Possible Data Recovery virus on Win7 x64

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Possible Data Recovery virus on Win7 x64 Continued Google redirects in IE/FF, auto spawn of iexplore

#1 magnet0

Member

Group: Members
Posts: 17
Joined: 30-September 11

Posted 02 October 2011 - 06:37 PM

Previous attempt for resolution with Broni described here:

http://www.bleepingcomputer.com/forums/topic421265.html

Continued Google redirects in IE and FF. I renamed iexplore.exe to avoid iexplore.exe auto spawning as a background process with no available window.

Oh, and I could not run GMER with the options suggested as they are greyed out. GMER found no information upon quick scan.

------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by magnet0 at 18:58:40 on 2011-10-02
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2461 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ATKFUSService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Starfield\offSyncService.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxbtcoms.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Lexmark 5200 Series\lxbtmon.exe
C:\Program Files (x86)\Lexmark 5200 Series\ezprint.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\Creative\Shared Files\CamTray.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\ASUS\AI Suite\Q-Button\QButton.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\fdlauncher.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\fdhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
uRun: [Creative WebCam Tray] "C:\Program Files (x86)\Creative\Shared Files\CamTray.exe"
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [CursorFX] "C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Ai Nap] "C:\Program Files\ASUS\AI Suite\Q-Button\QButton.exe"
mRun: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\magnet0\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{3F7987C3-11C7-44AA-BF3F-40FC9A3646BE} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{50E31421-6CF5-4E3F-A765-179BF495618D} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{6F88D358-6C28-4449-8549-BCB380CFACDE} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{6F88D358-6C28-4449-8549-BCB380CFACDE}\0527F6574605162756E64737 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.11 68.105.29.11
TCP: Interfaces\{AEAA886E-ADD5-4160-8B30-AE79D9A1983E} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{B605E203-18D5-4C37-AEDA-CB2A835647E7} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{B605E203-18D5-4C37-AEDA-CB2A835647E7}\0527F6574605162756E64737 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.11 68.105.29.11
TCP: Interfaces\{B605E203-18D5-4C37-AEDA-CB2A835647E7}\C696E6B6379737 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{DBA38D02-46A2-428C-9237-9BA05985025F} : DhcpNameServer = 68.87.72.134 68.87.77.134
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Ai Nap] "C:\Program Files\ASUS\AI Suite\Q-Button\QButton.exe"
mRun-x64: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun-x64: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun-x64: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\magnet0\AppData\Roaming\Mozilla\Firefox\Profiles\eo5xh1kq.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\hungy\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Users\magnet0\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Users\magnet0\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\Plugins\npgoogletalk.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\Plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\Plugins\npoff.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\plugins\npoff.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\Plugins\npwbe.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\plugins\npwbe.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys --> C:\Windows\system32\DRIVERS\EIO64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-11-9 90112]
R2 cpuz132;cpuz132;\??\C:\Windows\system32\drivers\cpuz132_x64.sys --> C:\Windows\system32\drivers\cpuz132_x64.sys [?]
R2 File Backup;File Backup Service;C:\Program Files (x86)\Starfield\offSyncService.exe [2011-2-2 1215216]
R2 MSSQL$SQLSVREXP;SQL Server (SQLSVREXP);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\sqlservr.exe [2011-6-17 62111072]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-4 2214504]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 MSSQLFDLauncher$SQLSVREXP;SQL Full-text Filter Daemon Launcher (SQLSVREXP);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 P0630VID;Creative WebCam Live!;C:\Windows\system32\DRIVERS\P0630Vid.sys --> C:\Windows\system32\DRIVERS\P0630Vid.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SrvHsfPCI;SrvHsfPCI;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-27 366152]
S2 ReportServer$SQLSVREXP;SQL Server Reporting Services (SQLSVREXP);C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLSVREXP\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-6-17 2180960]
S2 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 430424]
S2 SQLAgent$SQLSVREXP;SQL Server Agent (SQLSVREXP);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 431456]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 hcw18bda;Hauppauge WinTV 418 Driver;C:\Windows\system32\drivers\hcw18bda.sys --> C:\Windows\system32\drivers\hcw18bda.sys [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMSVC;Web Management Service;C:\Windows\system32\inetsrv\wmsvc.exe --> C:\Windows\system32\inetsrv\wmsvc.exe [?]
S3 WPFFontCache_v0400;WPFFontCache_v0400;C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe [?]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-10-21 1038088]
S4 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-10 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-10 136176]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-1-25 109168]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?]
.
=============== Created Last 30 ================
.
2011-10-02 20:46:24 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9E7DAC79-192B-4733-9632-98ADDD5DBCDE}\offreg.dll
2011-10-02 20:46:23 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9E7DAC79-192B-4733-9632-98ADDD5DBCDE}\mpengine.dll
2011-10-01 21:02:24 -------- d-----w- C:\Users\magnet0\AppData\Local\{7F843BAB-42EF-4BF3-96F4-B6A12EA1A3CE}
2011-10-01 20:54:50 -------- d-----w- C:\Users\magnet0\AppData\Local\{7880878A-0065-41DC-A796-EEB314CBA60B}
2011-10-01 20:54:49 -------- d-----w- C:\Users\magnet0\AppData\Local\{D7A67C0E-1426-41E0-A622-A8B99ACB0C53}
2011-09-28 18:55:27 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro
2011-09-27 18:24:10 -------- d-----w- C:\Users\magnet0\AppData\Roaming\Malwarebytes
2011-09-27 18:23:57 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-27 18:23:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-27 15:15:37 -------- d-----w- C:\$RECYCLE.BIN
2011-09-27 14:20:07 98816 ----a-w- C:\Windows\sed.exe
2011-09-27 14:20:07 518144 ----a-w- C:\Windows\SWREG.exe
2011-09-27 14:20:07 256000 ----a-w- C:\Windows\PEV.exe
2011-09-27 14:20:07 208896 ----a-w- C:\Windows\MBR.exe
2011-09-27 14:18:57 -------- d-----w- C:\ComboFix
2011-09-27 13:48:20 388096 ----a-r- C:\Users\magnet0\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-27 13:48:19 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-09-09 11:55:53 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A1382DB3-9C5B-40C7-81FA-C2471F8305DC}\gapaengine.dll
2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-10-01 21:20:19 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-30 15:03:20 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-09-12 21:15:53 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-07 00:32:57 65536 ----a-w- C:\Windows\System32\camcodec.dll
2011-08-01 19:59:06 45416 ----a-w- C:\Windows\System32\drivers\point64.sys
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 19:06:39.98 ===============

Attached File(s)

Attach.txt (57.18K)
Number of downloads: 2

This post has been edited by magnet0: 02 October 2011 - 06:40 PM

#2 HelpBot

Bleepin' Binary Bot

Group: Bots
Posts: 5,607
Joined: 05-October 07
Gender:Male

Posted 07 October 2011 - 06:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421620 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
- Please do this even if you have previously posted logs for us.
- If you were unable to produce the logs originally please try once more.
- If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
- If you are unsure about any of these characteristics just post what you can and we will guide you.
Please tell us if you have your original Windows CD/DVD available.
Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 magnet0

