187 1524 i2omgmt - ok 17:55:43.0218 1524 i2omp - ok 17:55:43.0250 1524 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 17:55:43.0421 1524 i8042prt - ok 17:55:43.0468 1524 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 17:55:43.0484 1524 IDriverT ( UnsignedFile.Multi.Generic ) - warning 17:55:43.0484 1524 IDriverT - detected UnsignedFile.Multi.Generic (1) 17:55:43.0531 1524 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 17:55:43.0593 1524 idsvc - ok 17:55:43.0609 1524 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 17:55:43.0781 1524 Imapi - ok 17:55:43.0812 1524 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 17:55:43.0984 1524 ImapiService - ok 17:55:44.0015 1524 ini910u - ok 17:55:44.0046 1524 IntelIde - ok 17:55:44.0078 1524 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 17:55:44.0250 1524 intelppm - ok 17:55:44.0281 1524 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 17:55:44.0453 1524 Ip6Fw - ok 17:55:44.0468 1524 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 17:55:44.0640 1524 IpFilterDriver - ok 17:55:44.0656 1524 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 17:55:44.0843 1524 IpInIp - ok 17:55:44.0859 1524 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 17:55:45.0031 1524 IpNat - ok 17:55:45.0046 1524 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 17:55:45.0234 1524 IPSec - ok 17:55:45.0250 1524 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 17:55:45.0328 1524 IRENUM - ok 17:55:45.0359 1524 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 17:55:45.0515 1524 isapnp - ok 17:55:45.0546 1524 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe 17:55:45.0578 1524 JavaQuickStarterService - ok 17:55:45.0593 1524 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 17:55:45.0750 1524 Kbdclass - ok 17:55:45.0781 1524 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 17:55:45.0953 1524 kmixer - ok 17:55:45.0968 1524 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys 17:55:46.0000 1524 KSecDD - ok 17:55:46.0015 1524 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 17:55:46.0046 1524 LanmanServer - ok 17:55:46.0078 1524 lanmanworkstation (3b9324d60dd321bab7bf6f77931d3fd1) C:\WINDOWS\System32\wkssvc.dll 17:55:46.0093 1524 lanmanworkstation - ok 17:55:46.0109 1524 lbrtfdc - ok 17:55:46.0156 1524 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 17:55:46.0343 1524 LmHosts - ok 17:55:46.0359 1524 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys 17:55:46.0406 1524 mbamchameleon - ok 17:55:46.0437 1524 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 17:55:46.0609 1524 Messenger - ok 17:55:46.0640 1524 MidiSyn (8c7d037a53b495e7c250fd70b158b581) C:\WINDOWS\system32\drivers\MidiSyn.sys 17:55:46.0656 1524 MidiSyn - ok 17:55:46.0671 1524 mmc_2K (a52ed33515755e825d090a47793b773f) C:\WINDOWS\system32\drivers\mmc_2K.sys 17:55:46.0687 1524 mmc_2K ( UnsignedFile.Multi.Generic ) - warning 17:55:46.0687 1524 mmc_2K - detected UnsignedFile.Multi.Generic (1) 17:55:46.0703 1524 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 17:55:46.0875 1524 mnmdd - ok 17:55:46.0890 1524 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 17:55:47.0062 1524 mnmsrvc - ok 17:55:47.0078 1524 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 17:55:47.0250 1524 Modem - ok 17:55:47.0265 1524 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 17:55:47.0437 1524 Mouclass - ok 17:55:47.0453 1524 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 17:55:47.0625 1524 mouhid - ok 17:55:47.0640 1524 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 17:55:47.0796 1524 MountMgr - ok 17:55:47.0828 1524 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 17:55:47.0859 1524 MozillaMaintenance - ok 17:55:47.0875 1524 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 17:55:47.0906 1524 MpFilter - ok 17:55:47.0921 1524 mraid35x - ok 17:55:47.0953 1524 MRxDAV (65e818c473e220b6ab762e1966296fd1) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 17:55:47.0984 1524 MRxDAV - ok 17:55:48.0015 1524 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 17:55:48.0046 1524 MRxSmb - ok 17:55:48.0062 1524 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 17:55:48.0234 1524 MSDTC - ok 17:55:48.0281 1524 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 17:55:48.0453 1524 Msfs - ok 17:55:48.0468 1524 MSIServer - ok 17:55:48.0484 1524 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 17:55:48.0656 1524 MSKSSRV - ok 17:55:48.0671 1524 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 17:55:48.0703 1524 MsMpSvc - ok 17:55:48.0718 1524 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 17:55:48.0875 1524 MSPCLOCK - ok 17:55:48.0890 1524 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 17:55:49.0046 1524 MSPQM - ok 17:55:49.0062 1524 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 17:55:49.0234 1524 mssmbios - ok 17:55:49.0250 1524 MSSQL$MSSMLBIZ - ok 17:55:49.0281 1524 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe 17:55:49.0296 1524 MSSQLServerADHelper - ok 17:55:49.0328 1524 Mup (f7b1ad991491f02af6da70b00b8bf114) C:\WINDOWS\system32\drivers\Mup.sys 17:55:49.0359 1524 Mup - ok 17:55:49.0390 1524 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 17:55:49.0546 1524 napagent - ok 17:55:49.0578 1524 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 17:55:49.0734 1524 NDIS - ok 17:55:49.0750 1524 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 17:55:49.0781 1524 NdisTapi - ok 17:55:49.0796 1524 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 17:55:49.0968 1524 Ndisuio - ok 17:55:50.0000 1524 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 17:55:50.0156 1524 NdisWan - ok 17:55:50.0171 1524 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 17:55:50.0203 1524 NDProxy - ok 17:55:50.0218 1524 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 17:55:50.0390 1524 NetBIOS - ok 17:55:50.0421 1524 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 17:55:50.0562 1524 NetBT - ok 17:55:50.0593 1524 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 17:55:50.0765 1524 NetDDE - ok 17:55:50.0781 1524 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 17:55:50.0937 1524 NetDDEdsdm - ok 17:55:50.0968 1524 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 17:55:51.0125 1524 Netlogon - ok 17:55:51.0156 1524 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 17:55:51.0312 1524 Netman - ok 17:55:51.0343 1524 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe 17:55:51.0375 1524 NetTcpPortSharing - ok 17:55:51.0406 1524 Nla (290c1a30defc723bbe10910ac2d6f6d0) C:\WINDOWS\System32\mswsock.dll 17:55:51.0421 1524 Nla - ok 17:55:51.0453 1524 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files\CDBurnerXP\NMSAccessU.exe 17:55:51.0484 1524 NMSAccessU - ok 17:55:51.0500 1524 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 17:55:51.0671 1524 Npfs - ok 17:55:51.0703 1524 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys 17:55:51.0734 1524 Ntfs - ok 17:55:51.0750 1524 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 17:55:51.0921 1524 NtLmSsp - ok 17:55:51.0968 1524 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 17:55:52.0140 1524 NtmsSvc - ok 17:55:52.0156 1524 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 17:55:52.0312 1524 Null - ok 17:55:52.0562 1524 nv (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 17:55:52.0750 1524 nv - ok 17:55:52.0781 1524 NVSvc (934833b3cd462a6f8a96f64d024c8b20) C:\WINDOWS\system32\nvsvc32.exe 17:55:52.0812 1524 NVSvc - ok 17:55:52.0828 1524 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 17:55:53.0000 1524 NwlnkFlt - ok 17:55:53.0015 1524 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 17:55:53.0187 1524 NwlnkFwd - ok 17:55:53.0218 1524 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 17:55:53.0250 1524 odserv - ok 17:55:53.0281 1524 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:55:53.0296 1524 ose - ok 17:55:53.0328 1524 ossrv (3649eefa90990249267dd6c7808cbc86) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 17:55:53.0359 1524 ossrv - ok 17:55:53.0421 1524 P17xfi (230780e5ace287e0a550a523d494b3d0) C:\WINDOWS\system32\drivers\P17xfi.sys 17:55:53.0468 1524 P17xfi - ok 17:55:53.0546 1524 p17xfilt (13229088b5fac03fdf1dd72f114618b6) C:\WINDOWS\system32\drivers\p17xfilt.sys 17:55:53.0609 1524 p17xfilt - ok 17:55:53.0656 1524 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 17:55:53.0812 1524 Parport - ok 17:55:53.0828 1524 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 17:55:54.0000 1524 PartMgr - ok 17:55:54.0015 1524 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 17:55:54.0171 1524 ParVdm - ok 17:55:54.0203 1524 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 17:55:54.0375 1524 PCI - ok 17:55:54.0390 1524 PCIDump - ok 17:55:54.0406 1524 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 17:55:54.0578 1524 PCIIde - ok 17:55:54.0609 1524 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 17:55:54.0750 1524 Pcmcia - ok 17:55:54.0765 1524 PDCOMP - ok 17:55:54.0796 1524 PDFRAME - ok 17:55:54.0828 1524 PDRELI - ok 17:55:54.0859 1524 PDRFRAME - ok 17:55:54.0875 1524 perc2 - ok 17:55:54.0906 1524 perc2hib - ok 17:55:55.0000 1524 PlugPlay (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe 17:55:55.0015 1524 PlugPlay - ok 17:55:55.0031 1524 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 17:55:55.0203 1524 PolicyAgent - ok 17:55:55.0234 1524 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 17:55:55.0390 1524 PptpMiniport - ok 17:55:55.0406 1524 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 17:55:55.0578 1524 ProtectedStorage - ok 17:55:55.0593 1524 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 17:55:55.0750 1524 PSched - ok 17:55:55.0765 1524 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 17:55:55.0937 1524 Ptilink - ok 17:55:55.0953 1524 pwd_2k (62d29677f6a7f018c5d49119cea67de5) C:\WINDOWS\system32\drivers\pwd_2k.sys 17:55:55.0968 1524 pwd_2k ( UnsignedFile.Multi.Generic ) - warning 17:55:55.0968 1524 pwd_2k - detected UnsignedFile.Multi.Generic (1) 17:55:55.0984 1524 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys 17:55:56.0000 1524 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning 17:55:56.0000 1524 PxHelp20 - detected UnsignedFile.Multi.Generic (1) 17:55:56.0015 1524 QBCFMonitorService (996f0d2e6ad456e12b0190660a5713a0) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe 17:55:56.0031 1524 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning 17:55:56.0031 1524 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1) 17:55:56.0046 1524 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe 17:55:56.0062 1524 QBFCService ( UnsignedFile.Multi.Generic ) - warning 17:55:56.0062 1524 QBFCService - detected UnsignedFile.Multi.Generic (1) 17:55:56.0125 1524 QBVSS (25fc19badf78b7fb1d835aac4b0b91a5) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe 17:55:56.0171 1524 QBVSS ( UnsignedFile.Multi.Generic ) - warning 17:55:56.0171 1524 QBVSS - detected UnsignedFile.Multi.Generic (1) 17:55:56.0187 1524 ql1080 - ok 17:55:56.0218 1524 Ql10wnt - ok 17:55:56.0250 1524 ql12160 - ok 17:55:56.0281 1524 ql1240 - ok 17:55:56.0296 1524 ql1280 - ok 17:55:56.0328 1524 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 17:55:56.0484 1524 RasAcd - ok 17:55:56.0515 1524 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 17:55:56.0687 1524 RasAuto - ok 17:55:56.0703 1524 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 17:55:56.0875 1524 Rasl2tp - ok 17:55:56.0906 1524 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 17:55:57.0062 1524 RasMan - ok 17:55:57.0078 1524 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 17:55:57.0250 1524 RasPppoe - ok 17:55:57.0265 1524 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 17:55:57.0421 1524 Raspti - ok 17:55:57.0453 1524 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys 17:55:57.0468 1524 Rdbss - ok 17:55:57.0484 1524 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 17:55:57.0656 1524 RDPCDD - ok 17:55:57.0703 1524 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 17:55:57.0859 1524 rdpdr - ok 17:55:57.0906 1524 RDPWD (2d293b720c206473a05950ce007db12a) C:\WINDOWS\system32\drivers\RDPWD.sys 17:55:57.0921 1524 RDPWD - ok 17:55:57.0953 1524 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 17:55:58.0109 1524 RDSessMgr - ok 17:55:58.0140 1524 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 17:55:58.0296 1524 RemoteAccess - ok 17:55:58.0312 1524 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 17:55:58.0484 1524 RemoteRegistry - ok 17:55:58.0500 1524 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 17:55:58.0671 1524 RpcLocator - ok 17:55:58.0703 1524 RpcSs (9222562d44021b988b9f9f62207fb6f2) C:\WINDOWS\system32\rpcss.dll 17:55:58.0734 1524 RpcSs - ok 17:55:58.0750 1524 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys 17:55:58.0781 1524 rspndr - ok 17:55:58.0812 1524 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 17:55:58.0968 1524 RSVP - ok 17:55:58.0984 1524 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 17:55:59.0156 1524 SamSs - ok 17:55:59.0187 1524 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 17:55:59.0343 1524 SCardSvr - ok 17:55:59.0359 1524 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 17:55:59.0531 1524 Schedule - ok 17:55:59.0546 1524 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 17:55:59.0640 1524 Secdrv - ok 17:55:59.0656 1524 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 17:55:59.0812 1524 seclogon - ok 17:55:59.0859 1524 senfilt (bb596a578330ad794c6769b588af6bb4) C:\WINDOWS\system32\drivers\senfilt.sys 17:55:59.0890 1524 senfilt - ok 17:55:59.0906 1524 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 17:56:00.0062 1524 SENS - ok 17:56:00.0078 1524 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 17:56:00.0250 1524 serenum - ok 17:56:00.0281 1524 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 17:56:00.0437 1524 Serial - ok 17:56:00.0531 1524 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 17:56:00.0703 1524 Sfloppy - ok 17:56:00.0750 1524 SharedAccess (4f10a2fa76b5bd54cd68afa94e8adb39) C:\WINDOWS\System32\ipnathlp.dll 17:56:00.0781 1524 SharedAccess - ok 17:56:00.0796 1524 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 17:56:00.0812 1524 ShellHWDetection - ok 17:56:00.0828 1524 Simbad - ok 17:56:00.0906 1524 smwdm (1319ea66a96250d59665d133c0ff7cd0) C:\WINDOWS\system32\drivers\smwdm.sys 17:56:00.0921 1524 smwdm - ok 17:56:00.0937 1524 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 17:56:00.0953 1524 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning 17:56:00.0953 1524 SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1) 17:56:00.0968 1524 Sparrow - ok 17:56:01.0000 1524 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 17:56:01.0156 1524 splitter - ok 17:56:01.0171 1524 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 17:56:01.0203 1524 Spooler - ok 17:56:01.0234 1524 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 17:56:01.0250 1524 SQLBrowser - ok 17:56:01.0265 1524 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 17:56:01.0296 1524 SQLWriter - ok 17:56:01.0312 1524 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 17:56:01.0390 1524 sr - ok 17:56:01.0421 1524 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 17:56:01.0484 1524 srservice - ok 17:56:01.0531 1524 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys 17:56:01.0546 1524 Srv - ok 17:56:01.0578 1524 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 17:56:01.0656 1524 SSDPSRV - ok 17:56:01.0687 1524 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 17:56:01.0843 1524 stisvc - ok 17:56:01.0859 1524 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 17:56:02.0031 1524 swenum - ok 17:56:02.0046 1524 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
|
|
#10
May 9th, 2012, 03:08 AM
|
||||
|
||||
|
PAGE 2