Member

Group: Members
Posts: 17
Joined: 30-September 11

Posted 07 October 2011 - 08:12 PM

I have run another DDS log and am posting it. I am running Win7 x64 and I have the original disc. I still have a Google redirect on both FF and IE. I have seen FF crash a few times since the initial discovery. I cannot run GMER with the suggested options.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by magnet0 at 20:51:53 on 2011-10-07
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2387 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ATKFUSService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Starfield\offSyncService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxbtcoms.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\sqlservr.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Lexmark 5200 Series\ezprint.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ASUS\AI Suite\Q-Button\QButton.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\fdlauncher.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\fdhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
uRun: [Creative WebCam Tray] "C:\Program Files (x86)\Creative\Shared Files\CamTray.exe"
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [CursorFX] "C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Ai Nap] "C:\Program Files\ASUS\AI Suite\Q-Button\QButton.exe"
mRun: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\magnet0\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{3F7987C3-11C7-44AA-BF3F-40FC9A3646BE} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{50E31421-6CF5-4E3F-A765-179BF495618D} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{6F88D358-6C28-4449-8549-BCB380CFACDE} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{6F88D358-6C28-4449-8549-BCB380CFACDE}\0527F6574605162756E64737 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.11 68.105.29.11
TCP: Interfaces\{AEAA886E-ADD5-4160-8B30-AE79D9A1983E} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{B605E203-18D5-4C37-AEDA-CB2A835647E7} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{B605E203-18D5-4C37-AEDA-CB2A835647E7}\0527F6574605162756E64737 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.11 68.105.29.11
TCP: Interfaces\{B605E203-18D5-4C37-AEDA-CB2A835647E7}\C696E6B6379737 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{DBA38D02-46A2-428C-9237-9BA05985025F} : DhcpNameServer = 68.87.72.134 68.87.77.134
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Ai Nap] "C:\Program Files\ASUS\AI Suite\Q-Button\QButton.exe"
mRun-x64: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun-x64: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun-x64: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\magnet0\AppData\Roaming\Mozilla\Firefox\Profiles\eo5xh1kq.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\hungy\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Users\magnet0\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Users\magnet0\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\Plugins\npgoogletalk.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\Plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\Plugins\npoff.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\plugins\npoff.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\Plugins\npwbe.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\plugins\npwbe.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys --> C:\Windows\system32\DRIVERS\EIO64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-11-9 90112]
R2 cpuz132;cpuz132;\??\C:\Windows\system32\drivers\cpuz132_x64.sys --> C:\Windows\system32\drivers\cpuz132_x64.sys [?]
R2 File Backup;File Backup Service;C:\Program Files (x86)\Starfield\offSyncService.exe [2011-2-2 1215216]
R2 MSSQL$SQLSVREXP;SQL Server (SQLSVREXP);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\sqlservr.exe [2011-6-17 62111072]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-4 2214504]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 MSSQLFDLauncher$SQLSVREXP;SQL Full-text Filter Daemon Launcher (SQLSVREXP);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]
R3 P0630VID;Creative WebCam Live!;C:\Windows\system32\DRIVERS\P0630Vid.sys --> C:\Windows\system32\DRIVERS\P0630Vid.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SrvHsfPCI;SrvHsfPCI;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-27 366152]
S2 ReportServer$SQLSVREXP;SQL Server Reporting Services (SQLSVREXP);C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLSVREXP\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-6-17 2180960]
S2 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 430424]
S2 SQLAgent$SQLSVREXP;SQL Server Agent (SQLSVREXP);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 431456]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 hcw18bda;Hauppauge WinTV 418 Driver;C:\Windows\system32\drivers\hcw18bda.sys --> C:\Windows\system32\drivers\hcw18bda.sys [?]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMSVC;Web Management Service;C:\Windows\system32\inetsrv\wmsvc.exe --> C:\Windows\system32\inetsrv\wmsvc.exe [?]
S3 WPFFontCache_v0400;WPFFontCache_v0400;C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe [?]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-10-21 1038088]
S4 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-10 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-10 136176]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-1-25 109168]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?]
.
=============== Created Last 30 ================
.
2011-10-07 13:20:42 -------- d-----w- C:\Users\magnet0\AppData\Local\{C53AE718-F800-4079-9BE0-B6015EEC60C0}
2011-10-07 12:36:51 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AEF2D64A-D4A5-4B9D-9726-CF656C955E92}\offreg.dll
2011-10-07 12:36:48 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AEF2D64A-D4A5-4B9D-9726-CF656C955E92}\mpengine.dll
2011-10-01 21:02:24 -------- d-----w- C:\Users\magnet0\AppData\Local\{7F843BAB-42EF-4BF3-96F4-B6A12EA1A3CE}
2011-10-01 20:54:50 -------- d-----w- C:\Users\magnet0\AppData\Local\{7880878A-0065-41DC-A796-EEB314CBA60B}
2011-10-01 20:54:49 -------- d-----w- C:\Users\magnet0\AppData\Local\{D7A67C0E-1426-41E0-A622-A8B99ACB0C53}
2011-09-28 18:55:27 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro
2011-09-27 18:24:10 -------- d-----w- C:\Users\magnet0\AppData\Roaming\Malwarebytes
2011-09-27 18:23:57 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-27 18:23:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-27 15:15:37 -------- d-----w- C:\$RECYCLE.BIN
2011-09-27 14:20:07 98816 ----a-w- C:\Windows\sed.exe
2011-09-27 14:20:07 518144 ----a-w- C:\Windows\SWREG.exe
2011-09-27 14:20:07 256000 ----a-w- C:\Windows\PEV.exe
2011-09-27 14:20:07 208896 ----a-w- C:\Windows\MBR.exe
2011-09-27 14:18:57 -------- d-----w- C:\ComboFix
2011-09-27 13:48:20 388096 ----a-r- C:\Users\magnet0\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-27 13:48:19 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-09-09 11:55:53 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A1382DB3-9C5B-40C7-81FA-C2471F8305DC}\gapaengine.dll
.
==================== Find3M ====================
.
2011-10-01 21:20:19 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-30 15:03:20 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-09-12 21:15:53 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-07 00:32:57 65536 ----a-w- C:\Windows\System32\camcodec.dll
2011-08-01 19:59:06 45416 ----a-w- C:\Windows\System32\drivers\point64.sys
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 20:59:59.46 ===============

#4 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,515
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 08 October 2011 - 12:55 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

Do not run any other tool untill instructed to do so!
Please Do not Attach logs or put in code boxes.
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can help also.
Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

DeFogger

desktop

DeFogger

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger may ask you to reboot the machine, if it does - click OK

Do not

Download DDS:

DDS by sUBs

Link1

Link2

Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:
- DDS.txt
- Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply

information and logs:

In your next post I need the following

.logs from DDS
let me know of any problems you may have had

Gringo

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->

<-- Don't worry every little bit helps.