17:56:02.0218 1524 swmidi - ok 17:56:02.0234 1524 SwPrv - ok 17:56:02.0250 1524 symc810 - ok 17:56:02.0281 1524 symc8xx - ok 17:56:02.0312 1524 sym_hi - ok 17:56:02.0343 1524 sym_u3 - ok 17:56:02.0375 1524 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 17:56:02.0531 1524 sysaudio - ok 17:56:02.0562 1524 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 17:56:02.0718 1524 SysmonLog - ok 17:56:02.0750 1524 TapiSrv (e2b32b10acc5d97623275aafb67e5f03) C:\WINDOWS\System32\tapisrv.dll 17:56:02.0781 1524 TapiSrv - ok 17:56:02.0812 1524 Tcpip (6772154a2185f5fb42e37a87087c2398) C:\WINDOWS\system32\DRIVERS\tcpip.sys 17:56:02.0828 1524 Tcpip ( UnsignedFile.Multi.Generic ) - warning 17:56:02.0828 1524 Tcpip - detected UnsignedFile.Multi.Generic (1) 17:56:02.0843 1524 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 17:56:03.0015 1524 TDPIPE - ok 17:56:03.0031 1524 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 17:56:03.0203 1524 TDTCP - ok 17:56:03.0218 1524 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 17:56:03.0390 1524 TermDD - ok 17:56:03.0421 1524 TermService (37981a741ad7b04258e87129ffe79ab9) C:\WINDOWS\System32\termsrv.dll 17:56:03.0453 1524 TermService - ok 17:56:03.0468 1524 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 17:56:03.0500 1524 Themes - ok 17:56:03.0515 1524 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 17:56:03.0593 1524 TlntSvr - ok 17:56:03.0609 1524 TosIde - ok 17:56:03.0640 1524 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 17:56:03.0796 1524 TrkWks - ok 17:56:03.0843 1524 UDFReadr (fd0b16f8828f360390135031d8924ccd) C:\WINDOWS\system32\drivers\UDFReadr.sys 17:56:03.0843 1524 UDFReadr ( UnsignedFile.Multi.Generic ) - warning 17:56:03.0843 1524 UDFReadr - detected UnsignedFile.Multi.Generic (1) 17:56:03.0875 1524 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 17:56:04.0031 1524 Udfs - ok 17:56:04.0046 1524 ultra - ok 17:56:04.0093 1524 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 17:56:04.0265 1524 Update - ok 17:56:04.0281 1524 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 17:56:04.0359 1524 upnphost - ok 17:56:04.0375 1524 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 17:56:04.0546 1524 UPS - ok 17:56:04.0562 1524 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 17:56:04.0734 1524 usbccgp - ok 17:56:04.0750 1524 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys 17:56:04.0765 1524 usbehci - ok 17:56:04.0796 1524 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 17:56:04.0953 1524 usbhub - ok 17:56:04.0968 1524 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 17:56:05.0140 1524 USBSTOR - ok 17:56:05.0156 1524 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 17:56:05.0312 1524 usbuhci - ok 17:56:05.0328 1524 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 17:56:05.0500 1524 VgaSave - ok 17:56:05.0515 1524 ViaIde - ok 17:56:05.0546 1524 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 17:56:05.0718 1524 VolSnap - ok 17:56:05.0750 1524 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 17:56:05.0828 1524 VSS - ok 17:56:05.0859 1524 W32Time (9f8a0d0cbb2fa265a754516128c00e22) C:\WINDOWS\system32\w32time.dll 17:56:05.0890 1524 W32Time - ok 17:56:05.0921 1524 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 17:56:06.0062 1524 Wanarp - ok 17:56:06.0078 1524 WDICA - ok 17:56:06.0125 1524 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 17:56:06.0281 1524 wdmaud - ok 17:56:06.0296 1524 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 17:56:06.0468 1524 WebClient - ok 17:56:06.0531 1524 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 17:56:06.0687 1524 winmgmt - ok 17:56:06.0750 1524 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll 17:56:06.0781 1524 WmdmPmSN - ok 17:56:06.0812 1524 Wmi (c8a6c82f90b055149925dc7526b2d78c) C:\WINDOWS\System32\advapi32.dll 17:56:06.0859 1524 Wmi - ok 17:56:06.0890 1524 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 17:56:07.0046 1524 WmiApSrv - ok 17:56:07.0093 1524 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 17:56:07.0140 1524 WMPNetworkSvc - ok 17:56:07.0187 1524 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe 17:56:07.0234 1524 WPFFontCache_v0400 - ok 17:56:07.0281 1524 wuauserv (aae1a6ffba2b0436e91795120f48c461) C:\WINDOWS\system32\wuauserv.dll 17:56:07.0312 1524 wuauserv - ok 17:56:07.0328 1524 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 17:56:07.0343 1524 WudfPf - ok 17:56:07.0375 1524 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 17:56:07.0406 1524 WudfRd - ok 17:56:07.0421 1524 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 17:56:07.0453 1524 WudfSvc - ok 17:56:07.0484 1524 WZCSVC (349b8d2bb755e8c3b0e3e82a87663e55) C:\WINDOWS\System32\wzcsvc.dll 17:56:07.0531 1524 WZCSVC - ok 17:56:07.0546 1524 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 17:56:07.0703 1524 xmlprov - ok 17:56:07.0750 1524 yukonwxp (89f8c4875e19c7081cf9c37539242ae3) C:\WINDOWS\system32\DRIVERS\yk51x86.sys 17:56:07.0796 1524 yukonwxp - ok 17:56:07.0812 1524 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 17:56:08.0031 1524 \Device\Harddisk0\DR0 - ok 17:56:08.0062 1524 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 17:56:08.0828 1524 \Device\Harddisk1\DR1 - ok 17:56:08.0843 1524 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2 17:56:08.0921 1524 \Device\Harddisk2\DR2 - ok 17:56:08.0968 1524 Boot (0x1200) (1c36917ff34068ed34b8c5677c159fe1) \Device\Harddisk0\DR0\Partition0 17:56:08.0968 1524 \Device\Harddisk0\DR0\Partition0 - ok 17:56:08.0984 1524 Boot (0x1200) (df94ce3469ac2d696cc1ee66a5348902) \Device\Harddisk2\DR2\Partition0 17:56:08.0984 1524 \Device\Harddisk2\DR2\Partition0 - ok 17:56:08.0984 1524 ================================================== ========== 17:56:08.0984 1524 Scan finished 17:56:08.0984 1524 ================================================== ========== 17:56:09.0125 1836 Detected object count: 18 17:56:09.0125 1836 Actual detected object count: 18 17:57:04.0468 1836 Cdr4_xp ( UnsignedFile.Multi.Generic ) - skipped by user 17:57:04.0468 1836 Cdr4_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:57:04.0468 1836 Cdralw2k ( UnsignedFile.Multi.Generic ) - skipped by user 17:57:04.0468 1836 Cdralw2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:57:04.0484 1836 cdudf_xp ( UnsignedFile.Multi.Generic ) - skipped by user 17:57:04.0484 1836 cdudf_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:57:04.0484 1836 Cinemsup ( UnsignedFile.Multi.Generic ) - skipped by user 17:57:04.0484 1836 Cinemsup ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:57:04.0500 1836 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user 17:57:04.0500 1836 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:57:04.0515 1836 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user 17:57:04.0515 1836 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:57:04.0531 1836 DVDVRRdr_xp ( UnsignedFile.Multi.Generic ) - skipped by user 17:57:04.0531 1836 DVDVRRdr_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:57:04.0546 1836 dvd_2K ( UnsignedFile.Multi.Generic ) - skipped by user 17:57:04.0546 1836 dvd_2K ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:57:04.0562 1836 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 17:57:04.0562 1836 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:57:04.0562 1836 mmc_2K ( UnsignedFile.Multi.Generic ) - skipped by user 17:57:04.0562 1836 mmc_2K ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:57:04.0578 1836 pwd_2k ( UnsignedFile.Multi.Generic ) - skipped by user 17:57:04.0578 1836 pwd_2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:57:04.0593 1836 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user 17:57:04.0593 1836 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:57:04.0609 1836 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user 17:57:04.0609 1836 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:57:04.0625 1836 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user 17:57:04.0625 1836 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:57:04.0640 1836 QBVSS ( UnsignedFile.Multi.Generic ) - skipped by user 17:57:04.0640 1836 QBVSS ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:57:04.0640 1836 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user 17:57:04.0640 1836 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:57:04.0656 1836 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user 17:57:04.0656 1836 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:57:04.0671 1836 UDFReadr ( UnsignedFile.Multi.Generic ) - skipped by user 17:57:04.0671 1836 UDFReadr ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:57:06.0843 1584 Deinitialize success 10:34:48.0375 3004 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43 10:34:48.0640 3004 ================================================== ========== 10:34:48.0640 3004 Current date / time: 2012/05/01 10:34:48.0640 10:34:48.0640 3004 SystemInfo: 10:34:48.0640 3004 10:34:48.0640 3004 OS Version: 5.1.2600 ServicePack: 3.0 10:34:48.0640 3004 Product type: Workstation 10:34:48.0640 3004 ComputerName: HOME_SYS1 10:34:48.0640 3004 UserName: Owner 10:34:48.0640 3004 Windows directory: C:\WINDOWS 10:34:48.0640 3004 System windows directory: C:\WINDOWS 10:34:48.0640 3004 Processor architecture: Intel x86 10:34:48.0640 3004 Number of processors: 2 10:34:48.0640 3004 Page size: 0x1000 10:34:48.0640 3004 Boot type: Normal boot 10:34:48.0640 3004 ================================================== ========== 10:34:50.0921 3004 Drive \Device\Harddisk0\DR0 - Size: 0x12A3980000 (74.56 Gb), SectorSize: 0x200, Cylinders: 0x2604, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 10:34:50.0937 3004 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 10:34:50.0937 3004 Drive \Device\Harddisk2\DR2 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 10:34:50.0937 3004 ================================================== ========== 10:34:50.0937 3004 \Device\Harddisk0\DR0: 10:34:50.0937 3004 MBR partitions: 10:34:50.0937 3004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9516204 10:34:50.0937 3004 \Device\Harddisk1\DR1: 10:34:50.0937 3004 MBR partitions: 10:34:50.0937 3004 \Device\Harddisk2\DR2: 10:34:50.0937 3004 MBR partitions: 10:34:50.0937 3004 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1 10:34:50.0937 3004 ================================================== ========== 10:34:50.0937 3004 C: <-> \Device\Harddisk2\DR2\Partition0 10:34:50.0968 3004 F: <-> \Device\Harddisk0\DR0\Partition0 10:34:50.0968 3004 ================================================== ========== 10:34:50.0968 3004 Initialize success 10:34:50.0968 3004 ================================================== ========== 10:35:00.0984 3312 ================================================== ========== 10:35:00.0984 3312 Scan started 10:35:00.0984 3312 Mode: Manual; SigCheck; TDLFS; 10:35:00.0984 3312 ================================================== ========== 10:35:01.0187 3312 .redbook - ok 10:35:01.0203 3312 Abiosdsk - ok 10:35:01.0218 3312 abp480n5 - ok 10:35:01.0234 3312 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 10:35:01.0468 3312 ACPI - ok 10:35:01.0484 3312 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 10:35:01.0578 3312 ACPIEC - ok 10:35:01.0593 3312 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe 10:35:01.0609 3312 AdobeFlashPlayerUpdateSvc - ok 10:35:01.0625 3312 adpu160m - ok 10:35:01.0640 3312 aeaudio (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\aeaudio.sys 10:35:01.0656 3312 aeaudio - ok 10:35:01.0671 3312 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 10:35:01.0781 3312 aec - ok 10:35:01.0796 3312 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys 10:35:01.0812 3312 AFD - ok 10:35:01.0812 3312 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 10:35:01.0921 3312 agp440 - ok 10:35:01.0937 3312 Aha154x - ok 10:35:01.0937 3312 aic78u2 - ok 10:35:01.0937 3312 aic78xx - ok 10:35:01.0953 3312 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 10:35:02.0062 3312 Alerter - ok 10:35:02.0078 3312 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 10:35:02.0125 3312 ALG - ok 10:35:02.0125 3312 AliIde - ok 10:35:02.0140 3312 amsint - ok 10:35:02.0156 3312 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 10:35:02.0203 3312 AppMgmt - ok 10:35:02.0203 3312 asc - ok 10:35:02.0218 3312 asc3350p - ok 10:35:02.0218 3312 asc3550 - ok 10:35:02.0250 3312 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspn et_state.exe 10:35:02.0265 3312 aspnet_state - ok 10:35:02.0265 3312 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 10:35:02.0375 3312 AsyncMac - ok 10:35:02.0390 3312 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 10:35:02.0500 3312 atapi - ok 10:35:02.0515 3312 Atdisk - ok 10:35:02.0531 3312 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 10:35:02.0640 3312 Atmarpc - ok 10:35:02.0656 3312 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 10:35:02.0781 3312 AudioSrv - ok 10:35:02.0781 3312 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 10:35:02.0890 3312 audstub - ok 10:35:02.0906 3312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 10:35:03.0015 3312 Beep - ok 10:35:03.0046 3312 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 10:35:03.0171 3312 BITS - ok 10:35:03.0187 3312 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 10:35:03.0296 3312 Browser - ok 10:35:03.0312 3312 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 10:35:03.0421 3312 cbidf2k - ok 10:35:03.0437 3312 cd20xrnt - ok 10:35:03.0437 3312 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 10:35:03.0562 3312 Cdaudio - ok 10:35:03.0578 3312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 10:35:03.0687 3312 Cdfs - ok 10:35:03.0687 3312 Cdr4_xp (6674bb4a919220d05bd002bbf6081aaa) C:\WINDOWS\system32\drivers\Cdr4_xp.sys 10:35:03.0703 3312 Cdr4_xp ( UnsignedFile.Multi.Generic ) - warning 10:35:03.0703 3312 Cdr4_xp - detected UnsignedFile.Multi.Generic (1) 10:35:03.0703 3312 Cdralw2k (8822a9246c20af99686e65710c7d6a5d) C:\WINDOWS\system32\drivers\Cdralw2k.sys 10:35:03.0703 3312 Cdralw2k ( UnsignedFile.Multi.Generic ) - warning 10:35:03.0703 3312 Cdralw2k - detected UnsignedFile.Multi.Generic (1) 10:35:03.0718 3312 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 10:35:03.0734 3312 Cdrom - ok 10:35:03.0750 3312 cdudf_xp (66b9f9c62721f2347211c0c9bcce4e98) C:\WINDOWS\system32\drivers\cdudf_xp.sys 10:35:03.0765 3312 cdudf_xp ( UnsignedFile.Multi.Generic ) - warning 10:35:03.0765 3312 cdudf_xp - detected UnsignedFile.Multi.Generic (1) 10:35:03.0765 3312 Changer - ok 10:35:03.0765 3312 Cinemsup (f6a0f51706cb4b0d5b8718ff69f831ba) C:\WINDOWS\system32\drivers\Cinemsup.sys 10:35:03.0781 3312 Cinemsup ( UnsignedFile.Multi.Generic ) - warning 10:35:03.0781 3312 Cinemsup - detected UnsignedFile.Multi.Generic (1) 10:35:03.0781 3312 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 10:35:03.0890 3312 CiSvc - ok 10:35:03.0906 3312 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 10:35:04.0031 3312 ClipSrv - ok 10:35:04.0031 3312 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe 10:35:04.0046 3312 clr_optimization_v2.0.50727_32 - ok 10:35:04.0062 3312 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe 10:35:04.0078 3312 clr_optimization_v4.0.30319_32 - ok 10:35:04.0078 3312 CmdIde - ok 10:35:04.0093 3312 COMSysApp - ok 10:35:04.0093 3312 Cpqarray - ok 10:35:04.0109 3312 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe 10:35:04.0109 3312 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning 10:35:04.0109 3312 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1) 10:35:04.0125 3312 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 10:35:04.0250 3312 CryptSvc - ok 10:35:04.0265 3312 ctsfm2k (fcbb8ea6fe935d2c531d3a4dee9f985b) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 10:35:04.0281 3312 ctsfm2k - ok 10:35:04.0296 3312 CTUSFSYN (12a7b253f9128b3b68a9979827047b76) C:\WINDOWS\system32\drivers\ctusfsyn.sys 10:35:04.0312 3312 CTUSFSYN - ok 10:35:04.0312 3312 dac2w2k - ok 10:35:04.0312 3312 dac960nt - ok 10:35:04.0343 3312 DcomLaunch (9222562d44021b988b9f9f62207fb6f2) C:\WINDOWS\system32\rpcss.dll 10:35:04.0359 3312 DcomLaunch - ok 10:35:04.0375 3312 Dhcp (c51de19619d50cbd03708647aca10e70) C:\WINDOWS\System32\dhcpcsvc.dll 10:35:04.0375 3312 Dhcp - ok 10:35:04.0390 3312 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys 10:35:04.0406 3312 Disk - ok 10:35:04.0406 3312 dmadmin - ok 10:35:04.0453 3312 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 10:35:04.0578 3312 dmboot - ok 10:35:04.0593 3312 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 10:35:04.0703 3312 dmio - ok 10:35:04.0718 3312 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 10:35:04.0828 3312 dmload - ok 10:35:04.0843 3312 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 10:35:04.0968 3312 dmserver - ok 10:35:04.0968 3312 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 10:35:05.0093 3312 DMusic - ok 10:35:05.0109 3312 Dnscache (d977659ae4d8ece5286d99d1ed34614d) C:\WINDOWS\System32\dnsrslvr.dll 10:35:05.0109 3312 Dnscache - ok 10:35:05.0125 3312 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 10:35:05.0250 3312 Dot3svc - ok 10:35:05.0250 3312 dpti2o - ok 10:35:05.0265 3312 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 10:35:05.0390 3312 drmkaud - ok 10:35:05.0390 3312 drvmcdb (7df2e645fbda7cde94fcabba7f0de4c2) C:\WINDOWS\system32\DRIVERS\drvmcdb.sys 10:35:05.0390 3312 drvmcdb ( UnsignedFile.Multi.Generic ) - warning 10:35:05.0390 3312 drvmcdb - detected UnsignedFile.Multi.Generic (1) 10:35:05.0406 3312 DVDVRRdr_xp (1d5eda9961b16b8e800639038d7492ad) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys 10:35:05.0406 3312 DVDVRRdr_xp ( UnsignedFile.Multi.Generic ) - warning 10:35:05.0406 3312 DVDVRRdr_xp - detected UnsignedFile.Multi.Generic (1) 10:35:05.0421 3312 dvd_2K (df112f6f01efedc21c9bc5ce822ce1d3) C:\WINDOWS\system32\drivers\dvd_2K.sys 10:35:05.0421 3312 dvd_2K ( UnsignedFile.Multi.Generic ) - warning 10:35:05.0421 3312 dvd_2K - detected UnsignedFile.Multi.Generic (1) 10:35:05.0437 3312 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 10:35:05.0562 3312 EapHost - ok 10:35:05.0562 3312 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 10:35:05.0687 3312 ERSvc - ok 10:35:05.0687 3312 Eventlog (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe 10:35:05.0703 3312 Eventlog - ok 10:35:05.0718 3312 EventSystem (f17f6226bdc0cd5f0bef0daf84d29bec) C:\WINDOWS\system32\es.dll 10:35:05.0734 3312 EventSystem - ok 10:35:05.0750 3312 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 10:35:05.0875 3312 Fastfat - ok 10:35:05.0875 3312 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 10:35:05.0890 3312 FastUserSwitchingCompatibility - ok 10:35:05.0906 3312 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 10:35:06.0031 3312 Fdc - ok 10:35:06.0031 3312 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 10:35:06.0156 3312 Fips - ok 10:35:06.0156 3312 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 10:35:06.0281 3312 Flpydisk - ok 10:35:06.0296 3312 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 10:35:06.0406 3312 FltMgr - ok 10:35:06.0421 3312 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe 10:35:06.0437 3312 FontCache3.0.0.0 - ok 10:35:06.0437 3312 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 10:35:06.0562 3312 Fs_Rec - ok 10:35:06.0578 3312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 10:35:06.0687 3312 Ftdisk - ok 10:35:06.0687 3312 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 10:35:06.0828 3312 Gpc - ok 10:35:06.0828 3312 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 10:35:06.0953 3312 helpsvc - ok 10:35:06.0953 3312 HidServ - ok 10:35:06.0953 3312 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 10:35:07.0078 3312 HidUsb - ok 10:35:07.0078 3312 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 10:35:07.0203 3312 hkmsvc - ok 10:35:07.0203 3312 hpn - ok 10:35:07.0218 3312 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 10:35:07.0234 3312 HTTP - ok 10:35:07.0250 3312 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 10:35:07.0359 3312 HTTPFilter - ok 10:35:07.0375 3312 i2omgmt - ok 10:35:07.0375 3312 i2omp - ok 10:35:07.0390 3312 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 10:35:07.0515 3312 i8042prt - ok 10:35:07.0531 3312 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 10:35:07.0531 3312 IDriverT ( UnsignedFile.Multi.Generic ) - warning 10:35:07.0531 3312 IDriverT - detected UnsignedFile.Multi.Generic (1) 10:35:07.0562 3312 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 10:35:07.0593 3312 idsvc - ok 10:35:07.0609 3312 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 10:35:07.0734 3312 Imapi - ok 10:35:07.0734 3312 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 10:35:07.0859 3312 ImapiService - ok 10:35:07.0859 3312 ini910u - ok 10:35:07.0875 3312 IntelIde - ok 10:35:07.0875 3312 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 10:35:08.0000 3312 intelppm - ok 10:35:08.0015 3312 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 10:35:08.0125 3312 Ip6Fw - ok 10:35:08.0140 3312 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 10:35:08.0265 3312 IpFilterDriver - ok 10:35:08.0265 3312 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 10:35:08.0390 3312 IpInIp - ok 10:35:08.0406 3312 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 10:35:08.0515 3312 IpNat - ok 10:35:08.0531 3312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 10:35:08.0656 3312 IPSec - ok 10:35:08.0656 3312 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 10:35:08.0703 3312 IRENUM - ok 10:35:08.0718 3312 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 10:35:08.0828 3312 isapnp - ok 10:35:08.0843 3312 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe 10:35:08.0859 3312 JavaQuickStarterService - ok 10:35:08.0875 3312 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 10:35:09.0000 3312 Kbdclass - ok 10:35:09.0015 3312 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 10:35:09.0125 3312 kmixer - ok 10:35:09.0140 3312 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys 10:35:09.0140 3312 KSecDD - ok 10:35:09.0156 3312 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 10:35:09.0171 3312 LanmanServer - ok 10:35:09.0187 3312 lanmanworkstation (3b9324d60dd321bab7bf6f77931d3fd1) C:\WINDOWS\System32\wkssvc.dll 10:35:09.0203 3312 lanmanworkstation - ok 10:35:09.0203 3312 lbrtfdc - ok 10:35:09.0218 3312 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 10:35:09.0343 3312 LmHosts - ok 10:35:09.0359 3312 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys 10:35:09.0390 3312 mbamchameleon - ok 10:35:09.0406 3312 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 10:35:09.0531 3312 Messenger - ok 10:35:09.0546 3312 MidiSyn (8c7d037a53b495e7c250fd70b158b581) C:\WINDOWS\system32\drivers\MidiSyn.sys 10:35:09.0562 3312 MidiSyn - ok 10:35:09.0562 3312 mmc_2K (a52ed33515755e825d090a47793b773f) C:\WINDOWS\system32\drivers\mmc_2K.sys 10:35:09.0578 3312 mmc_2K ( UnsignedFile.Multi.Generic ) - warning 10:35:09.0578 3312 mmc_2K - detected UnsignedFile.Multi.Generic (1) 10:35:09.0578 3312 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 10:35:09.0687 3312 mnmdd - ok 10:35:09.0703 3312 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 10:35:09.0828 3312 mnmsrvc - ok 10:35:09.0843 3312 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 10:35:09.0953 3312 Modem - ok 10:35:09.0968 3312 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 10:35:10.0093 3312 Mouclass - ok 10:35:10.0093 3312 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 10:35:10.0218 3312 mouhid - ok 10:35:10.0218 3312 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 10:35:10.0343 3312 MountMgr - ok 10:35:10.0359 3312 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 10:35:10.0375 3312 MozillaMaintenance - ok 10:35:10.0390 3312 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 10:35:10.0406 3312 MpFilter - ok 10:35:10.0406 3312 MpKsl43b015f3 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1299FC64-FCE5-4BBF-99E4-E8C4AE4F470D}\MpKsl43b015f3.sys 10:35:10.0421 3312 MpKsl43b015f3 - ok 10:35:10.0437 3312 mraid35x - ok 10:35:10.0453 3312 MRxDAV (65e818c473e220b6ab762e1966296fd1) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 10:35:10.0468 3312 MRxDAV - ok 10:35:10.0484 3312 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 10:35:10.0500 3312 MRxSmb - ok 10:35:10.0515 3312 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 10:35:10.0625 3312 MSDTC - ok 10:35:10.0640 3312 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 10:35:10.0765 3312 Msfs - ok 10:35:10.0781 3312 MSIServer - ok 10:35:10.0781 3312 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 10:35:10.0906 3312 MSKSSRV - ok 10:35:10.0906 3312 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe 10:35:10.0921 3312 MsMpSvc - ok 10:35:10.0921 3312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 10:35:11.0062 3312 MSPCLOCK - ok 10:35:11.0062 3312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 10:35:11.0171 3312 MSPQM - ok 10:35:11.0187 3312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 10:35:11.0312 3312 mssmbios - ok 10:35:11.0312 3312 MSSQL$MSSMLBIZ - ok 10:35:11.0328 3312 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe 10:35:11.0328 3312 MSSQLServerADHelper - ok 10:35:11.0343 3312 Mup (f7b1ad991491f02af6da70b00b8bf114) C:\WINDOWS\system32\drivers\Mup.sys 10:35:11.0359 3312 Mup - ok 10:35:11.0375 3312 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 10:35:11.0484 3312 napagent - ok 10:35:11.0500 3312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 10:35:11.0625 3312 NDIS - ok 10:35:11.0656 3312 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 10:35:11.0687 3312 NdisTapi - ok 10:35:11.0687 3312 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 10:35:11.0859 3312 Ndisuio - ok 10:35:11.0875 3312 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 10:35:12.0000 3312 NdisWan - ok 10:35:12.0000 3312 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 10:35:12.0015 3312 NDProxy - ok 10:35:12.0031 3312 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 10:35:12.0140 3312 NetBIOS - ok 10:35:12.0156 3312 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 10:35:12.0281 3312 NetBT - ok 10:35:12.0296 3312 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 10:35:12.0406 3312 NetDDE - ok 10:35:12.0406 3312 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 10:35:12.0515 3312 NetDDEdsdm - ok 10:35:12.0531 3312 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 10:35:12.0656 3312 Netlogon - ok 10:35:12.0671 3312 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 10:35:12.0859 3312 Netman - ok 10:35:12.0906 3312 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe 10:35:12.0937 3312 NetTcpPortSharing - ok 10:35:12.0953 3312 Nla (290c1a30defc723bbe10910ac2d6f6d0) C:\WINDOWS\System32\mswsock.dll 10:35:12.0984 3312 Nla - ok 10:35:13.0000 3312 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files\CDBurnerXP\NMSAccessU.exe 10:35:13.0015 3312 NMSAccessU - ok 10:35:13.0031 3312 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 10:35:13.0234 3312 Npfs - ok 10:35:13.0281 3312 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys 10:35:13.0312 3312 Ntfs - ok 10:35:13.0328 3312 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 10:35:13.0515 3312 NtLmSsp - ok 10:35:13.0562 3312 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 10:35:13.0734 3312 NtmsSvc - ok 10:35:13.0750 3312 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 10:35:13.0921 3312 Null - ok 10:35:14.0234 3312 nv (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10:35:14.0484 3312 nv - ok 10:35:14.0515 3312 NVSvc (934833b3cd462a6f8a96f64d024c8b20) C:\WINDOWS\system32\nvsvc32.exe 10:35:14.0546 3312 NVSvc - ok 10:35:14.0562 3312 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 10:35:14.0734 3312 NwlnkFlt - ok 10:35:14.0750 3312 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 10:35:14.0937 3312 NwlnkFwd - ok 10:35:15.0000 3312 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 10:35:15.0031 3312 odserv - ok 10:35:15.0046 3312 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 10:35:15.0062 3312 ose - ok 10:35:15.0078 3312 ossrv (3649eefa90990249267dd6c7808cbc86) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 10:35:15.0109 3312 ossrv - ok 10:35:15.0156 3312 P17xfi (230780e5ace287e0a550a523d494b3d0) C:\WINDOWS\system32\drivers\P17xfi.sys 10:35:15.0218 3312 P17xfi - ok 10:35:15.0296 3312 p17xfilt (13229088b5fac03fdf1dd72f114618b6) C:\WINDOWS\system32\drivers\p17xfilt.sys 10:35:15.0343 3312 p17xfilt - ok 10:35:15.0375 3312 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 10:35:15.0484 3312 Parport - ok 10:35:15.0484 3312 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 10:35:15.0609 3312 PartMgr - ok 10:35:15.0609 3312 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 10:35:15.0718 3312 ParVdm - ok 10:35:15.0734 3312 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 10:35:15.0843 3312 PCI - ok 10:35:15.0843 3312 PCIDump - ok 10:35:15.0859 3312 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 10:35:15.0968 3312 PCIIde - ok 10:35:15.0984 3312 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 10:35:16.0093 3312 Pcmcia - ok 10:35:16.0093 3312 PDCOMP - ok 10:35:16.0109 3312 PDFRAME - ok 10:35:16.0109 3312 PDRELI - ok 10:35:16.0109 3312 PDRFRAME - ok 10:35:16.0125 3312 perc2 - ok 10:35:16.0125 3312 perc2hib - ok 10:35:16.0140 3312 PlugPlay (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe 10:35:16.0156 3312 PlugPlay - ok 10:35:16.0171 3312 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 10:35:16.0312 3312 PolicyAgent - ok 10:35:16.0328 3312 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 10:35:16.0453 3312 PptpMiniport - ok 10:35:16.0453 3312 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 10:35:16.0593 3312 ProtectedStorage - ok 10:35:16.0609 3312 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 10:35:16.0734 3312 PSched - ok 10:35:16.0734 3312 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 10:35:16.0875 3312 Ptilink - ok 10:35:16.0875 3312 pwd_2k (62d29677f6a7f018c5d49119cea67de5) C:\WINDOWS\system32\drivers\pwd_2k.sys 10:35:16.0890 3312 pwd_2k ( UnsignedFile.Multi.Generic ) - warning 10:35:16.0890 3312 pwd_2k - detected UnsignedFile.Multi.Generic (1) 10:35:16.0890 3312 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys 10:35:16.0906 3312 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning 10:35:16.0906 3312 PxHelp20 - detected UnsignedFile.Multi.Generic (1) 10:35:16.0906 3312 QBCFMonitorService (996f0d2e6ad456e12b0190660a5713a0) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe 10:35:16.0921 3312 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning 10:35:16.0921 3312 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1) 10:35:16.0921 3312 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe 10:35:16.0937 3312 QBFCService ( UnsignedFile.Multi.Generic ) - warning 10:35:16.0937 3312 QBFCService - detected UnsignedFile.Multi.Generic (1) 10:35:16.0984 3312 QBVSS (25fc19badf78b7fb1d835aac4b0b91a5) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe 10:35:17.0015 3312 QBVSS ( UnsignedFile.Multi.Generic ) - warning 10:35:17.0015 3312 QBVSS - detected UnsignedFile.Multi.Generic (1) 10:35:17.0031 3312 ql1080 - ok 10:35:17.0031 3312 Ql10wnt - ok 10:35:17.0046 3312 ql12160 - ok 10:35:17.0046 3312 ql1240 - ok 10:35:17.0062 3312 ql1280 - ok 10:35:17.0062 3312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 10:35:17.0171 3312 RasAcd - ok 10:35:17.0187 3312 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 10:35:17.0296 3312 RasAuto - ok 10:35:17.0312 3312 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 10:35:17.0421 3312 Rasl2tp - ok 10:35:17.0437 3312 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 10:35:17.0546 3312 RasMan - ok 10:35:17.0562 3312 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 10:35:17.0671 3312 RasPppoe - ok 10:35:17.0687 3312 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 10:35:17.0796 3312 Raspti - ok 10:35:17.0796 3312 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys 10:35:17.0812 3312 Rdbss - ok 10:35:17.0828 3312 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 10:35:17.0921 3312 RDPCDD - ok 10:35:17.0953 3312 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 10:35:18.0062 3312 rdpdr - ok 10:35:18.0062 3312 RDPWD (2d293b720c206473a05950ce007db12a) C:\WINDOWS\system32\drivers\RDPWD.sys 10:35:18.0078 3312 RDPWD - ok 10:35:18.0109 3312 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 10:35:18.0218 3312 RDSessMgr - ok 10:35:18.0218 3312 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 10:35:18.0359 3312 RemoteAccess - ok 10:35:18.0375 3312 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 10:35:18.0484 3312 RemoteRegistry - ok 10:35:18.0500 3312 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 10:35:18.0609 3312 RpcLocator - ok 10:35:18.0625 3312 RpcSs (9222562d44021b988b9f9f62207fb6f2) C:\WINDOWS\system32\rpcss.dll 10:35:18.0640 3312 RpcSs - ok 10:35:18.0656 3312 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys 10:35:18.0671 3312 rspndr - ok 10:35:18.0687 3312 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 10:35:18.0796 3312 RSVP - ok 10:35:18.0812 3312 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 10:35:18.0921 3312 SamSs - ok 10:35:18.0937 3312 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 10:35:19.0046 3312 SCardSvr - ok 10:35:19.0062 3312 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 10:35:19.0187 3312 Schedule - ok 10:35:19.0187 3312 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 10:35:19.0265 3312 Secdrv - ok 10:35:19.0265 3312 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 10:35:19.0390 3312 seclogon - ok 10:35:19.0406 3312 senfilt (bb596a578330ad794c6769b588af6bb4) C:\WINDOWS\system32\drivers\senfilt.sys 10:35:19.0437 3312 senfilt - ok 10:35:19.0437 3312 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 10:35:19.0562 3312 SENS - ok 10:35:19.0562 3312 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 10:35:19.0671 3312 serenum - ok 10:35:19.0687 3312 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 10:35:19.0796 3312 Serial - ok 10:35:19.0828 3312 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 10:35:19.0937 3312 Sfloppy - ok 10:35:19.0953 3312 SharedAccess (4f10a2fa76b5bd54cd68afa94e8adb39) C:\WINDOWS\System32\ipnathlp.dll 10:35:19.0968 3312 SharedAccess - ok 10:35:19.0984 3312 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 10:35:20.0000 3312 ShellHWDetection - ok 10:35:20.0015 3312 Simbad - ok 10:35:20.0031 3312 smwdm (1319ea66a96250d59665d133c0ff7cd0) C:\WINDOWS\system32\drivers\smwdm.sys 10:35:20.0046 3312 smwdm - ok
|
|
#11
May 9th, 2012, 03:10 AM
|
||||
|
||||
|
PAGE 3