#5 magnet0

Member

Group: Members
Posts: 17
Joined: 30-September 11

Posted 09 October 2011 - 08:27 AM

Thanks for assisting me, Gringo. Here are the 2 files output from DDS with Defogger running.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by magnet0 at 9:07:36 on 2011-10-09
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2293 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ATKFUSService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Starfield\offSyncService.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxbtcoms.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Lexmark 5200 Series\lxbtmon.exe
C:\Program Files (x86)\Lexmark 5200 Series\ezprint.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\Creative\Shared Files\CamTray.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\ASUS\AI Suite\Q-Button\QButton.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\fdlauncher.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\fdhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Users\magnet0\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
uRun: [Creative WebCam Tray] "C:\Program Files (x86)\Creative\Shared Files\CamTray.exe"
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [CursorFX] "C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Ai Nap] "C:\Program Files\ASUS\AI Suite\Q-Button\QButton.exe"
mRun: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\magnet0\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{3F7987C3-11C7-44AA-BF3F-40FC9A3646BE} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{50E31421-6CF5-4E3F-A765-179BF495618D} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{6F88D358-6C28-4449-8549-BCB380CFACDE} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{6F88D358-6C28-4449-8549-BCB380CFACDE}\0527F6574605162756E64737 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.11 68.105.29.11
TCP: Interfaces\{AEAA886E-ADD5-4160-8B30-AE79D9A1983E} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{B605E203-18D5-4C37-AEDA-CB2A835647E7} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{B605E203-18D5-4C37-AEDA-CB2A835647E7}\0527F6574605162756E64737 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.11 68.105.29.11
TCP: Interfaces\{B605E203-18D5-4C37-AEDA-CB2A835647E7}\C696E6B6379737 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{DBA38D02-46A2-428C-9237-9BA05985025F} : DhcpNameServer = 68.87.72.134 68.87.77.134
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Ai Nap] "C:\Program Files\ASUS\AI Suite\Q-Button\QButton.exe"
mRun-x64: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun-x64: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun-x64: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\magnet0\AppData\Roaming\Mozilla\Firefox\Profiles\eo5xh1kq.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\hungy\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Users\magnet0\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Users\magnet0\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\Plugins\npgoogletalk.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\Plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\Plugins\npoff.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\plugins\npoff.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\Plugins\npwbe.dll
FF - plugin: C:\Users\magnet0\AppData\Roaming\Mozilla\plugins\npwbe.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys --> C:\Windows\system32\DRIVERS\EIO64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-11-9 90112]
R2 cpuz132;cpuz132;\??\C:\Windows\system32\drivers\cpuz132_x64.sys --> C:\Windows\system32\drivers\cpuz132_x64.sys [?]
R2 File Backup;File Backup Service;C:\Program Files (x86)\Starfield\offSyncService.exe [2011-2-2 1215216]
R2 MSSQL$SQLSVREXP;SQL Server (SQLSVREXP);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\sqlservr.exe [2011-6-17 62111072]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-4 2214504]
R3 MSSQLFDLauncher$SQLSVREXP;SQL Full-text Filter Daemon Launcher (SQLSVREXP);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
R3 P0630VID;Creative WebCam Live!;C:\Windows\system32\DRIVERS\P0630Vid.sys --> C:\Windows\system32\DRIVERS\P0630Vid.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SrvHsfPCI;SrvHsfPCI;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-27 366152]
S2 ReportServer$SQLSVREXP;SQL Server Reporting Services (SQLSVREXP);C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLSVREXP\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-6-17 2180960]
S2 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 430424]
S2 SQLAgent$SQLSVREXP;SQL Server Agent (SQLSVREXP);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 431456]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 hcw18bda;Hauppauge WinTV 418 Driver;C:\Windows\system32\drivers\hcw18bda.sys --> C:\Windows\system32\drivers\hcw18bda.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMSVC;Web Management Service;C:\Windows\system32\inetsrv\wmsvc.exe --> C:\Windows\system32\inetsrv\wmsvc.exe [?]
S3 WPFFontCache_v0400;WPFFontCache_v0400;C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe [?]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-10-21 1038088]
S4 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-10 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-10 136176]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-1-25 109168]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?]
.
=============== Created Last 30 ================
.
2011-10-09 12:35:55 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D540D8D4-8BEC-4361-B44F-DC35982C7472}\offreg.dll
2011-10-08 17:06:13 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D540D8D4-8BEC-4361-B44F-DC35982C7472}\mpengine.dll
2011-10-07 13:20:42 -------- d-----w- C:\Users\magnet0\AppData\Local\{C53AE718-F800-4079-9BE0-B6015EEC60C0}
2011-10-01 21:02:24 -------- d-----w- C:\Users\magnet0\AppData\Local\{7F843BAB-42EF-4BF3-96F4-B6A12EA1A3CE}
2011-10-01 20:54:50 -------- d-----w- C:\Users\magnet0\AppData\Local\{7880878A-0065-41DC-A796-EEB314CBA60B}
2011-10-01 20:54:49 -------- d-----w- C:\Users\magnet0\AppData\Local\{D7A67C0E-1426-41E0-A622-A8B99ACB0C53}
2011-09-28 18:55:27 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro
2011-09-27 18:24:10 -------- d-----w- C:\Users\magnet0\AppData\Roaming\Malwarebytes
2011-09-27 18:23:57 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-27 18:23:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-27 15:15:37 -------- d-----w- C:\$RECYCLE.BIN
2011-09-27 14:20:07 98816 ----a-w- C:\Windows\sed.exe
2011-09-27 14:20:07 518144 ----a-w- C:\Windows\SWREG.exe
2011-09-27 14:20:07 256000 ----a-w- C:\Windows\PEV.exe
2011-09-27 14:20:07 208896 ----a-w- C:\Windows\MBR.exe
2011-09-27 14:18:57 -------- d-----w- C:\ComboFix
2011-09-27 13:48:20 388096 ----a-r- C:\Users\magnet0\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-27 13:48:19 -------- d-----w- C:\Program Files (x86)\Trend Micro
.
==================== Find3M ====================
.
2011-10-01 21:20:19 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-30 15:03:20 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-09-12 21:15:53 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-07 00:32:57 65536 ----a-w- C:\Windows\System32\camcodec.dll
2011-08-01 19:59:06 45416 ----a-w- C:\Windows\System32\drivers\point64.sys
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 9:15:11.79 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/21/2009 12:10:15 PM
System Uptime: 10/9/2011 8:35:08 AM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A78 PLUS
Processor: AMD Phenom™ II X2 545 Processor | AM2 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 71.792 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP462: 9/30/2011 10:50:26 AM - Removed Java™ 6 Update 26
RP463: 9/30/2011 10:58:01 AM - Removed Java™ 6 Update 25 (64-bit)
RP464: 9/30/2011 11:03:09 AM - Installed Java™ 7 (64-bit)
RP465: 9/30/2011 11:36:35 AM - Removed Adobe Reader 9.4.6.
RP466: 9/30/2011 11:39:49 AM - Installed Adobe Reader X (10.1.0).
RP467: 9/30/2011 6:42:22 PM - Windows Update
RP468: 10/1/2011 5:19:32 PM - Installed Java™ 6 Update 27
RP469: 10/4/2011 7:44:10 AM - Windows Update
RP470: 10/7/2011 8:36:29 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
AAC Decoder
Acer eDisplay Management
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe ConnectNow Add-in
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe Encore CS4 Library
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Player
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader X (10.1.1)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AI Suite
AMT Media Manager
Apple Application Support
Apple Software Update
Assassin's Creed Brotherhood
ASUS Gamer OSD
ASUS Smart Doctor
Autodesk 3ds Max Design 2010 32-bit
Autodesk FBX Plugin 2009.4 - 3ds Max Design 2010
AutoUpdate
Big Fish Games Client
BitTorrent
CamStudio
CCScore
Connect
Cool & Quiet
Coupon Printer for Windows
Creative WebCam Center
CursorFX
D3DX10
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
DROPCLOCK 1.0.1
erLT
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSTOOLS
essvatgt
Feedback Tool
FileZilla Client 3.5.0
Game Booster
gm4ie (remove only)
GoldWave v5.55
Google Chrome
Google Earth Plug-in
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Greasemetal Version 0.2
H.264 Decoder
HiJackThis
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
IDT Audio
IMAPSize 0.3.6
ImgBurn
Internet TV for Windows Media Center
iSQL-Viewer 3.0.0.0
jAlbum
Java™ 6 Update 27
Kodak EasyShare software
kuler
LightScribe System Software
LightScribe Template Labeler
Logitech SetPoint
MagicDisc 2.7.106
Malwarebytes' Anti-Malware version 1.51.2.1300
MATLAB® Compiler Runtime 7.13
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2003 Web Components
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio Macro Tools
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Web Developer 2010 Express - ENU
Microsoft WSE 3.0 Runtime
MiniStumbler 0.4.0 (remove only)
MKV Splitter
Mozilla Firefox 7.0.1 (x86 en-US)
Mozilla Thunderbird (6.0.2)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
MySQL Workbench 5.2 CE
netbrdg
NR Deluxe for Windows Mobile
NVIDIA PhysX
ODF Add-in for Microsoft Office
OffiSync
OfotoXMI
OpenAL
OpenOffice.org 3.1
P2PFilter 3.0.5
PasswordTools
PC Probe II
PDF Settings CS4
Photoshop Camera Raw
PHP 5.3.5
Pidgin
Pivot Software
Pixel Bender Toolkit
PPStream V2.7.0.1248 Final
PunkBuster Services
Python 2.6.5
QuickTime
Readon TV Movie Radio Player 7.2.0.0
Readon TV Movie Radio Player 7.4.0.0
Really Slick Screensavers 0.2
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
Samsung PC Studio 3 USB Driver Installer
SDK
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)
Security Update for Microsoft Visual Web Developer 2010 Express - ENU (KB2251489)
SFR
SHASTA
SHOUTcast DSP Plug-in v2
skin0001
SKINXSDK
Skype Toolbars
Skype™ 5.3
Smart Defrag 2
SpaceChem Demo
staticcr
Suite Shared Configuration CS4
The Sims™ 3
Tron 2.0
TRON 2.0 v1.042 Update
TRON 2.0: Killer App Mod
Tron: Evolution
TS3 Install Helper Monkey
TurboV
Ubisoft Game Launcher
Unity Web Player
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2553110)
USBKVM Switcher 1.30
VC80CRTRedist - 8.0.50727.4053
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.4
VPRINTOL
Win Data Recovery
Winamp
Winamp Detector Plug-in
Winamp Toolbar
Windows Azure Tools for Microsoft Visual Studio 2010 1.2 (5/2010)
Windows Installer Clean Up
Windows Internet Explorer Platform Preview
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
WIRELESS
Workspace Desktop
XviD MPEG-4 Video Codec
.
==== Event Viewer Messages From Past Week ========
.
10/9/2011 8:40:08 AM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
10/9/2011 8:40:08 AM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
10/9/2011 8:39:16 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/9/2011 8:39:02 AM, Error: Service Control Manager [7034] - The SQL Server Agent (SQLSVREXP) service terminated unexpectedly. It has done this 1 time(s).
10/9/2011 8:38:58 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/9/2011 8:38:58 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/9/2011 8:38:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/9/2011 8:36:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server Reporting Services (SQLSVREXP) service to connect.
10/9/2011 8:36:53 AM, Error: Service Control Manager [7000] - The SQL Server Reporting Services (SQLSVREXP) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/8/2011 12:58:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/8/2011 12:57:23 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
10/8/2011 12:56:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.
10/8/2011 12:56:43 PM, Error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/7/2011 8:28:44 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/6/2011 7:36:49 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/5/2011 8:03:06 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/4/2011 7:34:39 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/3/2011 4:20:56 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/2/2011 4:38:37 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/2/2011 1:27:31 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/2/2011 1:26:34 AM, Error: Service Control Manager [7001] - The SQL Server Agent (SQLSVREXP) service depends on the SQL Server (SQLSVREXP) service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
10/2/2011 1:25:35 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLSVREXP) service to connect.
10/2/2011 1:25:35 AM, Error: Service Control Manager [7000] - The SQL Server (SQLSVREXP) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