10:35:20.0046 3312 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 10:35:20.0062 3312 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning 10:35:20.0062 3312 SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1) 10:35:20.0062 3312 Sparrow - ok 10:35:20.0078 3312 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 10:35:20.0187 3312 splitter - ok 10:35:20.0203 3312 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 10:35:20.0218 3312 Spooler - ok 10:35:20.0234 3312 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 10:35:20.0250 3312 SQLBrowser - ok 10:35:20.0265 3312 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 10:35:20.0281 3312 SQLWriter - ok 10:35:20.0281 3312 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 10:35:20.0343 3312 sr - ok 10:35:20.0359 3312 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 10:35:20.0406 3312 srservice - ok 10:35:20.0421 3312 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys 10:35:20.0437 3312 Srv - ok 10:35:20.0453 3312 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 10:35:20.0515 3312 SSDPSRV - ok 10:35:20.0531 3312 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 10:35:20.0640 3312 stisvc - ok 10:35:20.0640 3312 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 10:35:20.0765 3312 swenum - ok 10:35:20.0765 3312 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 10:35:20.0875 3312 swmidi - ok 10:35:20.0890 3312 SwPrv - ok 10:35:20.0890 3312 symc810 - ok 10:35:20.0890 3312 symc8xx - ok 10:35:20.0906 3312 sym_hi - ok 10:35:20.0906 3312 sym_u3 - ok 10:35:20.0921 3312 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 10:35:21.0031 3312 sysaudio - ok 10:35:21.0046 3312 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 10:35:21.0171 3312 SysmonLog - ok 10:35:21.0171 3312 TapiSrv (e2b32b10acc5d97623275aafb67e5f03) C:\WINDOWS\System32\tapisrv.dll 10:35:21.0203 3312 TapiSrv - ok 10:35:21.0218 3312 Tcpip (6772154a2185f5fb42e37a87087c2398) C:\WINDOWS\system32\DRIVERS\tcpip.sys 10:35:21.0234 3312 Tcpip ( UnsignedFile.Multi.Generic ) - warning 10:35:21.0234 3312 Tcpip - detected UnsignedFile.Multi.Generic (1) 10:35:21.0234 3312 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 10:35:21.0343 3312 TDPIPE - ok 10:35:21.0359 3312 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 10:35:21.0468 3312 TDTCP - ok 10:35:21.0468 3312 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 10:35:21.0578 3312 TermDD - ok 10:35:21.0609 3312 TermService (37981a741ad7b04258e87129ffe79ab9) C:\WINDOWS\System32\termsrv.dll 10:35:21.0625 3312 TermService - ok 10:35:21.0625 3312 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 10:35:21.0640 3312 Themes - ok 10:35:21.0671 3312 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 10:35:21.0734 3312 TlntSvr - ok 10:35:21.0734 3312 TosIde - ok 10:35:21.0750 3312 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 10:35:21.0859 3312 TrkWks - ok 10:35:21.0875 3312 UDFReadr (fd0b16f8828f360390135031d8924ccd) C:\WINDOWS\system32\drivers\UDFReadr.sys 10:35:21.0890 3312 UDFReadr ( UnsignedFile.Multi.Generic ) - warning 10:35:21.0890 3312 UDFReadr - detected UnsignedFile.Multi.Generic (1) 10:35:21.0906 3312 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 10:35:22.0015 3312 Udfs - ok 10:35:22.0015 3312 ultra - ok 10:35:22.0031 3312 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 10:35:22.0140 3312 Update - ok 10:35:22.0156 3312 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 10:35:22.0218 3312 upnphost - ok 10:35:22.0218 3312 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 10:35:22.0328 3312 UPS - ok 10:35:22.0343 3312 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 10:35:22.0453 3312 usbccgp - ok 10:35:22.0453 3312 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys 10:35:22.0468 3312 usbehci - ok 10:35:22.0484 3312 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 10:35:22.0593 3312 usbhub - ok 10:35:22.0593 3312 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 10:35:22.0718 3312 USBSTOR - ok 10:35:22.0718 3312 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 10:35:22.0828 3312 usbuhci - ok 10:35:22.0843 3312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 10:35:22.0953 3312 VgaSave - ok 10:35:22.0953 3312 ViaIde - ok 10:35:22.0968 3312 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 10:35:23.0062 3312 VolSnap - ok 10:35:23.0093 3312 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 10:35:23.0140 3312 VSS - ok 10:35:23.0156 3312 W32Time (9f8a0d0cbb2fa265a754516128c00e22) C:\WINDOWS\system32\w32time.dll 10:35:23.0171 3312 W32Time - ok 10:35:23.0187 3312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 10:35:23.0296 3312 Wanarp - ok 10:35:23.0296 3312 WDICA - ok 10:35:23.0312 3312 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 10:35:23.0421 3312 wdmaud - ok 10:35:23.0437 3312 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 10:35:23.0546 3312 WebClient - ok 10:35:23.0578 3312 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 10:35:23.0687 3312 winmgmt - ok 10:35:23.0703 3312 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll 10:35:23.0718 3312 WmdmPmSN - ok 10:35:23.0750 3312 Wmi (c8a6c82f90b055149925dc7526b2d78c) C:\WINDOWS\System32\advapi32.dll 10:35:23.0765 3312 Wmi - ok 10:35:23.0781 3312 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 10:35:23.0890 3312 WmiApSrv - ok 10:35:23.0921 3312 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 10:35:23.0953 3312 WMPNetworkSvc - ok 10:35:23.0984 3312 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe 10:35:24.0015 3312 WPFFontCache_v0400 - ok 10:35:24.0031 3312 wuauserv (aae1a6ffba2b0436e91795120f48c461) C:\WINDOWS\system32\wuauserv.dll 10:35:24.0046 3312 wuauserv - ok 10:35:24.0062 3312 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 10:35:24.0078 3312 WudfPf - ok 10:35:24.0093 3312 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 10:35:24.0109 3312 WudfRd - ok 10:35:24.0125 3312 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 10:35:24.0140 3312 WudfSvc - ok 10:35:24.0156 3312 WZCSVC (349b8d2bb755e8c3b0e3e82a87663e55) C:\WINDOWS\System32\wzcsvc.dll 10:35:24.0187 3312 WZCSVC - ok 10:35:24.0203 3312 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 10:35:24.0328 3312 xmlprov - ok 10:35:24.0359 3312 yukonwxp (89f8c4875e19c7081cf9c37539242ae3) C:\WINDOWS\system32\DRIVERS\yk51x86.sys 10:35:24.0390 3312 yukonwxp - ok 10:35:24.0390 3312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 10:35:24.0593 3312 \Device\Harddisk0\DR0 - ok 10:35:24.0593 3312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 10:35:24.0765 3312 \Device\Harddisk1\DR1 - ok 10:35:24.0765 3312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2 10:35:24.0828 3312 \Device\Harddisk2\DR2 - ok 10:35:24.0859 3312 Boot (0x1200) (1c36917ff34068ed34b8c5677c159fe1) \Device\Harddisk0\DR0\Partition0 10:35:24.0859 3312 \Device\Harddisk0\DR0\Partition0 - ok 10:35:24.0859 3312 Boot (0x1200) (df94ce3469ac2d696cc1ee66a5348902) \Device\Harddisk2\DR2\Partition0 10:35:24.0859 3312 \Device\Harddisk2\DR2\Partition0 - ok 10:35:24.0859 3312 ================================================== ========== 10:35:24.0859 3312 Scan finished 10:35:24.0859 3312 ================================================== ========== 10:35:24.0968 2664 Detected object count: 18 10:35:24.0968 2664 Actual detected object count: 18 10:36:18.0703 2664 C:\WINDOWS\system32\drivers\Cdr4_xp.sys - copied to quarantine 10:36:18.0734 2664 HKLM\SYSTEM\ControlSet001\services\Cdr4_xp - will be deleted on reboot 10:36:18.0734 2664 HKLM\SYSTEM\ControlSet002\services\Cdr4_xp - will be deleted on reboot 10:36:18.0734 2664 C:\WINDOWS\system32\drivers\Cdr4_xp.sys - will be deleted on reboot 10:36:18.0734 2664 Cdr4_xp ( UnsignedFile.Multi.Generic ) - User select action: Delete 10:36:18.0750 2664 C:\WINDOWS\system32\drivers\Cdralw2k.sys - copied to quarantine 10:36:18.0781 2664 HKLM\SYSTEM\ControlSet001\services\Cdralw2k - will be deleted on reboot 10:36:18.0781 2664 HKLM\SYSTEM\ControlSet002\services\Cdralw2k - will be deleted on reboot 10:36:18.0781 2664 C:\WINDOWS\system32\drivers\Cdralw2k.sys - will be deleted on reboot 10:36:18.0781 2664 Cdralw2k ( UnsignedFile.Multi.Generic ) - User select action: Delete 10:36:18.0796 2664 C:\WINDOWS\system32\drivers\cdudf_xp.sys - copied to quarantine 10:36:18.0859 2664 HKLM\SYSTEM\ControlSet001\services\cdudf_xp - will be deleted on reboot 10:36:18.0859 2664 HKLM\SYSTEM\ControlSet002\services\cdudf_xp - will be deleted on reboot 10:36:18.0859 2664 C:\WINDOWS\system32\drivers\cdudf_xp.sys - will be deleted on reboot 10:36:18.0859 2664 cdudf_xp ( UnsignedFile.Multi.Generic ) - User select action: Delete 10:36:18.0875 2664 C:\WINDOWS\system32\drivers\Cinemsup.sys - copied to quarantine 10:36:18.0875 2664 HKLM\SYSTEM\ControlSet001\services\Cinemsup - will be deleted on reboot 10:36:18.0875 2664 HKLM\SYSTEM\ControlSet002\services\Cinemsup - will be deleted on reboot 10:36:18.0890 2664 C:\WINDOWS\system32\drivers\Cinemsup.sys - will be deleted on reboot 10:36:18.0890 2664 Cinemsup ( UnsignedFile.Multi.Generic ) - User select action: Delete 10:36:18.0890 2664 C:\WINDOWS\system32\CTsvcCDA.exe - copied to quarantine 10:36:20.0109 2664 HKLM\SYSTEM\ControlSet001\services\Creative Service for CDROM Access - will be deleted on reboot 10:36:20.0109 2664 HKLM\SYSTEM\ControlSet002\services\Creative Service for CDROM Access - will be deleted on reboot 10:36:20.0125 2664 C:\WINDOWS\system32\CTsvcCDA.exe - will be deleted on reboot 10:36:20.0125 2664 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Delete 10:36:20.0125 2664 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user 10:36:20.0125 2664 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:36:20.0125 2664 DVDVRRdr_xp ( UnsignedFile.Multi.Generic ) - skipped by user 10:36:20.0125 2664 DVDVRRdr_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:36:20.0125 2664 dvd_2K ( UnsignedFile.Multi.Generic ) - skipped by user 10:36:20.0125 2664 dvd_2K ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:36:20.0125 2664 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 10:36:20.0125 2664 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:36:20.0125 2664 mmc_2K ( UnsignedFile.Multi.Generic ) - skipped by user 10:36:20.0125 2664 mmc_2K ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:36:20.0125 2664 pwd_2k ( UnsignedFile.Multi.Generic ) - skipped by user 10:36:20.0125 2664 pwd_2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:36:20.0140 2664 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user 10:36:20.0140 2664 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:36:20.0140 2664 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user 10:36:20.0140 2664 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:36:20.0140 2664 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user 10:36:20.0140 2664 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:36:20.0140 2664 QBVSS ( UnsignedFile.Multi.Generic ) - skipped by user 10:36:20.0140 2664 QBVSS ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:36:20.0140 2664 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user 10:36:20.0140 2664 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:36:20.0140 2664 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user 10:36:20.0140 2664 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:36:20.0156 2664 UDFReadr ( UnsignedFile.Multi.Generic ) - skipped by user 10:36:20.0156 2664 UDFReadr ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:05:06.0203 3128 Deinitialize success Combofix.txt dated 5.5.12 ComboFix 12-05-01.02 - Owner 05/05/2012 13:35:34.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1584 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 ))))))))))))))))))))))))))))))) . . 2012-05-05 17:32 . 2012-05-05 17:32 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA5B6454-4E5C-4279-8A2F-EBDF362CDAEF}\offreg.dll 2012-05-05 17:32 . 2012-05-05 17:32 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA5B6454-4E5C-4279-8A2F-EBDF362CDAEF}\MpKslf1e8cd4d.sys 2012-05-04 19:08 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA5B6454-4E5C-4279-8A2F-EBDF362CDAEF}\mpengine.dll 2012-05-02 00:23 . 2012-05-02 00:23 -------- d-----w- c:\program files\ESET 2012-05-01 23:44 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-05-01 23:42 . 2012-05-01 23:42 -------- d-----w- c:\windows\system32\LogFiles 2012-05-01 18:58 . 2012-05-01 19:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FixItCenter 2012-05-01 18:57 . 2012-05-01 18:59 -------- d-----w- c:\windows\MATS 2012-05-01 18:57 . 2012-05-01 18:59 -------- d-----w- c:\program files\Microsoft Fix it Center 2012-05-01 18:45 . 2008-04-14 08:10 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys 2012-05-01 18:45 . 2008-04-14 08:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2012-05-01 18:34 . 2012-05-01 18:34 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics 2012-05-01 15:25 . 2012-05-01 15:25 -------- d-----w- c:\windows\system32\wbem\Repository 2012-05-01 14:25 . 2012-05-01 14:25 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-01 09:06 . 2012-05-01 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos 2012-05-01 09:06 . 2012-05-01 09:06 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF8667 3C38D9F48.exe 2012-05-01 09:06 . 2012-05-01 09:06 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673 C38D9F48.exe 2012-05-01 09:06 . 2012-05-01 09:06 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-05-01 09:06 . 2012-05-01 09:06 -------- d-----w- c:\program files\Sophos 2012-05-01 08:55 . 2012-05-01 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2012-05-01 08:55 . 2012-05-01 08:55 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp 2012-04-30 23:26 . 2012-05-01 15:25 -------- d-----w- c:\documents and settings\Administrator 2012-04-30 04:01 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-30 04:01 . 2012-04-30 04:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-30 00:42 . 2012-04-30 00:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2012-04-30 00:16 . 2012-04-30 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-04-30 00:15 . 2012-04-30 02:46 32072 ----a-w- c:\windows\system32\drivers\48230029.sys 2012-04-30 00:06 . 2012-04-30 00:06 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-04-29 23:23 . 2012-05-01 13:58 -------- d-----w- c:\program files\Common Files\SQLDMO 2012-04-29 23:23 . 2012-05-01 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E 2012-04-26 11:10 . 2012-04-26 11:10 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-25 02:43 . 2012-04-25 02:43 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-04-25 02:43 . 2012-04-25 02:43 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-04-25 02:43 . 2012-04-25 02:43 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2012-04-26 11:10 . 2011-10-14 21:47 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-21 00:44 . 2011-04-18 17:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-03-01 10:58 . 2009-07-15 19:27 919552 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 10:58 . 2009-07-15 19:27 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-01 10:58 . 2009-07-15 19:26 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:08 . 2009-07-15 18:41 178176 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:08 . 2008-04-14 09:41 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:30 . 2009-07-15 19:26 385024 ----a-w- c:\windows\system32\html.iec 2012-02-23 14:18 . 2011-08-08 15:46 237072 ------w- c:\windows\system32\MpSigStub.exe 2003-08-27 18:19 . 2011-09-20 22:21 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll 2012-04-25 02:43 . 2011-09-01 12:50 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-07-15 . 6772154A2185F5FB42E37A87087C2398 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys . [-] 2009-07-15 . F5BFB044C04A155878BAD2C136943E73 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2012-05-01_23.42.14 ))))))))))))))))))))))))))))))))))))))))) . + 2012-05-05 17:04 . 2012-05-05 17:04 16384 c:\windows\Temp\Perflib_Perfdata_54c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "nwiz"="nwiz.exe" [2008-05-03 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-05-03 86016] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880] "P17Helper"="SPIRun.dll" [2006-07-03 10752] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-08-20 1874264] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2011-07-27 434080] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce] "_nltide_3"="advpack.dll" [2009-07-15 128512] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-10-13 5904216] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-10-13 1175912] QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2008\QBW32.EXE [2011-10-13 1178984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "DisableCAD"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"= . R1 MpKslf1e8cd4d;MpKslf1e8cd4d;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA5B6454-4E5C-4279-8A2F-EBDF362CDAEF}\MpKslf1e8cd4d.sys [5/5/2012 01:32 PM 29904] R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [8/19/2011 09:31 PM 1248256] S0 07092760;07092760;c:\windows\system32\drivers\3095 8625.sys --> c:\windows\system32\drivers\30958625.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [3/18/2010 01:16 PM 130384] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568] S3 mbamchameleon;mbamchameleon;c:\windows\system32\dr ivers\mbamchameleon.sys [4/29/2012 08:06 PM 32072] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [3/18/2010 01:16 PM 753504] S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPl ayerUpdateService.exe [4/26/2012 07:10 AM 253088] S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 10:43 PM 129976] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSLF1E8CD4D . Contents of the 'Scheduled Tasks' folder . 2012-05-05 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\cs4pkzgg.default\ . . ************************************************** ************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-05 13:38 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run P17Helper = Rundll32 SPIRun.dll,RunDLLEntry? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2688) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . Completion time: 2012-05-05 13:40:07 ComboFix-quarantined-files.txt 2012-05-05 17:40 ComboFix2.txt 2012-05-01 23:43 . Pre-Run: 57,353,351,168 bytes free Post-Run: 57,357,312,000 bytes free . - - End Of File - - 2F05642E97F4E3EB14F2ED17FC074FEF Add-remove Programs.txt ComboFix 12-05-01.02 - Owner 05/05/2012 13:35:34.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1584 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 ))))))))))))))))))))))))))))))) . . 2012-05-05 17:32 . 2012-05-05 17:32 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA5B6454-4E5C-4279-8A2F-EBDF362CDAEF}\offreg.dll 2012-05-05 17:32 . 2012-05-05 17:32 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA5B6454-4E5C-4279-8A2F-EBDF362CDAEF}\MpKslf1e8cd4d.sys 2012-05-04 19:08 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA5B6454-4E5C-4279-8A2F-EBDF362CDAEF}\mpengine.dll 2012-05-02 00:23 . 2012-05-02 00:23 -------- d-----w- c:\program files\ESET 2012-05-01 23:44 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-05-01 23:42 . 2012-05-01 23:42 -------- d-----w- c:\windows\system32\LogFiles 2012-05-01 18:58 . 2012-05-01 19:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FixItCenter 2012-05-01 18:57 . 2012-05-01 18:59 -------- d-----w- c:\windows\MATS 2012-05-01 18:57 . 2012-05-01 18:59 -------- d-----w- c:\program files\Microsoft Fix it Center 2012-05-01 18:45 . 2008-04-14 08:10 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys 2012-05-01 18:45 . 2008-04-14 08:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2012-05-01 18:34 . 2012-05-01 18:34 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics 2012-05-01 15:25 . 2012-05-01 15:25 -------- d-----w- c:\windows\system32\wbem\Repository 2012-05-01 14:25 . 2012-05-01 14:25 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-01 09:06 . 2012-05-01 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos 2012-05-01 09:06 . 2012-05-01 09:06 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF8667 3C38D9F48.exe 2012-05-01 09:06 . 2012-05-01 09:06 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673 C38D9F48.exe 2012-05-01 09:06 . 2012-05-01 09:06 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-05-01 09:06 . 2012-05-01 09:06 -------- d-----w- c:\program files\Sophos 2012-05-01 08:55 . 2012-05-01 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2012-05-01 08:55 . 2012-05-01 08:55 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp 2012-04-30 23:26 . 2012-05-01 15:25 -------- d-----w- c:\documents and settings\Administrator 2012-04-30 04:01 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-30 04:01 . 2012-04-30 04:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-30 00:42 . 2012-04-30 00:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2012-04-30 00:16 . 2012-04-30 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-04-30 00:15 . 2012-04-30 02:46 32072 ----a-w- c:\windows\system32\drivers\48230029.sys 2012-04-30 00:06 . 2012-04-30 00:06 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-04-29 23:23 . 2012-05-01 13:58 -------- d-----w- c:\program files\Common Files\SQLDMO 2012-04-29 23:23 . 2012-05-01 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E 2012-04-26 11:10 . 2012-04-26 11:10 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-25 02:43 . 2012-04-25 02:43 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-04-25 02:43 . 2012-04-25 02:43 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-04-25 02:43 . 2012-04-25 02:43 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2012-04-26 11:10 . 2011-10-14 21:47 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-21 00:44 . 2011-04-18 17:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-03-01 10:58 . 2009-07-15 19:27 919552 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 10:58 . 2009-07-15 19:27 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-01 10:58 . 2009-07-15 19:26 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:08 . 2009-07-15 18:41 178176 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:08 . 2008-04-14 09:41 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:30 . 2009-07-15 19:26 385024 ----a-w- c:\windows\system32\html.iec 2012-02-23 14:18 . 2011-08-08 15:46 237072 ------w- c:\windows\system32\MpSigStub.exe 2003-08-27 18:19 . 2011-09-20 22:21 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll 2012-04-25 02:43 . 2011-09-01 12:50 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-07-15 . 6772154A2185F5FB42E37A87087C2398 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys . [-] 2009-07-15 . F5BFB044C04A155878BAD2C136943E73 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2012-05-01_23.42.14 ))))))))))))))))))))))))))))))))))))))))) . + 2012-05-05 17:04 . 2012-05-05 17:04 16384 c:\windows\Temp\Perflib_Perfdata_54c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "nwiz"="nwiz.exe" [2008-05-03 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-05-03 86016] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880] "P17Helper"="SPIRun.dll" [2006-07-03 10752] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-08-20 1874264] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2011-07-27 434080] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce] "_nltide_3"="advpack.dll" [2009-07-15 128512] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-10-13 5904216] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-10-13 1175912] QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2008\QBW32.EXE [2011-10-13 1178984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "DisableCAD"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"= . R1 MpKslf1e8cd4d;MpKslf1e8cd4d;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA5B6454-4E5C-4279-8A2F-EBDF362CDAEF}\MpKslf1e8cd4d.sys [5/5/2012 01:32 PM 29904] R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [8/19/2011 09:31 PM 1248256] S0 07092760;07092760;c:\windows\system32\drivers\3095 8625.sys --> c:\windows\system32\drivers\30958625.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [3/18/2010 01:16 PM 130384] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568] S3 mbamchameleon;mbamchameleon;c:\windows\system32\dr ivers\mbamchameleon.sys [4/29/2012 08:06 PM 32072] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [3/18/2010 01:16 PM 753504] S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPl ayerUpdateService.exe [4/26/2012 07:10 AM 253088] S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 10:43 PM 129976] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSLF1E8CD4D . Contents of the 'Scheduled Tasks' folder . 2012-05-05 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\cs4pkzgg.default\ . . ************************************************** ************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-05 13:38 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run P17Helper = Rundll32 SPIRun.dll,RunDLLEntry? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2688) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . Completion time: 2012-05-05 13:40:07 ComboFix-quarantined-files.txt 2012-05-05 17:40 ComboFix2.txt 2012-05-01 23:43 . Pre-Run: 57,353,351,168 bytes free Post-Run: 57,357,312,000 bytes free . - - End Of File - - 2F05642E97F4E3EB14F2ED17FC074FEF Combofix Quarantined Files.txt 2012-05-01 23:43:05 . 2012-05-01 23:43:05 550 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WinDefend.reg.dat 2012-05-01 23:43:05 . 2012-05-01 23:43:05 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-07092760.sys.reg.dat 2012-05-01 23:40:47 . 2012-05-01 23:40:47 218 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB13985 $\_793881458_.zip 2012-05-01 23:39:59 . 2012-05-01 23:39:59 340 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_.red book.reg.dat 2012-05-01 23:39:54 . 2012-05-05 17:37:30 4,675 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2012-05-01 23:32:27 . 2012-05-05 17:34:40 805 ----a-w- C:\Qoobox\Quarantine\catchme.log 2011-08-08 16:13:13 . 2006-04-20 09:32:16 663,675 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp68.tmp. vir Combofix2.txt ComboFix 12-05-01.02 - Owner 05/01/2012 19:38:11.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1681 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\windows\$NtUninstallKB13985$ c:\windows\$NtUninstallKB13985$\793881458 c:\windows\system32\tmp68.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_.redbook . . ((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 ))))))))))))))))))))))))))))))) . . 2012-05-01 18:58 . 2012-05-01 19:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FixItCenter 2012-05-01 18:57 . 2012-05-01 18:59 -------- d-----w- c:\windows\MATS 2012-05-01 18:57 . 2012-05-01 18:59 -------- d-----w- c:\program files\Microsoft Fix it Center 2012-05-01 18:45 . 2008-04-14 08:10 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys 2012-05-01 18:45 . 2008-04-14 08:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2012-05-01 18:34 . 2012-05-01 18:34 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics 2012-05-01 18:12 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{930824C7-B067-4E31-94F2-B1BB0E6A6E56}\mpengine.dll 2012-05-01 15:25 . 2012-05-01 15:25 -------- d-----w- c:\windows\system32\wbem\Repository 2012-05-01 14:25 . 2012-05-01 14:25 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-01 09:06 . 2012-05-01 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos 2012-05-01 09:06 . 2012-05-01 09:06 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF8667 3C38D9F48.exe 2012-05-01 09:06 . 2012-05-01 09:06 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673 C38D9F48.exe 2012-05-01 09:06 . 2012-05-01 09:06 73728 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-05-01 09:06 . 2012-05-01 09:06 -------- d-----w- c:\program files\Sophos 2012-05-01 08:59 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-05-01 08:55 . 2012-05-01 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2012-05-01 08:55 . 2012-05-01 08:55 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp 2012-04-30 23:26 . 2012-05-01 15:25 -------- d-----w- c:\documents and settings\Administrator 2012-04-30 04:01 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-30 04:01 . 2012-04-30 04:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-30 00:42 . 2012-04-30 00:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2012-04-30 00:16 . 2012-04-30 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-04-30 00:15 . 2012-04-30 02:46 32072 ----a-w- c:\windows\system32\drivers\48230029.sys 2012-04-30 00:06 . 2012-04-30 00:06 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-04-29 23:23 . 2012-05-01 13:58 -------- d-----w- c:\program files\Common Files\SQLDMO 2012-04-29 23:23 . 2012-05-01 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E 2012-04-26 11:10 . 2012-04-26 11:10 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-25 02:43 . 2012-04-25 02:43 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-04-25 02:43 . 2012-04-25 02:43 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-04-25 02:43 . 2012-04-25 02:43 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe . .
|
|
#12
May 9th, 2012, 03:11 AM
|
||||
|
||||
|
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
. 2012-04-26 11:10 . 2011-10-14 21:47 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-21 00:44 . 2011-04-18 17:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-03-01 10:58 . 2009-07-15 19:27 919552 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 10:58 . 2009-07-15 19:27 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-01 10:58 . 2009-07-15 19:26 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:08 . 2009-07-15 18:41 178176 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:08 . 2008-04-14 09:41 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:30 . 2009-07-15 19:26 385024 ----a-w- c:\windows\system32\html.iec 2012-02-23 14:18 . 2011-08-08 15:46 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-03 09:26 . 2009-07-15 18:41 1869184 ----a-w- c:\windows\system32\win32k.sys 2003-08-27 18:19 . 2011-09-20 22:21 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll 2012-04-25 02:43 . 2011-09-01 12:50 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-07-15 . 6772154A2185F5FB42E37A87087C2398 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys . [-] 2009-07-15 . F5BFB044C04A155878BAD2C136943E73 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "nwiz"="nwiz.exe" [2008-05-03 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-05-03 86016] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880] "P17Helper"="SPIRun.dll" [2006-07-03 10752] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-08-20 1874264] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2011-07-27 434080] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce] "_nltide_3"="advpack.dll" [2009-07-15 128512] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-10-13 5904216] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-10-13 1175912] QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2008\QBW32.EXE [2011-10-13 1178984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "DisableCAD"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"= . R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [8/19/2011 09:31 PM 1248256] S0 07092760;07092760;c:\windows\system32\drivers\3095 8625.sys --> c:\windows\system32\drivers\30958625.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [3/18/2010 01:16 PM 130384] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568] S3 mbamchameleon;mbamchameleon;c:\windows\system32\dr ivers\mbamchameleon.sys [4/29/2012 08:06 PM 32072] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [3/18/2010 01:16 PM 753504] S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPl ayerUpdateService.exe [4/26/2012 07:10 AM 253088] S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 10:43 PM 129976] . Contents of the 'Scheduled Tasks' folder . 2012-05-01 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\cs4pkzgg.default\ . - - - - ORPHANS REMOVED - - - - . SafeBoot-07092760.sys SafeBoot-WinDefend . . . ************************************************** ************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-01 19:42 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run P17Helper = Rundll32 SPIRun.dll,RunDLLEntry? . scanning hidden files ... . . c:\windows\system32\LogFiles . scan completed successfully hidden files: 1 . ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1224) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\Rundll32.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\wscntfy.exe . ************************************************** ************************ . Completion time: 2012-05-01 19:43:48 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-01 23:43 . Pre-Run: 57,525,841,920 bytes free Post-Run: 57,527,603,200 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 1148BD195E97C6E8616149
|
|
#13
May 10th, 2012, 03:21 AM
|
||||
|
||||
|
Thanks for the info.
Since the reports are a few days old, please do the following: Please do the following: Remove the previous ComboFix file, and download an updated version of ComboFix Save ComboFix.exe to the Desktop!! Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications. They may interfere with the running of CF. Note: For information on how to disable protective programs, refer to this link XP: Double-click on ComboFix.exe to run the program. When given the option, DO install the Recovery Console . This program comes in very handy if problems arise, or you cannot boot. Click on Yes, to continue scanning for malware. When finished, CF produces a report. Please provide a copy of the C:\ComboFix.txt in your reply. Notes: 1. Do not mouse-click the ComboFix window while it is running. This action may cause it to stall. 2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser. 3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. Also, remove the previous TDSSKiller file, and download the latest version of: TDSSKiller.exe Save to the Desktop. Execute the downloaded file: XP: Double-click the file to run the program In the TDSSKiller Scan prompt, click on: Change parameters Check the box besides: Detect TDLFS file system Click: OK Press the button: Start Scan The tool scans and detects two object types: Malicious (where the malware has been identified) Suspicious (where the malware cannot be identified) When the scan is over, the tool outputs a list of detected objects (Malicious or Suspicious) with their description. It automatically selects an action (Cure or Delete) for Malicious objects. Leave the setting as it is. It also prompts the User to select an action to apply to Suspicious objects (Skip, by default). Leave the setting as it is. After clicking 'Next/Continue', the tool applies the selected actions. A Reboot Required prompt may appear after a disinfection. Please reboot!! By default, the tool outputs its log to the system disk root folder (the disk with the Windows operating system, normally C:\). Logs have a name like: C:\TDSSKiller.2.4.7_10.05.2012_15.31.43_log.txt Please post the TDSSKiller log in your reply. Also need to know whether TDSSKiller needed a reboot.