#6 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,515
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 09 October 2011 - 12:51 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Link 1

Link 2

Link 3

**Note: It is important that it is saved directly to your desktop**

combofix.exe

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

<-- Don't worry every little bit helps.

#7 magnet0

Member

Group: Members
Posts: 17
Joined: 30-September 11

Posted 09 October 2011 - 04:17 PM

ComboFix rebooted machine. Log from ComboFix follows:

ComboFix 11-10-09.01 - magnet0 10/09/2011 15:25:50.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2460 [GMT -4:00]
Running from: c:\users\magnet0\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))))
.
.
2011-10-09 20:05 . 2011-10-09 20:05 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{150AB0CA-A3C8-4B5E-A88D-F06A77162A86}\offreg.dll
2011-10-09 20:02 . 2011-10-09 20:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-09 20:02 . 2011-10-09 20:02 -------- d-----w- c:\users\nopCommerce\AppData\Local\temp
2011-10-09 20:02 . 2011-10-09 20:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-09 20:02 . 2011-10-09 20:02 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2011-10-09 20:02 . 2011-10-09 20:02 -------- d-----w- c:\users\ASP.NET v4.0\AppData\Local\temp
2011-10-09 20:02 . 2011-10-09 20:02 -------- d-----w- c:\users\hungy\AppData\Local\temp
2011-10-09 18:55 . 2011-09-12 21:26 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{150AB0CA-A3C8-4B5E-A88D-F06A77162A86}\mpengine.dll
2011-09-30 15:03 . 2011-09-30 15:03 -------- d-----w- c:\program files\Java
2011-09-28 18:55 . 2011-09-28 18:55 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2011-09-27 18:24 . 2011-09-27 18:24 -------- d-----w- c:\users\magnet0\AppData\Roaming\Malwarebytes
2011-09-27 18:23 . 2011-09-27 18:23 -------- d-----w- c:\programdata\Malwarebytes
2011-09-27 18:23 . 2011-09-30 00:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-27 18:10 . 2011-09-27 18:10 -------- d-----w- c:\program files\Microsoft.NET
2011-09-27 13:48 . 2011-09-27 13:48 388096 ----a-r- c:\users\magnet0\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-27 13:48 . 2011-09-27 13:48 -------- d-----w- c:\program files (x86)\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-01 22:52 . 2009-10-21 21:28 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-01 22:52 . 2009-10-21 21:28 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-01 22:52 . 2011-08-07 00:48 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-10-01 21:20 . 2010-06-02 21:32 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-30 15:03 . 2011-05-25 19:07 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-29 17:56 . 2009-11-05 15:30 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-09-29 17:56 . 2010-11-06 00:44 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-09-29 17:56 . 2010-11-05 23:52 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-09-12 21:26 . 2010-07-28 14:14 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-12 21:15 . 2011-05-16 11:39 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-07 00:32 . 2008-09-30 23:35 65536 ----a-w- c:\windows\system32\camcodec.dll
2011-08-05 12:40 . 2011-08-05 12:40 5516800 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\AjaxControlToolkit.dll
2011-08-05 12:40 . 2011-08-05 12:40 5120 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\cs\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 3584 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\pt\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 3584 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\ko\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 3584 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\ja\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 3584 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\it\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 3584 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\hi\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 3584 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\he\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 3584 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\fr\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 3584 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\es\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 3584 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\de\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 3584 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\ar\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 13312 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\ru\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 10752 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\tr-TR\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 10752 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\nl\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 10240 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\zh-CHT\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 10240 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\zh-CHS\AjaxControlToolkit.resources.dll
2011-08-01 19:59 . 2011-08-01 19:59 45416 ----a-w- c:\windows\system32\drivers\point64.sys
2011-07-22 05:42 . 2011-08-11 00:43 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-11 00:43 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-11 00:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-11 00:43 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-11 00:43 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-11 00:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41 . 2011-08-10 12:07 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-10 12:07 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-10 12:07 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-10 12:07 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-10 12:07 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-10 12:07 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-10 12:07 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-10 12:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-10 12:07 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-10 12:07 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-10 12:07 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 12:07 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 12:07 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:21 . 2011-08-10 12:07 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:17 . 2011-08-10 12:07 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-27_15.16.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-18 02:19 . 2011-06-18 02:19 32608 c:\windows\SysWOW64\DTSPipelinePerf100.dll
- 2009-07-14 04:54 . 2011-09-27 15:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-09-27 18:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-09-27 15:14 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-27 18:28 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-09-27 15:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-27 18:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-21 19:23 . 2011-10-09 18:49 89010 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-09 20:19 55262 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-21 18:49 . 2011-10-09 20:19 28590 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2183921603-2372901330-221196072-1001_UserData.bin
+ 2011-06-10 10:34 . 2011-06-10 10:34 74272 c:\windows\system32\RtNicProp64.dll
- 2011-03-21 17:22 . 2011-03-21 17:22 74272 c:\windows\system32\RtNicProp64.dll
+ 2011-06-18 01:22 . 2011-06-18 01:22 42336 c:\windows\system32\DTSPipelinePerf100.dll
+ 2009-07-14 05:30 . 2011-09-28 18:55 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-07-14 06:21 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-08-01 19:59 . 2011-08-01 19:59 45416 c:\windows\system32\DriverStore\FileRepository\point64.inf_amd64_neutral_b1cf5e889e918ca6\point64.sys
+ 2011-07-28 22:37 . 2011-07-28 22:37 52584 c:\windows\system32\DriverStore\FileRepository\dc3du.inf_amd64_neutral_74c6c3670a9a8e89\dc3d.sys
+ 2011-05-18 12:08 . 2011-05-18 12:08 47616 c:\windows\system32\DriverStore\FileRepository\dc3dh.inf_amd64_neutral_73d3d011f5a03306\dc3d.sys
+ 2011-06-10 10:34 . 2011-06-10 10:34 74272 c:\windows\system32\DriverStore\FileRepository\cf64win7.inf_amd64_neutral_91cc4efffd053e93\RtNicProp64.dll
- 2011-04-09 03:00 . 2011-04-09 03:00 47616 c:\windows\system32\drivers\dc3d.sys
+ 2011-05-18 12:08 . 2011-05-18 12:08 47616 c:\windows\system32\drivers\dc3d.sys
+ 2009-10-21 19:07 . 2011-10-04 12:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-21 19:07 . 2011-09-27 15:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-21 19:07 . 2011-09-27 15:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-21 19:07 . 2011-10-04 12:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-04 12:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-09-27 15:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-10-01 00:00 97432 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-06-20 12:44 . 2011-06-20 12:44 45056 c:\windows\Installer\afb07.msp
+ 2011-06-06 16:55 . 2011-06-06 16:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2011-09-27 18:24 . 2011-09-27 18:24 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\fbbe0d7c269fa163df12b268fe20ba44\Microsoft.SqlServer.ServiceBrokerEnum.ni.dll
+ 2011-09-27 18:24 . 2011-09-27 18:24 69632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\d3edc4036f69780a367e7d077853433d\Microsoft.SqlServer.Management.Sdk.Scripting.ni.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 81408 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\8b081fed76ac404d8b2f63a932b8b413\Microsoft.SqlServer.ManagedConnections.ni.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 70656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\5bdf6b0593cd12a42dad3903154d8406\Microsoft.SqlServer.ForEachNodeListEnumerator.ni.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 84992 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\52cfd1aa0a0b382cec516ffddd5df991\Microsoft.SqlServer.SqlCEDest.ni.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 79872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\3cdf49d16a9c5c7729dd322b78dc3e93\Microsoft.SqlServer.ForEachSMOEnumerator.ni.dll
+ 2011-09-27 19:10 . 2011-09-27 19:10 66048 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\2e31100dcd396106a32c6b8db3eb5c0e\Microsoft.SqlServer.DTEnum.ni.dll
+ 2011-09-27 18:21 . 2011-09-27 18:21 96256 c:\windows\assembly\NativeImages_v2.0.50727_32\SqlWorkbench.Interf#\d9f98048a91e829a72d10a3bc741fd24\SqlWorkbench.Interfaces.ni.dll
+ 2011-09-27 18:21 . 2011-09-27 18:21 87040 c:\windows\assembly\NativeImages_v2.0.50727_32\SQLPS\2c18a9e27762011b346c9bef8b83f66f\SQLPS.ni.exe
+ 2011-09-27 19:08 . 2011-09-27 19:08 88064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ef023f22b95e2033bc2f363e01a3c09c\Microsoft.SqlServer.TransferErrorMessagesTask.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 70144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\eb47d412d12c14fec68456923c29e484\Microsoft.SqlServer.WMIDRTask.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 94720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e7f60e8f46f3993a94dc7e25f6b6079d\Microsoft.SqlServer.TransferLoginsTask.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 89088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\db56b154186eeb48ef5fe5cf01cb4902\Microsoft.SqlServer.TransferStoredProceduresTask.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 84480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d0da7c001cf9d8c3662415707816e6e1\Microsoft.SqlServer.TransferDatabasesTask.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 66048 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c7be76b93fc03ce6f1b533c267b343f2\Microsoft.SqlServer.ExecProcTask.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 80384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c61212948563970ab5982bb53d2cbedd\Microsoft.SqlServer.Management.Scripting.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 43008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c262a5f9454c0eaa8cc0c266ed862849\Microsoft.SqlServer.ServiceBrokerEnum.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 87040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\bc0ae75823354188722e5d865ba1362e\Microsoft.SqlServer.TransferJobsTask.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 43008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b26c05435532d1d8028e8584396180c7\Microsoft.SqlServer.ForEachNodeListEnumerator.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 38912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8f90062b1ab3dbd01e9354984d6c9df5\Microsoft.SqlServer.Management.OlapTasks.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 99328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7e83eaa28c0b5dd83897e6dc85c7346f\Microsoft.SqlServer.ASTasks.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 75776 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\766d6c65dc7c88281928f3357f66de8a\Microsoft.SqlServer.SendMailTask.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 85504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6a8dc340080180d7a692302fdcde214b\Microsoft.SqlServer.FtpTask.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 56320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6500a3e9ec12c565d615d9880a1b7429\Microsoft.SqlServer.ManagedConnections.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 94720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6412d1e65ab0239211da1ada2e9defca\Microsoft.SqlServer.TransferLoginsTask.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 44544 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\60781590d1f54b8b1bc5fd4e21ccd82e\Microsoft.SqlServer.DTEnum.ni.dll
+ 2011-09-27 18:22 . 2011-09-27 18:22 43008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5cf91d288fe89e743bc39ce1e9f23077\Microsoft.SqlServer.Management.Sdk.Scripting.ni.dll
+ 2011-09-27 18:21 . 2011-09-27 18:21 66048 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4c6d1b69f4a7bdae95f30ff1bacdf3d0\Microsoft.SqlServer.WmiEnum.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 89088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4ae13e945b6e14ab6fa76fbaa0680474\Microsoft.SqlServer.TransferStoredProceduresTask.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 22528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\47a74f742e727c7d6c3eab177315b4e7\Microsoft.SqlServer.DTSUtilities.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 87040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\45d0dbd3a2a97e3143d623afcf338735\Microsoft.SqlServer.FileSystemTask.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 88064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\38bb39101926b8949dbbe4d797ae03ed\Microsoft.SqlServer.TransferErrorMessagesTask.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 59904 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\30cfcc1fc9401b41d191c3ad0730547a\Microsoft.SqlServer.SqlCEDest.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 87040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2d0b691b598a921d08949d9de721d981\Microsoft.SqlServer.FileSystemTask.ni.dll
+ 2011-09-27 18:21 . 2011-09-27 18:21 43008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\27f422c5d74abb55239ea3c1b9e314e6\Microsoft.SqlServer.ServiceBrokerEnum.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 84480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\27549cbd4b04b9b85abaa5b6b808588a\Microsoft.SqlServer.TransferDatabasesTask.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 69120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2575cf6da1957b62c23128e9246d46db\Microsoft.SqlServer.WMIEWTask.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 87040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2339af7bbb8cb9514f653a68b4a31cc2\Microsoft.SqlServer.TransferJobsTask.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 31744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2049ff5a67fef7d43bc28959ad414166\Microsoft.SqlServer.Management.PowerShellTasks.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 52224 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\1ce3224ced60ebdcc4c4267c431e7e89\Microsoft.SqlServer.ForEachSMOEnumerator.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 90112 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\1163efe58dab461ad347a46596a12294\Microsoft.SqlServer.Dmf.Adapters.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 53248 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0ae319091fa17c6c2c0a9f68028fddd1\Microsoft.SqlServer.ActiveXScriptTask.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0576313f50b665ea10954bda99eecc23\Microsoft.SqlServer.Management.RSTasks.ni.dll
+ 2011-09-27 19:09 . 2011-09-27 19:09 91136 c:\windows\assembly\NativeImages_v2.0.50727_32\DTExecUI\981980e4e53580f9cfb153e1795f3402\DTExecUI.ni.exe
+ 2011-09-27 18:24 . 2011-09-27 18:24 76288 c:\windows\assembly\NativeImages_v2.0.50727_32\DdsShapesLib\543cb6cd7d865738a431a86d87e6ffec\DdsShapesLib.ni.dll
+ 2011-09-27 18:22 . 2011-09-27 18:22 80896 c:\windows\assembly\NativeImages_v2.0.50727_32\ControlService\30c542607823056724c5f811e60f1e91\ControlService.ni.exe