|
|
#14
May 10th, 2012, 12:06 PM
|
||||
|
||||
|
Hi Aaflac
Combofix.txt report below ComboFix 12-05-10.02 - Owner 05/10/2012 6:50.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1555 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 ))))))))))))))))))))))))))))))) . . 2012-05-09 22:57 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3B9754D6-DBB0-422E-85A5-7B9D4CC124E5}\mpengine.dll 2012-05-08 12:21 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-05-07 16:53 . 2012-05-07 16:53 -------- d-----w- c:\program files\Belarc 2012-05-07 16:53 . 2011-08-09 21:33 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys 2012-05-07 16:44 . 2012-05-07 16:44 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WMTools Downloaded Files 2012-05-06 18:09 . 2012-05-06 18:09 -------- d-----w- C:\rsit 2012-05-06 18:09 . 2012-05-06 18:09 -------- d-----w- c:\program files\trend micro 2012-05-06 16:20 . 2012-05-06 16:20 -------- d-----w- c:\program files\Common Files\Java 2012-05-06 16:15 . 2012-05-06 16:15 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-05-06 16:15 . 2012-05-06 16:15 476960 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-05-06 16:14 . 2012-05-06 16:14 -------- d-----w- c:\program files\Java 2012-05-06 15:47 . 2012-05-06 15:47 -------- d-----w- c:\documents and settings\Owner\Application Data\f-secure 2012-05-06 15:47 . 2012-05-06 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2012-05-05 20:27 . 2012-05-05 20:27 -------- d-----w- C:\RK_Quarantine 2012-05-01 23:42 . 2012-05-01 23:42 -------- d-----w- c:\windows\system32\LogFiles 2012-05-01 18:45 . 2008-04-14 08:10 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys 2012-05-01 18:45 . 2008-04-14 08:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2012-05-01 18:34 . 2012-05-01 18:34 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics 2012-05-01 15:25 . 2012-05-01 15:25 -------- d-----w- c:\windows\system32\wbem\Repository 2012-05-01 14:25 . 2012-05-01 14:25 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-01 09:06 . 2012-05-01 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos 2012-05-01 08:55 . 2012-05-01 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2012-05-01 08:55 . 2012-05-01 08:55 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp 2012-04-30 23:26 . 2012-05-01 15:25 -------- d-----w- c:\documents and settings\Administrator 2012-04-30 04:01 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-30 04:01 . 2012-04-30 04:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-30 00:42 . 2012-04-30 00:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2012-04-30 00:16 . 2012-04-30 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-04-30 00:15 . 2012-04-30 02:46 32072 ----a-w- c:\windows\system32\drivers\48230029.sys 2012-04-30 00:06 . 2012-04-30 00:06 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-04-29 23:23 . 2012-05-01 13:58 -------- d-----w- c:\program files\Common Files\SQLDMO 2012-04-29 23:23 . 2012-05-01 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D5618A0001836300216024D151FC4E 2012-04-26 11:10 . 2012-05-06 17:08 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-25 02:43 . 2012-04-25 02:43 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-04-25 02:43 . 2012-04-25 02:43 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-04-25 02:43 . 2012-04-25 02:43 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2012-05-06 17:08 . 2011-10-14 21:47 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-06 16:15 . 2011-10-04 17:56 472864 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-21 00:44 . 2011-04-18 17:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-03-01 10:58 . 2009-07-15 19:27 919552 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 10:58 . 2009-07-15 19:27 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-01 10:58 . 2009-07-15 19:26 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:08 . 2009-07-15 18:41 178176 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:08 . 2008-04-14 09:41 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:30 . 2009-07-15 19:26 385024 ----a-w- c:\windows\system32\html.iec 2012-02-23 14:18 . 2011-08-08 15:46 237072 ------w- c:\windows\system32\MpSigStub.exe 2003-08-27 18:19 . 2011-09-20 22:21 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll 2012-04-25 02:43 . 2011-09-01 12:50 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-07-15 . 6772154A2185F5FB42E37A87087C2398 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys . [-] 2009-07-15 . F5BFB044C04A155878BAD2C136943E73 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2012-05-01_23.42.14 ))))))))))))))))))))))))))))))))))))))))) . + 2012-05-10 10:32 . 2012-05-10 10:32 16384 c:\windows\Temp\Perflib_Perfdata_534.dat - 2012-02-22 02:15 . 2012-02-22 02:15 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Windows FormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\Wi ndowsFormsIntegration.dll + 2012-05-07 18:58 . 2012-05-07 18:58 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Windows FormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\Wi ndowsFormsIntegration.dll - 2012-02-22 02:15 . 2012-02-22 02:15 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutom ationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutoma tionTypes.dll + 2012-05-07 18:58 . 2012-05-07 18:58 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutom ationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutoma tionTypes.dll + 2012-05-07 18:58 . 2012-05-07 18:58 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutom ationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAut omationProvider.dll - 2012-02-22 02:15 . 2012-02-22 02:15 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutom ationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAut omationProvider.dll + 2012-05-07 18:58 . 2012-05-07 18:58 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e08 9\System.Windows.Presentation.dll - 2012-02-22 02:15 . 2012-02-22 02:15 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e08 9\System.Windows.Presentation.dll + 2012-05-07 18:58 . 2012-05-07 18:58 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c56 1934e089\System.Windows.Input.Manipulations.dll - 2012-02-22 02:15 . 2012-02-22 02:15 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c56 1934e089\System.Windows.Input.Manipulations.dll + 2012-05-07 18:58 . 2012-05-07 18:58 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad36 4e35\System.Web.ApplicationServices.dll - 2012-02-22 02:15 . 2012-02-22 02:15 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad36 4e35\System.Web.ApplicationServices.dll + 2012-05-07 18:58 . 2012-05-07 18:58 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e 35\System.ServiceModel.Channels.dll - 2012-02-22 02:15 . 2012-02-22 02:15 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e 35\System.ServiceModel.Channels.dll - 2012-02-22 02:15 . 2012-02-22 02:15 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Num erics.dll + 2012-05-07 18:58 . 2012-05-07 18:58 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Num erics.dll - 2012-02-22 02:15 . 2012-02-22 02:15 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Device\v4.0_4.0.0.0__b77a5c561934e089\System.Devic e.dll + 2012-05-07 18:58 . 2012-05-07 18:58 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Device\v4.0_4.0.0.0__b77a5c561934e089\System.Devic e.dll - 2012-02-22 02:15 . 2012-02-22 02:15 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e 089\System.Data.DataSetExtensions.dll + 2012-05-07 18:58 . 2012-05-07 18:58 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e 089\System.Data.DataSetExtensions.dll - 2012-02-22 02:15 . 2012-02-22 02:15 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a 3a\System.Configuration.Install.dll + 2012-05-07 18:58 . 2012-05-07 18:58 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a 3a\System.Configuration.Install.dll - 2012-02-22 02:15 . 2012-02-22 02:15 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3 856ad364e35\System.ComponentModel.DataAnnotations. dll + 2012-05-07 18:58 . 2012-05-07 18:58 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3 856ad364e35\System.ComponentModel.DataAnnotations. dll - 2012-02-22 02:15 . 2012-02-22 02:15 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\Syst em.AddIn.Contract.dll + 2012-05-07 18:58 . 2012-05-07 18:58 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\Syst em.AddIn.Contract.dll + 2012-05-07 18:58 . 2012-05-07 18:58 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagn ostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostic s.dll - 2012-02-22 02:15 . 2012-02-22 02:15 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagn ostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostic s.dll - 2012-02-22 02:15 . 2012-02-22 02:15 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microso ft.VisualC.Dll + 2012-05-07 18:58 . 2012-05-07 18:58 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microso ft.VisualC.Dll + 2012-05-07 18:58 . 2012-05-07 18:58 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b 03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibilit y.Data.dll - 2012-02-22 02:15 . 2012-02-22 02:15 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b 03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibilit y.Data.dll + 2012-05-07 18:58 . 2012-05-07 18:58 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessi bility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibilit y.dll - 2012-02-22 02:15 . 2012-02-22 02:15 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessi bility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibilit y.dll - 2012-02-22 02:15 . 2012-02-22 02:15 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapp er\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2012-05-07 18:58 . 2012-05-07 18:58 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapp er\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2012-02-22 02:15 . 2012-02-22 02:15 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMar shalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarsh alers.dll + 2012-05-07 18:58 . 2012-05-07 18:58 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMar shalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarsh alers.dll + 2012-05-07 19:00 . 2012-05-07 19:00 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System .Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f6a63 d15\System.Drawing.Design.dll + 2012-05-07 19:35 . 2012-05-07 19:35 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web.DynamicD#\54086073df249c43189bc8eb4c242818 \System.Web.DynamicData.Design.ni.dll + 2012-05-07 14:04 . 2012-05-07 14:04 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.DynamicD#\36124bfc4baaa1c2063d699e77324080 \System.Web.DynamicData.Design.ni.dll + 2012-05-07 14:04 . 2012-05-07 14:04 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.SqlServer#\c41effeccd62bd2e864d865a7a8089e6 \Microsoft.SqlServer.CustomControls.ni.dll - 2012-02-22 02:21 . 2012-02-22 02:21 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExp ressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.Regu larExpressions.dll + 2012-05-06 20:07 . 2012-05-06 20:07 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExp ressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.Regu larExpressions.dll + 2012-05-06 20:07 . 2012-05-06 20:07 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design \2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.d ll - 2012-02-22 02:21 . 2012-02-22 02:21 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design \2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.d ll - 2012-02-22 02:21 . 2012-02-22 02:21 81920 c:\windows\assembly\GAC_MSIL\System.Configuration. Install\2.0.0.0__b03f5f7f11d50a3a\System.Configura tion.Install.dll + 2012-05-06 20:07 . 2012-05-06 20:07 81920 c:\windows\assembly\GAC_MSIL\System.Configuration. Install\2.0.0.0__b03f5f7f11d50a3a\System.Configura tion.Install.dll + 2012-05-06 20:07 . 2012-05-06 20:07 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0 __b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2012-02-22 02:21 . 2012-02-22 02:21 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0 __b03f5f7f11d50a3a\Microsoft.Vsa.dll + 2012-05-06 20:07 . 2012-05-06 20:07 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.Code DOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.V sa.Vb.CodeDOMProcessor.dll - 2012-02-22 02:21 . 2012-02-22 02:21 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.Code DOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.V sa.Vb.CodeDOMProcessor.dll - 2012-02-22 02:21 . 2012-02-22 02:21 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBas ic.Vsa.dll + 2012-05-06 20:07 . 2012-05-06 20:07 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBas ic.Vsa.dll - 2012-02-22 02:21 . 2012-02-22 02:21 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utili ties\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Uti lities.dll + 2012-05-06 20:07 . 2012-05-06 20:07 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utili ties\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Uti lities.dll + 2012-05-06 20:07 . 2012-05-06 20:07 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Frame work\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Fra mework.dll - 2012-02-22 02:21 . 2012-02-22 02:21 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Frame work\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Fra mework.dll + 2012-05-06 20:07 . 2012-05-06 20:07 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5 f7f11d50a3a\IEHost.dll - 2012-02-22 02:21 . 2012-02-22 02:21 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5 f7f11d50a3a\IEHost.dll + 2012-05-06 20:07 . 2012-05-06 20:07 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b0 3f5f7f11d50a3a\cscompmgd.dll - 2012-02-22 02:21 . 2012-02-22 02:21 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b0 3f5f7f11d50a3a\cscompmgd.dll - 2012-02-22 02:21 . 2012-02-22 02:21 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0 __b03f5f7f11d50a3a\Accessibility.dll + 2012-05-06 20:07 . 2012-05-06 20:07 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0 __b03f5f7f11d50a3a\Accessibility.dll + 2012-05-06 20:07 . 2012-05-06 20:07 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b0 3f5f7f11d50a3a\ISymWrapper.dll - 2012-02-22 02:21 . 2012-02-22 02:21 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b0 3f5f7f11d50a3a\ISymWrapper.dll - 2012-02-22 02:21 . 2012-02-22 02:21 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0. 0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2012-05-06 20:07 . 2012-05-06 20:07 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0. 0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2012-05-06 20:07 . 2012-05-06 20:07 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a 3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll - 2012-02-22 02:21 . 2012-02-22 02:21 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a 3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2012-05-06 20:07 . 2012-05-06 20:07 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0 .0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll - 2012-02-22 02:21 . 2012-02-22 02:21 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0 .0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2012-05-06 20:07 . 2012-05-06 20:07 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2012-02-22 02:21 . 2012-02-22 02:21 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2012-05-06 20:07 . 2012-05-06 20:07 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f 5f7f11d50a3a\IIEHost.dll - 2012-02-22 02:21 . 2012-02-22 02:21 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f 5f7f11d50a3a\IIEHost.dll + 2012-05-06 20:07 . 2012-05-06 20:07 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0_ _b03f5f7f11d50a3a\IEExecRemote.dll - 2012-02-22 02:21 . 2012-02-22 02:21 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0_ _b03f5f7f11d50a3a\IEExecRemote.dll + 2012-05-07 18:58 . 2012-05-07 18:58 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll - 2012-02-22 02:15 . 2012-02-22 02:15 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll - 2012-02-22 02:15 . 2012-02-22 02:15 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll + 2012-05-07 18:58 . 2012-05-07 18:58 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll + 2012-05-06 20:07 . 2012-05-06 20:07 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2012-02-22 02:21 . 2012-02-22 02:21 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll + 2012-05-06 20:07 . 2012-05-06 20:07 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll - 2012-02-22 02:21 . 2012-02-22 02:21 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2006-02-28 12:00 . 2012-05-07 18:58 552690 c:\windows\system32\perfh009.dat - 2006-02-28 12:00 . 2012-03-11 12:57 552690 c:\windows\system32\perfh009.dat + 2006-02-28 12:00 . 2012-05-07 18:58 106788 c:\windows\system32\perfc009.dat - 2006-02-28 12:00 . 2012-03-11 12:57 106788 c:\windows\system32\perfc009.dat + 2012-05-06 17:08 . 2012-05-06 17:08 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_ 2_202_235_Plugin.exe + 2012-04-26 11:10 . 2012-05-06 17:08 257696 c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe - 2011-10-04 17:56 . 2011-10-04 17:56 157472 c:\windows\system32\javaws.exe + 2012-05-06 16:15 . 2012-05-06 16:15 157472 c:\windows\system32\javaws.exe + 2012-05-06 16:15 . 2012-05-06 16:15 149280 c:\windows\system32\javaw.exe + 2012-05-06 16:15 . 2012-05-06 16:15 149280 c:\windows\system32\java.exe + 2012-01-21 21:40 . 2012-01-21 21:40 616216 c:\windows\Microsoft.NET\Framework\v4.0.30319\Syst em.Drawing.dll + 2012-01-31 07:38 . 2012-01-31 07:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\Syst em.Drawing.dll + 2012-01-27 21:35 . 2012-01-27 21:35 471040 c:\windows\Microsoft.NET\Framework\v1.1.4322\Syste m.Drawing.dll + 2012-05-07 18:58 . 2012-05-07 18:58 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutom ationClientsideProviders\v4.0_4.0.0.0__31bf3856ad3 64e35\UIAutomationClientsideProviders.dll - 2012-02-22 02:15 . 2012-02-22 02:15 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutom ationClientsideProviders\v4.0_4.0.0.0__31bf3856ad3 64e35\UIAutomationClientsideProviders.dll - 2012-02-22 02:15 . 2012-02-22 02:15 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutom ationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutom ationClient.dll + 2012-05-07 18:58 . 2012-05-07 18:58 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutom ationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutom ationClient.dll - 2012-02-22 02:15 . 2012-02-22 02:15 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml .Linq.dll + 2012-05-07 18:58 . 2012-05-07 18:58 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml .Linq.dll - 2012-02-22 02:15 . 2012-02-22 02:15 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dl l + 2012-05-07 18:58 . 2012-05-07 18:58 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dl l - 2012-02-22 02:15 . 2012-02-22 02:15 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System .Web.Services.dll + 2012-05-07 18:58 . 2012-05-07 18:58 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System .Web.Services.dll - 2012-02-22 02:15 . 2012-02-22 02:15 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speec h.dll + 2012-05-07 18:58 . 2012-05-07 18:58 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speec h.dll + 2012-05-07 18:58 . 2012-05-07 18:58 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\Syst em.ServiceProcess.dll - 2012-02-22 02:15 . 2012-02-22 02:15 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\Syst em.ServiceProcess.dll - 2012-02-22 02:15 . 2012-02-22 02:15 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e3 5\System.ServiceModel.Routing.dll + 2012-05-07 18:58 . 2012-05-07 18:58 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e3 5\System.ServiceModel.Routing.dll + 2012-05-07 18:58 . 2012-05-07 18:58 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364 e35\System.ServiceModel.Discovery.dll - 2012-02-22 02:15 . 2012-02-22 02:15 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364 e35\System.ServiceModel.Discovery.dll - 2012-02-22 02:15 . 2012-02-22 02:15 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad36 4e35\System.ServiceModel.Activities.dll + 2012-05-07 18:58 . 