+ 2011-09-27 18:10 . 2011-09-27 18:10 79712 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.PipelineXML\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.PipelineXML.dll
- 2010-06-19 14:09 . 2010-06-19 14:09 79712 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.PipelineXML\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.PipelineXML.dll
+ 2011-09-27 18:10 . 2011-09-27 18:10 63328 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Management.DacSerialization\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.Management.DacSerialization.dll
+ 2011-09-27 18:10 . 2011-09-27 18:10 15712 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Management.DacEnum\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.Management.DacEnum.dll
- 2010-06-19 14:08 . 2010-06-19 14:08 15712 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Management.DacEnum\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.Management.DacEnum.dll
- 2011-06-17 01:47 . 2011-06-17 01:47 83808 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Management.CollectorTasks\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.Management.CollectorTasks.dll
+ 2011-09-27 18:10 . 2011-09-27 18:10 83808 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Management.CollectorTasks\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.Management.CollectorTasks.dll
+ 2011-09-27 18:10 . 2011-09-27 18:10 67424 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ADONETSrc\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.ADONETSrc.dll
- 2011-06-17 01:47 . 2011-06-17 01:47 67424 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ADONETSrc\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.ADONETSrc.dll
+ 2011-09-27 18:10 . 2011-09-27 18:10 92000 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ADONETDest\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.ADONETDest.dll
- 2010-06-19 14:09 . 2010-06-19 14:09 92000 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ADONETDest\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.ADONETDest.dll
+ 2009-10-21 19:55 . 2011-10-09 20:03 3624 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-10-09 20:05 . 2011-10-09 20:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-27 15:13 . 2011-09-27 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-27 15:13 . 2011-09-27 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-09 20:05 . 2011-10-09 20:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-18 01:58 . 2011-06-18 01:58 234848 c:\windows\SysWOW64\SqlServerSpatial.dll
+ 2011-10-01 21:20 . 2011-10-01 21:20 157472 c:\windows\SysWOW64\javaws.exe
- 2011-08-06 17:28 . 2011-05-04 08:52 157472 c:\windows\SysWOW64\javaws.exe
- 2011-08-06 17:28 . 2011-05-04 08:52 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-10-01 21:20 . 2011-10-01 21:20 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-10-01 21:20 . 2011-10-01 21:20 145184 c:\windows\SysWOW64\java.exe
- 2011-08-06 17:28 . 2011-05-04 08:52 145184 c:\windows\SysWOW64\java.exe
+ 2011-09-30 19:26 . 2011-09-30 19:26 117608 c:\windows\SysWOW64\GDIPFONTCACHEV1.DAT
+ 2011-01-15 00:20 . 2011-06-18 01:18 105824 c:\windows\system32\SQSRVRES.DLL
- 2011-01-15 00:20 . 2010-04-03 14:50 105824 c:\windows\system32\SQSRVRES.DLL
+ 2011-06-18 01:18 . 2011-06-18 01:18 464736 c:\windows\system32\SqlServerSpatial.dll
- 2009-07-14 02:36 . 2011-09-26 22:16 877342 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-09-28 19:01 877342 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-09-26 22:16 201858 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-09-28 19:01 201858 c:\windows\system32\perfc009.dat
+ 2011-09-30 15:03 . 2011-09-30 15:03 252296 c:\windows\system32\javaws.exe
+ 2011-09-30 15:03 . 2011-09-30 15:03 188808 c:\windows\system32\javaw.exe
+ 2011-09-30 15:03 . 2011-09-30 15:03 188808 c:\windows\system32\java.exe
+ 2011-05-18 12:08 . 2011-05-18 12:08 465920 c:\windows\system32\itpcoin82.dll
+ 2011-05-18 12:08 . 2011-05-18 12:08 465408 c:\windows\system32\ipcoin82.dll
- 2011-09-26 21:57 . 2011-09-26 21:57 117608 c:\windows\system32\GDIPFONTCACHEV1.DAT
+ 2011-09-26 21:57 . 2011-09-29 14:56 117608 c:\windows\system32\GDIPFONTCACHEV1.DAT
+ 2009-07-14 05:30 . 2011-09-28 18:55 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-07-14 06:21 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-07-14 06:21 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-09-28 18:55 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-05-18 12:08 . 2011-05-18 12:08 465920 c:\windows\system32\DriverStore\FileRepository\itpcdless.inf_amd64_neutral_a48caa4e7850dd04\itpcoin82.dll
+ 2011-08-01 19:59 . 2011-08-01 19:59 470376 c:\windows\system32\DriverStore\FileRepository\ipcdless.inf_amd64_neutral_165412f37e9f9224\ipcoin82.dll
+ 2011-05-18 12:08 . 2011-05-18 12:08 465408 c:\windows\system32\DriverStore\FileRepository\dc3dh.inf_amd64_neutral_73d3d011f5a03306\ipcoin82.dll
+ 2011-06-10 10:34 . 2011-06-10 10:34 539240 c:\windows\system32\DriverStore\FileRepository\cf64win7.inf_amd64_neutral_91cc4efffd053e93\Rt64win7.sys
+ 2011-06-10 10:34 . 2011-06-10 10:34 539240 c:\windows\system32\drivers\Rt64win7.sys
+ 2011-06-18 00:54 . 2011-06-18 00:54 313696 c:\windows\system32\drivers\RsFx0151.sys
- 2009-07-14 05:01 . 2011-09-27 15:11 511040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-10-09 20:03 511040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-20 12:40 . 2011-06-20 12:40 279040 c:\windows\Installer\afe00.msp
+ 2011-06-19 17:57 . 2011-06-19 17:57 193024 c:\windows\Installer\afdc3.msp
+ 2011-06-20 12:39 . 2011-06-20 12:39 115712 c:\windows\Installer\afdb6.msp
+ 2011-06-20 12:38 . 2011-06-20 12:38 784384 c:\windows\Installer\afdac.msp
+ 2011-06-20 12:37 . 2011-06-20 12:37 116224 c:\windows\Installer\afd96.msp
+ 2011-06-20 12:41 . 2011-06-20 12:41 100864 c:\windows\Installer\afd89.msp
+ 2011-09-30 15:03 . 2011-09-30 15:03 973312 c:\windows\Installer\8f0642.msi
+ 2011-10-01 21:19 . 2011-10-01 21:19 907264 c:\windows\Installer\6f5b7.msi
+ 2011-06-06 16:55 . 2011-06-06 16:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 122880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\fd6496c2d1943c2a8491a78331bf8ccf\Microsoft.SqlServer.FileSystemTask.ni.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 104960 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\f228c09e20200f4317d5ed7b36cad755\Microsoft.SqlServer.WMIEWTask.ni.dll
+ 2011-09-27 18:24 . 2011-09-27 18:24 569344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\edd0a7bef399cd842556a39d33ba2048\Microsoft.SqlServer.Management.SmoMetadataProvider.ni.dll
+ 2011-09-27 18:24 . 2011-09-27 18:24 493568 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\edbdd129ce6df8c567013cba2926b41b\Microsoft.SqlServer.Management.SDK.TaskForms.ni.dll
+ 2011-09-27 18:32 . 2011-09-27 18:32 546816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\e80d4400872f8a0e2719ca0d3b333947\Microsoft.SqlServer.SmoExtended.ni.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 692224 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\e6720a25441bfabbdb05894ef925ba8f\Microsoft.SqlServer.MaintenancePlanTasks.ni.dll
+ 2011-09-27 18:32 . 2011-09-27 18:32 183808 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\e6145b7ab07a7177ad771fa20b233472\Microsoft.SqlServer.RegSvrEnum.ni.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\e4a09032dfe584f0094b7926297c89ba\Microsoft.SqlServer.PipelineXML.ni.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 488448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\e2834b5b4ab0be14d8fe60a20b6daa73\Microsoft.SqlServer.TransferObjectsTask.ni.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 126976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\e0fd666accbcb5cb5aa40e54e4c6dc83\Microsoft.SqlServer.TransferJobsTask.ni.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 381440 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\d69e1db4ecf95837f92b76dd1d5d79ad\Microsoft.SqlServer.Management.CollectorTasks.ni.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\cdee2ece34b3a4fe0e3c3a669108c914\Microsoft.SqlServer.TransferDatabasesTask.ni.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 140288 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\bc901408440b9e304a851b3be96f6ffa\Microsoft.SqlServer.ADONETSrc.ni.dll
+ 2011-09-27 18:32 . 2011-09-27 18:32 357888 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\bbf7da9a73a633aeffc385b3ff4e7fdf\Microsoft.SqlServer.Management.UserSettings.ni.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 200192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\b80c2563c80c76ec7284d021738b3487\Microsoft.SqlServer.ADONETDest.ni.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 251392 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\b6fa1a151d8593c3c0aeae20269a38ef\Microsoft.SqlServer.WebServiceTask.ni.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 105472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\b5a966fccb44c536146f273001fdd395\Microsoft.SqlServer.WMIDRTask.ni.dll
+ 2011-09-27 18:24 . 2011-09-27 18:24 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\b17eff0152cbc8623836e51326ef34ef\Microsoft.SqlServer.ConnectionInfo.ni.dll
+ 2011-09-27 19:10 . 2011-09-27 19:10 188416 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\a73619e9d112ad2cbd2a58a668ee13e7\Microsoft.SqlServer.DtsMsg.ni.dll
+ 2011-09-27 18:32 . 2011-09-27 18:32 173568 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\a6c2310e4de9a639dac67ac4c289e692\Microsoft.SqlServer.Management.SqlStudio.Controls.ni.dll
+ 2011-09-27 19:10 . 2011-09-27 19:10 290304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\8e5a3af432b8172793266e1d0861309e\Microsoft.SqlServer.Management.MultiServerConnection.ni.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 445952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\6827ed8e9ad92130977f88b97f660f83\Microsoft.SqlServer.XMLTask.ni.dll
+ 2011-09-27 18:24 . 2011-09-27 18:24 601088 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\5c164481bcf3dc153298230ac04dfd0b\Microsoft.SqlServer.Management.SDK.SqlStudio.ni.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 136704 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\508984002bb92ee4af096c8172c47819\Microsoft.SqlServer.TransferLoginsTask.ni.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 128000 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\46fc6d882838c1351de1f842762edc6f\Microsoft.SqlServer.TransferStoredProceduresTask.ni.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 126976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\437acaa587ccaab681c8ffa2740dddb2\Microsoft.SqlServer.TransferErrorMessagesTask.ni.dll
+ 2011-09-27 19:10 . 2011-09-27 19:10 203776 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\2eb9f870cbfba7197a5f46da9a7a6616\Microsoft.SqlServer.PipelineHost.ni.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 705536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\2e689c46cee6d3f8bc4ac7e20a3c1c2f\Microsoft.SqlServer.XmlSrc.ni.dll
+ 2011-09-27 19:10 . 2011-09-27 19:10 187904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\1cf2f03b07023ab25e0dc44b03065be1\Microsoft.SqlServer.DtsTransferProvider.ni.dll
+ 2011-09-27 19:10 . 2011-09-27 19:10 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\0171e3ce8d3fb435214dee64f883a20d\Microsoft.SqlServer.SQLTask.ni.dll
+ 2011-09-27 19:10 . 2011-09-27 19:10 130048 c:\windows\assembly\NativeImages_v2.0.50727_64\interop.msdasc\9acac40dd8a1ca61c585cdecb20d9ef2\interop.msdasc.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 418304 c:\windows\assembly\NativeImages_v2.0.50727_32\SSISUpgrade\5a41ddade1945c94a2676b4ae18e4bb4\SSISUpgrade.ni.exe
+ 2011-09-27 19:09 . 2011-09-27 19:09 317952 c:\windows\assembly\NativeImages_v2.0.50727_32\SqlWorkbenchProject\e9523e65a0ab8c323d8a76fb3056d20e\SqlWorkbenchProject.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 296960 c:\windows\assembly\NativeImages_v2.0.50727_32\RadLangSvc\b4ed2aac2b23b5b422dfcf2e09fc4049\RadLangSvc.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 225792 c:\windows\assembly\NativeImages_v2.0.50727_32\ObjectExplorerRepli#\64e9467b5bdf73f38a82930f822f407a\ObjectExplorerReplication.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 536576 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fef9a70a55c26d838244b11da183e47b\Microsoft.SqlServer.MaintenancePlanTasks.ni.dll
+ 2011-09-27 18:21 . 2011-09-27 18:21 401920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fc7ac151ffce743ccea227e5398a60be\Microsoft.SqlServer.Management.SmoMetadataProvider.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 104448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fc0e9c3299e01b11096b3cddaacbef43\Microsoft.SqlServer.ADONETSrc.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 408064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f943d67f085c4f6d5c75106c7981f15f\Microsoft.SqlServer.SmoExtended.ni.dll
+ 2011-09-27 18:22 . 2011-09-27 18:22 850432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f4fdf37fde70f684084e9f4802a89b5f\Microsoft.SqlServer.Types.ni.dll
+ 2011-09-27 18:24 . 2011-09-27 18:24 191488 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\efe4d566b40f513f4a694bbe40bd81cc\Microsoft.SqlServer.Management.MultiServerConnection.ni.dll
+ 2011-09-27 19:09 . 2011-09-27 19:09 296448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\edf168561dec9c89b687cf27684bbcb6\Microsoft.SqlServer.TxScript.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 140288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ddd532a3cce9bd8b3170fe5a18ecd6bd\Microsoft.SqlServer.Management.ServerInformation.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 120832 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d88a20207f396f6f5e27e2ea6b62055e\Microsoft.SqlServer.VSTAScriptingLib.ni.dll
+ 2011-09-27 18:22 . 2011-09-27 18:22 351744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d816a4bca947b5eb2526769201d95a78\Microsoft.SqlServer.Management.SDK.SqlStudio.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 482304 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d69574f624b01e322fc8e389330a776f\Microsoft.SqlServer.Management.RegisteredServersUI.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 470528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d680ae646b6a7e9101f9b539c5a57229\Microsoft.SqlServer.Management.ResourceMonitorWidgets.ni.dll
+ 2011-09-27 18:21 . 2011-09-27 18:21 205824 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c616b5e3f7c5786820724f3e98f3a888\Microsoft.SqlServer.Management.RegisteredServers.ni.dll
+ 2011-09-27 18:21 . 2011-09-27 18:21 128000 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c20964a0e6efb8bac374599d49f9c5d3\Microsoft.SqlServer.RegSvrEnum.ni.dll
+ 2011-09-27 18:21 . 2011-09-27 18:21 276480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\bba9ad0056d06eca10d1b54c4cde9f57\Microsoft.SqlServer.Management.UserSettings.ni.dll
+ 2011-09-27 18:22 . 2011-09-27 18:22 949248 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ba5db66401fb1ee4cb9facae87768422\Microsoft.SqlServer.Management.RelationalEngineTasks.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 346624 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b6086c639717e2c4cfc8eff5e4e7e3c7\Microsoft.SqlServer.TransferObjectsTask.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 134656 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b1cff0de9591dc0a4b9dd30605516fcd\Microsoft.SqlServer.Management.ResourceMonitoring.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 182784 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\aa487bf0579c93620cbff0da5364a310\Microsoft.SqlServer.WebServiceTask.ni.dll
+ 2011-09-27 18:20 . 2011-09-27 18:20 272896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a2a8a771e167c6a990bccfa656a7e9e3\Microsoft.SqlServer.ConnectionInfo.ni.dll
+ 2011-09-27 18:22 . 2011-09-27 18:22 404480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\9f0e860982810202d51f8e78e8d47ff2\Microsoft.SqlServer.Management.SDK.TaskForms.ni.dll
+ 2011-09-27 18:20 . 2011-09-27 18:20 252416 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\9cb9acbcf8a295b3e47c6cf75545d817\Microsoft.SqlServer.SqlWmiManagement.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 338432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\93fb2112f591c2812e689ac0a6b4f1d1\Microsoft.SqlServer.XMLTask.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 151040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8db6c5356877154c30ef8d0403855e15\Microsoft.SqlServer.Management.SqlStudio.ResourceMonitor.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 152576 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8946500b476570b523f329cfe77a4cc4\Microsoft.SqlServer.PipelineXML.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 159744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8815958349333576435659969e6e8459\Microsoft.SqlServer.DtsMsg.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 141824 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8183d31bb8c725f49b295d2f4102f8df\Microsoft.SqlServer.Management.SqlStudio.Migration.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 483840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7b3b85ff38fdba9155d74456db837088\Microsoft.SqlServer.XmlSrc.ni.dll
+ 2011-09-27 19:09 . 2011-09-27 19:09 803840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\768b032ed193ab476f7e5aa2aed3cbe3\Microsoft.SqlServer.Management.MaintenancePlanWizard.ni.dll