2012-05-07 18:58 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad36 4e35\System.ServiceModel.Activities.dll + 2012-05-07 18:58 . 2012-05-07 18:58 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Sec urity.dll - 2012-02-22 02:15 . 2012-02-22 02:15 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Sec urity.dll + 2012-05-07 18:58 . 2012-05-07 18:58 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0 __b03f5f7f11d50a3a\System.Runtime.Serialization.Fo rmatters.Soap.dll - 2012-02-22 02:15 . 2012-02-22 02:15 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0 __b03f5f7f11d50a3a\System.Runtime.Serialization.Fo rmatters.Soap.dll + 2012-05-07 18:58 . 2012-05-07 18:58 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\Sy stem.Runtime.Remoting.dll - 2012-02-22 02:15 . 2012-02-22 02:15 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\Sy stem.Runtime.Remoting.dll + 2012-05-07 18:58 . 2012-05-07 18:58 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad 364e35\System.Runtime.DurableInstancing.dll - 2012-02-22 02:15 . 2012-02-22 02:15 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad 364e35\System.Runtime.DurableInstancing.dll - 2012-02-22 02:15 . 2012-02-22 02:15 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll + 2012-05-07 18:58 . 2012-05-07 18:58 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll - 2012-02-22 02:15 . 2012-02-22 02:15 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Me ssaging.dll + 2012-05-07 18:58 . 2012-05-07 18:58 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Me ssaging.dll - 2012-02-22 02:15 . 2012-02-22 02:15 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.M anagement.dll + 2012-05-07 18:58 . 2012-05-07 18:58 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.M anagement.dll + 2012-05-07 18:58 . 2012-05-07 18:58 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Management.Instrumentation\v4.0_4.0.0.0__b77a5c561 934e089\System.Management.Instrumentation.dll - 2012-02-22 02:15 . 2012-02-22 02:15 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Management.Instrumentation\v4.0_4.0.0.0__b77a5c561 934e089\System.Management.Instrumentation.dll + 2012-05-07 18:58 . 2012-05-07 18:58 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Lo g.dll - 2012-02-22 02:15 . 2012-02-22 02:15 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Lo g.dll - 2012-02-22 02:15 . 2012-02-22 02:15 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\Syste m.IdentityModel.dll + 2012-05-07 18:58 . 2012-05-07 18:58 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\Syste m.IdentityModel.dll - 2012-02-22 02:15 . 2012-02-22 02:15 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934 e089\System.IdentityModel.Selectors.dll + 2012-05-07 18:58 . 2012-05-07 18:58 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934 e089\System.IdentityModel.Selectors.dll + 2012-05-07 18:58 . 2012-05-07 18:58 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dyna mic.dll - 2012-02-22 02:15 . 2012-02-22 02:15 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dyna mic.dll + 2012-05-07 18:58 . 2012-05-07 18:58 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Draw ing.dll + 2012-05-07 18:58 . 2012-05-07 18:58 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\S ystem.DirectoryServices.dll - 2012-02-22 02:15 . 2012-02-22 02:15 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\S ystem.DirectoryServices.dll + 2012-05-07 18:58 . 2012-05-07 18:58 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f 11d50a3a\System.DirectoryServices.Protocols.dll - 2012-02-22 02:15 . 2012-02-22 02:15 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f 11d50a3a\System.DirectoryServices.Protocols.dll + 2012-05-07 18:58 . 2012-05-07 18:58 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. DirectoryServices.AccountManagement\v4.0_4.0.0.0__ b77a5c561934e089\System.DirectoryServices.AccountM anagement.dll - 2012-02-22 02:15 . 2012-02-22 02:15 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. DirectoryServices.AccountManagement\v4.0_4.0.0.0__ b77a5c561934e089\System.DirectoryServices.AccountM anagement.dll - 2012-02-22 02:15 . 2012-02-22 02:15 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.D eployment.dll + 2012-05-07 18:58 . 2012-05-07 18:58 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.D eployment.dll - 2012-02-22 02:15 . 2012-02-22 02:15 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System. Data.SqlXml.dll + 2012-05-07 18:58 . 2012-05-07 18:58 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System. Data.SqlXml.dll + 2012-05-07 18:58 . 2012-05-07 18:58 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e08 9\System.Data.Services.Client.dll - 2012-02-22 02:15 . 2012-02-22 02:15 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e08 9\System.Data.Services.Client.dll - 2012-02-22 02:15 . 2012-02-22 02:15 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Da ta.Linq.dll + 2012-05-07 18:58 . 2012-05-07 18:58 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Da ta.Linq.dll - 2012-02-22 02:15 . 2012-02-22 02:15 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\Syste m.configuration.dll + 2012-05-07 18:58 . 2012-05-07 18:58 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\Syste m.configuration.dll + 2012-05-07 18:58 . 2012-05-07 18:58 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561 934e089\System.ComponentModel.Composition.dll - 2012-02-22 02:15 . 2012-02-22 02:15 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561 934e089\System.ComponentModel.Composition.dll + 2012-05-07 18:58 . 2012-05-07 18:58 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn. dll - 2012-02-22 02:15 . 2012-02-22 02:15 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn. dll - 2012-02-22 02:15 . 2012-02-22 02:15 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Activities.DurableInstancing\v4.0_4.0.0.0__31bf385 6ad364e35\System.Activities.DurableInstancing.dll + 2012-05-07 18:58 . 2012-05-07 18:58 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Activities.DurableInstancing\v4.0_4.0.0.0__31bf385 6ad364e35\System.Activities.DurableInstancing.dll - 2012-02-22 02:15 . 2012-02-22 02:15 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Activities.Core.Presentation\v4.0_4.0.0.0__31bf385 6ad364e35\System.Activities.Core.Presentation.dll + 2012-05-07 18:58 . 2012-05-07 18:58 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Activities.Core.Presentation\v4.0_4.0.0.0__31bf385 6ad364e35\System.Activities.Core.Presentation.dll - 2012-02-22 02:15 . 2012-02-22 02:15 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglob l\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2012-05-07 18:58 . 2012-05-07 18:58 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglob l\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2012-05-07 18:58 . 2012-05-07 18:58 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFr amework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramew ork.dll - 2012-02-22 02:15 . 2012-02-22 02:15 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFr amework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramew ork.dll + 2012-05-07 18:58 . 2012-05-07 18:58 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationUI\v4.0_4.0.0.0__31bf3856ad364e35\Presentatio nUI.dll - 2012-02-22 02:15 . 2012-02-22 02:15 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationUI\v4.0_4.0.0.0__31bf3856ad364e35\Presentatio nUI.dll - 2012-02-22 02:15 . 2012-02-22 02:15 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e 35\PresentationFramework.Royale.dll + 2012-05-07 18:58 . 2012-05-07 18:58 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e 35\PresentationFramework.Royale.dll + 2012-05-07 18:58 . 2012-05-07 18:58 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35 \PresentationFramework.Luna.dll - 2012-02-22 02:15 . 2012-02-22 02:15 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35 \PresentationFramework.Luna.dll + 2012-05-07 18:58 . 2012-05-07 18:58 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364 e35\PresentationFramework.Classic.dll - 2012-02-22 02:15 . 2012-02-22 02:15 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364 e35\PresentationFramework.Classic.dll + 2012-05-07 18:58 . 2012-05-07 18:58 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35 \PresentationFramework.Aero.dll - 2012-02-22 02:15 . 2012-02-22 02:15 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35 \PresentationFramework.Aero.dll + 2012-05-07 18:58 . 2012-05-07 18:58 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Mic rosoft.VisualBasic.dll - 2012-02-22 02:15 . 2012-02-22 02:15 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Mic rosoft.VisualBasic.dll + 2012-05-07 18:58 . 2012-05-07 18:58 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f 7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2012-02-22 02:15 . 2012-02-22 02:15 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f 7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2012-05-07 18:58 . 2012-05-07 18:58 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50 a3a\Microsoft.Transactions.Bridge.dll - 2012-02-22 02:15 . 2012-02-22 02:15 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50 a3a\Microsoft.Transactions.Bridge.dll + 2012-05-07 18:58 . 2012-05-07 18:58 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microso ft.JScript.dll - 2012-02-22 02:15 . 2012-02-22 02:15 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microso ft.JScript.dll - 2012-02-22 02:15 . 2012-02-22 02:15 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft .CSharp.dll + 2012-05-07 18:58 . 2012-05-07 18:58 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microso ft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft .CSharp.dll - 2012-02-22 02:15 . 2012-02-22 02:15 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Tr ansactions\v4.0_4.0.0.0__b77a5c561934e089\System.T ransactions.dll + 2012-05-07 18:58 . 2012-05-07 18:58 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Tr ansactions\v4.0_4.0.0.0__b77a5c561934e089\System.T ransactions.dll + 2012-05-07 18:58 . 2012-05-07 18:58 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Pr inting\v4.0_4.0.0.0__31bf3856ad364e35\System.Print ing.dll - 2012-02-22 02:15 . 2012-02-22 02:15 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Pr inting\v4.0_4.0.0.0__31bf3856ad364e35\System.Print ing.dll + 2012-05-07 18:58 . 2012-05-07 18:58 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.En terpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\Sy stem.EnterpriseServices.Wrapper.dll - 2012-02-22 02:15 . 2012-02-22 02:15 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.En terpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\Sy stem.EnterpriseServices.Wrapper.dll - 2012-02-22 02:15 . 2012-02-22 02:15 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.En terpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\Sy stem.EnterpriseServices.dll + 2012-05-07 18:58 . 2012-05-07 18:58 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.En terpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\Sy stem.EnterpriseServices.dll - 2012-02-22 02:15 . 2012-02-22 02:15 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft .Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d 50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2012-05-07 18:58 . 2012-05-07 18:58 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft .Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d 50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2012-02-03 03:56 . 2012-02-03 03:56 963584 c:\windows\Installer\b907a.msp + 2012-05-06 16:20 . 2012-05-06 16:20 203776 c:\windows\Installer\9a7f4c.msi + 2012-05-06 16:14 . 2012-05-06 16:14 900096 c:\windows\Installer\9a7f3a.msi
|
|
#15
May 10th, 2012, 12:06 PM
|
||||
|
||||
|
Page 2 Combofix.txt May 10, 2012
+ 2012-05-07 19:00 . 2012-05-07 19:00 843776 c:\windows\assembly\NativeImages1_v1.1.4322\System .Drawing\1.0.5000.0__b03f5f7f11d50a3a_adc3d663\Sys tem.Drawing.dll + 2012-05-07 19:00 . 2012-05-07 19:00 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System .Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_55216 dc2\System.Drawing.Design.dll + 2012-05-07 19:35 . 2012-05-07 19:35 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\Win dowsFormsIntegra#\d3f175cefc439ba7d036a7f8f0ebe0c2 \WindowsFormsIntegration.ni.dll + 2012-05-07 19:35 . 2012-05-07 19:35 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Windows.Form#\cc43f242e4f24639aece610a95406534 \System.Windows.Forms.DataVisualization.Design.ni. dll + 2012-05-07 19:35 . 2012-05-07 19:35 864256 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web.Extensio#\46de13013e975ac2105f2e4b6faf3b45 \System.Web.Extensions.Design.ni.dll + 2012-05-07 19:35 . 2012-05-07 19:35 334848 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web.Entity\e810f2696f5cad96f0ae278b520398a2\Sy stem.Web.Entity.ni.dll + 2012-05-07 19:35 . 2012-05-07 19:35 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web.Entity.D#\9ae239000870d5e9814d3da3027bf598 \System.Web.Entity.Design.ni.dll + 2012-05-07 19:35 . 2012-05-07 19:35 708096 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web.DynamicD#\84448e1d3b362675759f78033ba63142 \System.Web.DynamicData.ni.dll + 2012-05-07 19:35 . 2012-05-07 19:35 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web.DataVisu#\bdd27a2ab9021222c7d649a41b2a034d \System.Web.DataVisualization.Design.ni.dll + 2012-05-07 19:34 . 2012-05-07 19:34 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceProce#\873202699833a0c3d031c82b556a7296 \System.ServiceProcess.ni.dll + 2012-05-07 19:35 . 2012-05-07 19:35 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Messaging\8bbad53639576996991c10977adab5ca\Sys tem.Messaging.ni.dll + 2012-05-07 18:59 . 2012-05-07 18:59 226304 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Drawing.Desi#\06f391d52ab00469279819265bd111d2 \System.Drawing.Design.ni.dll + 2012-05-07 19:34 . 2012-05-07 19:34 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Mic rosoft.VisualBas#\471bb0cccb42e476fe2aefec0ca91d86 \Microsoft.VisualBasic.Compatibility.Data.ni.dll + 2012-05-07 19:34 . 2012-05-07 19:34 852480 c:\windows\assembly\NativeImages_v4.0.30319_32\Asp NetMMCExt\b66c764c2b00cb7c7e5ee8d628fedba4\AspNetM MCExt.ni.dll + 2012-05-07 14:01 . 2012-05-07 14:01 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\Win dowsFormsIntegra#\5be064066858620a8aa628fca459a888 \WindowsFormsIntegration.ni.dll + 2012-05-07 14:04 . 2012-05-07 14:04 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Routing\1107b3a711bab40c83e2561ba2431d62\S ystem.Web.Routing.ni.dll + 2012-05-07 14:04 . 2012-05-07 14:04 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Extensio#\d7c8c294920cfe79765215e242308d28 \System.Web.Extensions.Design.ni.dll + 2012-05-07 14:04 . 2012-05-07 14:04 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Entity\5176923a8264305118a299419e1c7bde\Sy stem.Web.Entity.ni.dll + 2012-05-07 14:04 . 2012-05-07 14:04 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Entity.D#\d746c0f0ed36226efb2e0115de42cdd6 \System.Web.Entity.Design.ni.dll + 2012-05-07 14:04 . 2012-05-07 14:04 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.DynamicD#\df5542604898c9ea3fda32c8619ae0e5 \System.Web.DynamicData.ni.dll + 2012-05-07 14:04 . 2012-05-07 14:04 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Abstract#\b9c8715157536097b489132574ad5c17 \System.Web.Abstractions.ni.dll + 2012-05-07 14:04 . 2012-05-07 14:04 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.ServiceProce#\56e433394df8d44e43690a855e403555 \System.ServiceProcess.ni.dll + 2012-05-07 14:01 . 2012-05-07 14:01 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing.Desi#\cc2cd3bc46c9c2b30e47281e404a3230 \System.Drawing.Design.ni.dll + 2012-05-07 14:04 . 2012-05-07 14:04 530432 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.SqlServer#\dcf839063ca38232d9f16152e43c99cb \Microsoft.SqlServer.GridControl.ni.dll + 2012-05-07 14:04 . 2012-05-07 14:04 989184 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.SqlServer#\52a17c35dd2ed49b8129a533f879a950 \Microsoft.SqlServer.WizardFrameworkLite.ni.dll + 2012-05-07 14:04 . 2012-05-07 14:04 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.SqlServer#\075bac1ae40360f525821a6ecd0c88fb \Microsoft.SqlServer.Setup.ni.dll + 2012-05-07 14:03 . 2012-05-07 14:03 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.PowerShel#\3e041a29f5dfd7b1063478673fff4376 \Microsoft.PowerShell.Commands.Utility.ni.dll + 2012-05-07 14:03 . 2012-05-07 14:03 231936 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.NetEnterp#\e8e5f62018668d3a0735b7e62bb9d3b0 \Microsoft.NetEnterpriseServers.ExceptionMessageBo x.ni.dll + 2012-05-07 14:03 . 2012-05-07 14:03 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\Asp NetMMCExt\8d6cd6a93f679608d52b6c874088b963\AspNetM MCExt.ni.dll + 2012-05-06 20:07 . 2012-05-06 20:07 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2 .0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2012-02-22 02:21 . 2012-02-22 02:21 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2 .0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2012-02-22 02:21 . 2012-02-22 02:21 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0 .0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2012-05-06 20:07 . 2012-05-06 20:07 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0 .0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2012-02-22 02:21 . 2012-02-22 02:21 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess \2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll + 2012-05-06 20:07 . 2012-05-06 20:07 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess \2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll - 2012-02-22 02:21 . 2012-02-22 02:21 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0 .0__b03f5f7f11d50a3a\System.Security.dll + 2012-05-06 20:07 . 2012-05-06 20:07 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0 .0__b03f5f7f11d50a3a\System.Security.dll - 2012-02-22 02:21 . 2012-02-22 02:21 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serial ization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ System.Runtime.Serialization.Formatters.Soap.dll + 2012-05-06 20:07 . 2012-05-06 20:07 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serial ization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ System.Runtime.Serialization.Formatters.Soap.dll - 2012-02-22 02:21 . 2012-02-22 02:21 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoti ng\2.0.0.0__b77a5c561934e089\System.Runtime.Remoti ng.dll + 2012-05-06 20:07 . 2012-05-06 20:07 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoti ng\2.0.0.0__b77a5c561934e089\System.Runtime.Remoti ng.dll + 2012-05-06 20:07 . 2012-05-06 20:07 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0. 0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2012-02-22 02:21 . 2012-02-22 02:21 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0. 0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2012-02-22 02:21 . 2012-02-22 02:21 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0 .0.0__b03f5f7f11d50a3a\System.Management.dll + 2012-05-06 20:07 . 2012-05-06 20:07 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0 .0.0__b03f5f7f11d50a3a\System.Management.dll + 2012-05-06 20:07 . 2012-05-06 20:07 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0. 0__b03f5f7f11d50a3a\System.Drawing.dll - 2012-02-22 02:21 . 2012-02-22 02:21 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServi ces\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServ ices.dll + 2012-05-06 20:07 . 2012-05-06 20:07 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServi ces\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServ ices.dll + 2012-05-06 20:07 . 2012-05-06 20:07 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServi ces.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.Dir ectoryServices.Protocols.dll - 2012-02-22 02:21 . 2012-02-22 02:21 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServi ces.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.Dir ectoryServices.Protocols.dll + 2012-05-06 20:07 . 2012-05-06 20:07 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0 .0.0__b03f5f7f11d50a3a\System.Deployment.dll - 2012-02-22 02:21 . 2012-02-22 02:21 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0 .0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2012-05-06 20:07 . 2012-05-06 20:07 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2. 0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2012-02-22 02:21 . 2012-02-22 02:21 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2. 0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2012-05-06 20:07 . 2012-05-06 20:07 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\ 2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2012-02-22 02:21 . 2012-02-22 02:21 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\ 2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2012-05-06 20:07 . 2012-05-06 20:07 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03 f5f7f11d50a3a\sysglobl.dll - 2012-02-22 02:21 . 2012-02-22 02:21 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03 f5f7f11d50a3a\sysglobl.dll + 2012-05-06 20:07 . 2012-05-06 20:07 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic \8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.d ll - 2012-02-22 02:21 . 2012-02-22 02:21 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic \8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.d ll - 2012-02-22 02:21 . 2012-02-22 02:21 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft .VisualBasic.Compatibility.dll + 2012-05-06 20:07 . 2012-05-06 20:07 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft .VisualBasic.Compatibility.dll - 2012-02-22 02:21 . 2012-02-22 02:21 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Micr osoft.VisualBasic.Compatibility.Data.dll + 2012-05-06 20:07 . 2012-05-06 20:07 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Micr osoft.VisualBasic.Compatibility.Data.dll - 2012-02-22 02:21 . 2012-02-22 02:21 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2012-05-06 20:07 . 2012-05-06 20:07 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2012-05-06 20:07 . 2012-05-06 20:07 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks \2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.d ll - 2012-02-22 02:21 . 2012-02-22 02:21 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks \2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.d ll + 2012-05-06 20:07 . 2012-05-06 20:07 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engin e\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine .dll - 2012-02-22 02:21 . 2012-02-22 02:21 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engin e\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine .dll - 2012-02-22 02:21 . 2012-02-22 02:21 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0_ _b03f5f7f11d50a3a\AspNetMMCExt.dll + 2012-05-06 20:07 . 2012-05-06 20:07 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0_ _b03f5f7f11d50a3a\AspNetMMCExt.dll - 2012-02-22 02:21 . 2012-02-22 02:21 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0 .0.0__b77a5c561934e089\System.Transactions.dll + 2012-05-06 20:07 . 2012-05-06 20:07 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0 .0.0__b77a5c561934e089\System.Transactions.dll - 2012-02-22 02:21 . 2012-02-22 02:21 113664 c:\windows\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.Wrapper.dll + 2012-05-06 20:07 . 2012-05-06 20:07 113664 c:\windows\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.Wrapper.dll + 2012-05-06 20:07 . 2012-05-06 20:07 258048 c:\windows\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll - 2012-02-22 02:21 . 2012-02-22 02:21 258048 c:\windows\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll + 2012-05-06 20:07 . 2012-05-06 20:07 486400 c:\windows\assembly\GAC_32\System.Data.OracleClien t\2.0.0.0__b77a5c561934e089\System.Data.OracleClie nt.dll - 2012-02-22 02:21 . 2012-02-22 02:21 486400 c:\windows\assembly\GAC_32\System.Data.OracleClien t\2.0.0.0__b77a5c561934e089\System.Data.OracleClie nt.dll + 2012-05-07 19:00 . 2012-05-07 19:00 471040 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0_ _b03f5f7f11d50a3a\System.Drawing.dll + 2012-05-06 17:08 . 2012-05-06 17:08 8797856 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_20 2_235.dll + 2012-01-31 08:46 . 2012-01-31 08:46 6385664 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updat es\M2656370\M2656370Uninstall.msp - 2012-02-22 02:15 . 2012-02-22 02:15 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Windows Base\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dl l + 2012-05-07 18:58 . 2012-05-07 18:58 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Windows Base\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dl l - 2012-02-22 02:15 . 2012-02-22 02:15 3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\ v4.0_4.0.0.0__b77a5c561934e089\System.dll + 2012-05-07 18:58 . 2012-05-07 18:58 3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\ v4.0_4.0.0.0__b77a5c561934e089\System.dll - 2012-02-22 02:15 . 2012-02-22 02:15 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll + 2012-05-07 18:58 . 2012-05-07 18:58 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll + 2012-05-07 18:58 . 2012-05-07 18:58 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\Syste m.Windows.Forms.dll - 2012-02-22 02:15 . 2012-02-22 02:15 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\Syste m.Windows.Forms.dll - 2012-02-22 02:15 . 2012-02-22 02:15 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf 3856ad364e35\System.Windows.Forms.DataVisualizatio n.dll + 2012-05-07 18:58 . 2012-05-07 18:58 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf 3856ad364e35\System.Windows.Forms.DataVisualizatio n.dll + 2012-05-07 18:58 . 2012-05-07 18:58 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System .ServiceModel.dll - 2012-02-22 02:15 . 2012-02-22 02:15 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System .ServiceModel.dll + 2012-05-07 18:58 . 2012-05-07 18:58 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e0 89\System.Runtime.Serialization.dll - 2012-02-22 02:15 . 2012-02-22 02:15 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e0 89\System.Runtime.Serialization.dll + 2012-05-07 18:58 . 2012-05-07 18:58 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System. Data.Entity.dll - 2012-02-22 02:15 . 2012-02-22 02:15 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System. Data.Entity.dll - 2012-02-22 02:15 . 2012-02-22 02:15 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dl l + 2012-05-07 18:58 . 2012-05-07 18:58 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dl l - 2012-02-22 02:15 . 2012-02-22 02:15 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.A ctivities.dll + 2012-05-07 18:58 . 2012-05-07 18:58 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.A ctivities.dll + 2012-05-07 18:58 . 2012-05-07 18:58 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Activities.Presentation\v4.0_4.0.0.0__31bf3856ad36 4e35\System.Activities.Presentation.dll - 2012-02-22 02:15 . 2012-02-22 02:15 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System. Activities.Presentation\v4.0_4.0.0.0__31bf3856ad36 4e35\System.Activities.Presentation.dll + 2012-05-07 18:58 . 2012-05-07 18:58 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationFramework\v4.0_4.0.0.0__31bf3856ad364e35\Pres entationFramework.dll - 2012-02-22 02:15 . 2012-02-22 02:15 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Present ationFramework\v4.0_4.0.0.0__31bf3856ad364e35\Pres entationFramework.dll + 2012-05-07 18:58 . 2012-05-07 18:58 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Da ta\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll - 2012-02-22 02:15 . 2012-02-22 02:15 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Da ta\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll + 2012-05-07 18:58 . 2012-05-07 18:58 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\Presentat ionCore\v4.0_4.0.0.0__31bf3856ad364e35\Presentatio nCore.dll - 2012-02-22 02:15 . 2012-02-22 02:15 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\Presentat ionCore\v4.0_4.0.0.0__31bf3856ad364e35\Presentatio nCore.dll + 2012-05-07 18:58 . 2012-05-07 18:58 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\ v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll - 2012-02-22 02:15 . 2012-02-22 02:15 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\ v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll - 2012-02-22 02:15 . 2012-02-22 02:15 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft .VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b0 3f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Co mpiler.dll + 2012-05-07 18:58 . 2012-05-07 18:58 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft .VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b0 3f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Co mpiler.dll + 2012-05-07 19:00 . 2012-05-07 19:00 7069184 c:\windows\Installer\ae008e.msp + 2012-01-22 14:09 . 2012-01-22 14:09 1700352 c:\windows\Installer\ae0085.msp + 2012-05-07 19:00 . 2012-05-07 19:00 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System .Windows.Forms\1.0.5000.0__b77a5c561934e089_71d93e d1\System.Windows.Forms.dll + 2012-05-07 19:00 . 2012-05-07 19:00 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System .Windows.Forms\1.0.5000.0__b77a5c561934e089_2d4c09 96\System.Windows.Forms.dll + 2012-05-07 19:04 . 2012-05-07 19:04 2248704 c:\windows\assembly\NativeImages1_v1.1.4322\System .Drawing\1.0.5000.0__b03f5f7f11d50a3a_cc14f760\Sys tem.Drawing.dll + 2012-05-07 19:00 . 2012-05-07 19:00 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System .Design\1.0.5000.0__b03f5f7f11d50a3a_9d862074\Syst em.Design.dll + 2012-05-07 19:04 . 2012-05-07 19:04 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System .Design\1.0.5000.0__b03f5f7f11d50a3a_7175f725\Syst em.Design.dll + 2012-05-07 18:59 . 2012-05-07 18:59 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\Win dowsBase\64bc66b117a976cc4972e4376290c95d\WindowsB ase.ni.dll + 2012-05-07 19:35 . 2012-05-07 19:35 1211904 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.WorkflowServ#\db66b77c7fd405dd85977c7450fdbb4c \System.WorkflowServices.ni.dll + 2012-05-07 19:35 . 2012-05-07 19:35 4475904 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Workflow.Com#\5d37895fcb84fc4c1baeda9cdad7a43b \System.Workflow.ComponentModel.ni.dll + 2012-05-07 19:35 . 2012-05-07 19:35 2872320 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Workflow.Act#\8b2b77ea27aa46e8f82bb8101df16a19 \System.Workflow.Activities.ni.dll + 2012-05-07 19:35 . 2012-05-07 19:35 4586496 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Windows.Form#\e8781973fbd0c7a4703e37052f45b783 \System.Windows.Forms.DataVisualization.ni.dll + 2012-05-07 19:35 . 2012-05-07 19:35 2334720 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web.Mobile\d65fbdd263b35421b44256f250463246\Sy stem.Web.Mobile.ni.dll + 2012-05-07 19:35 . 2012-05-07 19:35 3123200 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web.Extensio#\70f55c226bc02396fe093a770c954ac8 \System.Web.Extensions.ni.dll + 2012-05-07 19:35 . 2012-05-07 19:35 4574720 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web.DataVisu#\7073659b9db193ca851bbcc05c8173c8 \System.Web.DataVisualization.ni.dll + 2012-05-07 19:34 . 2012-05-07 19:34 1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Printing\241c6a208037e498657a9e85e398f5a4\Syst em.Printing.ni.dll + 2012-05-07 18:59 . 2012-05-07 18:59 1665024 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Drawing\9ac7922025e72297069a82a403cb59fa\Syste m.Drawing.ni.dll + 2012-05-07 19:34 . 2012-05-07 19:34 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Deployment\2a3e6c74bc3763eefe27c55d9cad3fda\Sy stem.Deployment.ni.dll + 2012-05-07 19:35 . 2012-05-07 19:35 3713024 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Activities.P#\8881093f626f25e558129c833b525ff5 \System.Activities.Presentation.ni.dll + 2012-05-07 19:34 . 2012-05-07 19:34 2859008 c:\windows\assembly\NativeImages_v4.0.30319_32\Rea chFramework\385f2b705df4c3fbc6654005f1a38943\Reach Framework.ni.dll + 2012-05-07 19:34 . 2012-05-07 19:34 1631744 c:\windows\assembly\NativeImages_v4.0.30319_32\Pre sentationUI\b895a66fa91475e1958d5a2ad63281ca\Prese ntationUI.ni.dll + 2012-05-07 19:34 . 2012-05-07 19:34 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Mic rosoft.VisualBas#\3a77b9d9b14daaf01c0347d2523dd69c \Microsoft.VisualBasic.Compatibility.ni.dll + 2012-05-07 19:34 . 2012-05-07 19:34 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Mic rosoft.VisualBas#\03bc4ff490bc2c544c5f61842a394883 \Microsoft.VisualBasic.ni.dll + 2012-05-07 19:34 . 2012-05-07 19:34 2868736 c:\windows\assembly\NativeImages_v4.0.30319_32\Mic rosoft.Build.Tas#\25d27c5881735866f47fb57080989b66 \Microsoft.Build.Tasks.v4.0.ni.dll + 2012-05-07 14:04 . 2012-05-07 14:04 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.WorkflowServ#\d31d2eb0a862d3c1d3561be5f1570c3e \System.WorkflowServices.ni.dll + 2012-05-07 14:04 . 2012-05-07 14:04 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Workflow.Com#\53c2336db392bfa5484850780048e37a \System.Workflow.ComponentModel.ni.dll + 2012-05-07 14:04 . 2012-05-07 14:04 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Workflow.Act#\f243723cda77dd647b250dd9c42c35e2 \System.Workflow.Activities.ni.dll + 2012-05-07 14:04 . 2012-05-07 14:04 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Mobile\d1dacd5cb445b242b70bf7d606464293\Sy stem.Web.Mobile.ni.dll + 2012-05-07 14:04 . 2012-05-07 14:04 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Extensio#\6acbb8bb1a43fab0fdcf55bedd1fbcc3 \System.Web.Extensions.ni.dll + 2012-05-07 14:01 . 2012-05-07 14:01 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Printing\44d507a702c1623810e094adf751f687\Syst em.Printing.ni.dll + 2012-05-07 14:01 . 2012-05-07 14:01 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\Syste m.Drawing.ni.dll + 2012-05-07 14:04 . 2012-05-07 14:04 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Deployment\3d253a2235f7c03630003bc1fbaf34a3\Sy stem.Deployment.ni.dll + 2012-05-07 14:00 . 2012-05-07 14:00 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\Rea chFramework\c73e109dbac6b099786cc68fe36e3d0b\Reach Framework.ni.dll + 2012-05-07 14:00 . 2012-05-07 14:00 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationUI\20d72aeac1109863b77532d37d3f4fa2\Prese ntationUI.ni.dll + 2012-05-07 14:04 . 2012-05-07 14:04 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c \Microsoft.VisualBasic.ni.dll + 2012-05-07 14:03 . 2012-05-07 14:03 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Build.Tas#\876b7280cf4e81fd65b120f60d38a7d9 \Microsoft.Build.Tasks.ni.dll + 2012-05-07 14:03 . 2012-05-07 14:03 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Build.Tas#\64ba53308e90fa3837fe47977e2d37b6 \Microsoft.Build.Tasks.v3.5.ni.dll + 2012-05-06 20:07 . 2012-05-06 20:07 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5 c561934e089\System.dll - 2012-02-22 02:21 . 2012-02-22 02:21 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5 c561934e089\System.dll - 2012-02-22 02:21 . 2012-02-22 02:21 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b 77a5c561934e089\System.XML.dll + 2012-05-06 20:07 . 2012-05-06 20:07 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b 77a5c561934e089\System.XML.dll + 2012-05-06 20:07 . 2012-05-06 20:07 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\ 2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2012-02-22 02:21 . 2012-02-22 02:21 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\ 2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2012-05-06 20:07 . 2012-05-06 20:07 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0 __b03f5f7f11d50a3a\System.Design.dll - 2012-02-22 02:21 . 2012-02-22 02:21 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0 __b03f5f7f11d50a3a\System.Design.dll + 2012-05-06 20:07 . 2012-05-06 20:07 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03 f5f7f11d50a3a\System.Web.dll - 2012-02-22 02:21 . 2012-02-22 02:21 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03 f5f7f11d50a3a\System.Web.dll - 2012-02-22 02:21 . 2012-02-22 02:21 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll + 2012-05-06 20:07 . 2012-05-06 20:07 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll + 2012-05-06 20:07 . 2012-05-06 20:07 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\mscorlib.dll - 2012-02-22 02:21 . 2012-02-22 02:21 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\mscorlib.dll + 2012-05-07 18:59 . 2012-05-07 18:59 13196800 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Windows.Forms\67b05b57919dfc3a1521f33198495f5b \System.Windows.Forms.ni.dll + 2012-05-07 19:34 . 2012-05-07 19:34 12076544 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web\0541e0facc72aeb8f189dd8ab69344bd\System.We b.ni.dll + 2012-05-07 18:59 . 2012-05-07 18:59 11002880 c:\windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Design\bb766612c7402195f00054b9809ebed9\System .Design.ni.dll + 2012-05-07 18:59 . 2012-05-07 18:59 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\Pre sentationFramewo#\d5be46bcb4eba96a282fb0129b00918d \PresentationFramework.ni.dll + 2012-05-07 18:59 . 2012-05-07 18:59 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\Pre sentationCore\503f6775eb81ff6d97a3e93a70ff8d6e\Pre sentationCore.ni.dll + 2012-05-07 14:01 . 2012-05-07 14:01 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f \System.Windows.Forms.ni.dll + 2012-05-07 14:04 . 2012-05-07 14:04 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web\db1d2470de43ffcb6f562277208d56e5\System.We b.ni.dll + 2012-05-07 14:01 . 2012-05-07 14:01 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Design\561138d8d199861578c197c4d24e3934\System .Design.ni.dll + 2012-05-07 14:00 . 2012-05-07 14:00 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\029d1d9e6495065aa4f38bcf2315ee8c \PresentationFramework.ni.dll + 2012-05-07 14:00 . 2012-05-07 14:00 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationCore\0a059ecfca6e421629a8298b03a7814c\Pre sentationCore.ni.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "nwiz"="nwiz.exe" [2008-05-03 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-05-03 86016] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880] "P17Helper"="SPIRun.dll" [2006-07-03 10752] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-08-20 1874264] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2011-07-27 434080] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce] "_nltide_3"="advpack.dll" [2009-07-15 128512] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-10-13 5904216] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-10-13 1175912] QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2008\QBW32.EXE [2011-10-13 1178984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "DisableCAD"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\system32\\sessmgr.exe"= . R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [8/19/2011 09:31 PM 1248256] S0 07092760;07092760;c:\windows\system32\drivers\3095 8625.sys --> c:\windows\system32\drivers\30958625.sys [?] S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPl ayerUpdateService.exe [4/26/2012 07:10 AM 257696] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [3/18/2010 01:16 PM 130384] S3 mbamchameleon;mbamchameleon;c:\windows\system32\dr ivers\mbamchameleon.sys [4/29/2012 08:06 PM 32072] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [3/18/2010 01:16 PM 753504] S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 10:43 PM 129976] . Contents of the 'Scheduled Tasks' folder . 2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-04-26 17:08] . 2012-05-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\cs4pkzgg.default\ . . ************************************************** ************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-10 06:53 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run P17Helper = Rundll32 SPIRun.dll,RunDLLEntry? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(672) c:\windows\system32\adsldpc.dll . - - - - - - - > 'explorer.exe'(2804) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . Completion time: 2012-05-10 06:55:04 ComboFix-quarantined-files.txt 2012-05-10 10:55 ComboFix2.txt 2012-05-01 23:43 . Pre-Run: 56,889,843,712 bytes free Post-Run: 57,471,639,552 bytes free . - - End Of File - - B93BEAD7BC4E35895E858B611474FBE1
|
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 09:12 AM.