+ 2011-09-27 18:22 . 2011-09-27 18:22 220160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\766554085b707c45541d56ef55d621a5\Microsoft.SqlServer.Management.Collector.ni.dll
+ 2011-09-27 18:22 . 2011-09-27 18:22 193024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\73f2b5d1e9408254fcc789efa21a1ec5\Microsoft.SqlServer.Management.MultiServerConnection.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 165376 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\711c77678af23c162bbe6fd7ec37cc35\Microsoft.SqlServer.DtsTransferProvider.ni.dll
+ 2011-09-27 18:21 . 2011-09-27 18:21 669184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6ff90ace538e547a4f72425e45682535\Microsoft.SqlServer.SqlTools.VSIntegration.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 134144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6f952388782bdc0fbc6e3680cab6240b\Microsoft.SqlServer.SQLTask.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 150016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6da7b2fb3ffa79c84f93e71d309169e1\Microsoft.SqlServer.ADONETDest.ni.dll
+ 2011-09-27 19:09 . 2011-09-27 19:09 537088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\648334387476e23dbcfbdabf9a33ad7b\Microsoft.SqlServer.MaintenancePlanTasks.ni.dll
+ 2011-09-27 19:09 . 2011-09-27 19:09 356864 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\639ed17bb9ca8e274239baea9f7dc318\Microsoft.SqlServer.DtsObjectExplorerUI.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 159744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\63904b50b1d730e2aa4c5ecd406fc77b\Microsoft.SqlServer.DtsMsg.ni.dll
+ 2011-09-27 19:09 . 2011-09-27 19:09 152576 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\59139c6a5e21c132afe9fd71d9937294\Microsoft.SqlServer.PipelineXML.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 774656 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\57ee9a37cc97dc445e83df2ecffc6aee\Microsoft.SqlServer.Management.SqlStudio.Explorer.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 139776 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\51fc93820918583187c28ad0e45dc195\Microsoft.SqlServer.PipelineHost.ni.dll
+ 2011-09-27 18:22 . 2011-09-27 18:22 165376 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\51a82af3fed41a3a4b2f82b7646e1a79\Microsoft.SqlServer.Management.SqlStudio.Controls.ni.dll
+ 2011-09-27 19:09 . 2011-09-27 19:09 120832 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4ed5b4264706c20962b09c5dead6dbfe\Microsoft.SqlServer.VSTAScriptingLib.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 169984 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4a61d951a3e47db5addc1d7fdfe02001\Microsoft.SqlServer.TransferSqlServerObjectsTask.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 136192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\48ad9b4c920821c68f725eeec98620ca\Microsoft.SqlServer.MSMQTask.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 253952 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\46f558b99aaced53d755f24e59965a21\Microsoft.SqlServer.Management.ResourceGovernorUITasks.ni.dll
+ 2011-09-27 18:22 . 2011-09-27 18:22 195072 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\44d91c861b34d9d66c8f30f3c42f2970\Microsoft.SqlServer.Management.DacSerialization.ni.dll
+ 2011-09-27 19:09 . 2011-09-27 19:09 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\1b86631dfd108314fb2e9a08676a0e63\Microsoft.SqlServer.VSTAScriptingLib.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 129024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\1976d0beb14834bf6e577965b5a911ee\Microsoft.SqlServer.Management.SqlStudio.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 124416 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\11254ecac1ded458f22155a97f538aa7\Microsoft.SqlServer.Management.SqlStudio.Actions.ni.dll
+ 2011-09-27 18:21 . 2011-09-27 18:21 100352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\099b59f7678bb164f8fe39db985cf7f1\Microsoft.SqlServer.Management.PSSnapins.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 288768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\03eb1767910b6e2a78ed533869638e40\Microsoft.SqlServer.Management.CollectorTasks.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 220160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\02e6fa7cddf3f5c5d18e6b66489e7ddd\Microsoft.SqlServer.TasksMigrationModules.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 108032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\025ec1244905eaf9b84063d2f55d3991\Microsoft.SqlServer.BulkInsertTask.ni.dll
+ 2011-09-27 18:20 . 2011-09-27 18:20 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0020b1de137704229f864e454321c005\Microsoft.SqlServer.Management.PSProvider.ni.dll
+ 2011-09-27 18:24 . 2011-09-27 18:24 582144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\fc45b891a37ccb02287992ef1a91700d\Microsoft.ReportingServices.DataExtensions.ni.dll
+ 2011-09-27 18:22 . 2011-09-27 18:22 580096 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\d64bb3ad98f38e24b3448c7d80a5358c\Microsoft.ReportingServices.DataExtensions.ni.dll
+ 2011-09-27 18:22 . 2011-09-27 18:22 956928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\97bc5f7f0b8623b2308d22fb366b418b\Microsoft.ReportingServices.RsClient.ni.dll
+ 2011-09-27 18:24 . 2011-09-27 18:24 429568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\29b30de449e06ce17d7283d2e369106e\Microsoft.ReportingServices.ReportDesign.Common.ni.dll
+ 2011-09-27 19:10 . 2011-09-27 19:10 744448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\c1e997630a48517afe4fa20786ef54d9\Microsoft.DataTransformationServices.VsIntegration.ni.dll
+ 2011-09-27 19:09 . 2011-09-27 19:09 637440 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\7f3d49bb213b35a061daa5ab0649967d\Microsoft.DataTransformationServices.VsIntegration.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 581632 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\53aa330243ff6b52f6790b3e35a96eca\Microsoft.DatatransformationServices.DTSExecUI.Controls.ni.dll
+ 2011-09-27 19:10 . 2011-09-27 19:10 424448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\c60268b917d808bf4a0252955bdb2bf6\Microsoft.AnalysisServices.OneClickCube.ni.dll
+ 2011-09-27 19:10 . 2011-09-27 19:10 148992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\83204c28f86b403c91e1cbf31fd7a64a\Microsoft.AnalysisServices.Commands.ni.dll
+ 2011-09-27 18:24 . 2011-09-27 18:24 555520 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\7c260ea25d4d6664584665846a300681\Microsoft.AnalysisServices.Xmla.ni.dll
+ 2011-09-27 19:10 . 2011-09-27 19:10 329728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\7a7878953cab9f490bdb25dfa9f3dea6\Microsoft.AnalysisServices.DeploymentEngine.ni.dll
+ 2011-09-27 18:24 . 2011-09-27 18:24 211968 c:\windows\assembly\NativeImages_v2.0.50727_32\MDXQueryGenerator\8f9264b457b6fe795e90c76d45b01585\MDXQueryGenerator.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 571392 c:\windows\assembly\NativeImages_v2.0.50727_32\DTSMigrationWizard\244957018c42c68223b483f102efd4ae\DTSMigrationWizard.ni.exe
+ 2011-09-27 19:08 . 2011-09-27 19:08 591360 c:\windows\assembly\NativeImages_v2.0.50727_32\DTSInstall\341c9ea31af8985d02e27e506a29c74a\DTSInstall.ni.exe
+ 2011-09-27 18:23 . 2011-09-27 18:23 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\DBMirroring\cb3a50231a6dcd571368070bfb59f63e\DBMirroring.ni.dll
+ 2011-09-27 19:09 . 2011-09-27 19:09 809472 c:\windows\assembly\NativeImages_v2.0.50727_32\DBMaintenanceProper#\218c7ccd9375fda493e46a39cd056a0c\DBMaintenanceProperties.ni.dll
+ 2011-09-27 19:09 . 2011-09-27 19:09 168960 c:\windows\assembly\NativeImages_v2.0.50727_32\DBMaintenancePlanHi#\a3bf1257ef0aa516b142226851e001fa\DBMaintenancePlanHistory.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 805376 c:\windows\assembly\NativeImages_v2.0.50727_32\DataProfileViewer\c81fe5da1d3b6e30b016adb8706f87c5\DataProfileViewer.ni.exe
+ 2011-09-27 19:09 . 2011-09-27 19:09 896000 c:\windows\assembly\NativeImages_v2.0.50727_32\DatabaseMailWizard\588783ebde7bb799fc1f4623d9eaabc8\DatabaseMailWizard.ni.exe
+ 2011-09-27 18:10 . 2011-09-27 18:10 108384 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.XmlSrc\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.XMLSrc.dll
- 2010-06-19 14:09 . 2010-06-19 14:09 108384 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.XmlSrc\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.XMLSrc.dll
- 2010-06-19 14:10 . 2010-06-19 14:10 310624 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Types\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.Types.dll
+ 2011-09-27 18:12 . 2011-09-27 18:12 310624 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Types\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.Types.dll
+ 2011-09-27 18:10 . 2011-09-27 18:10 186208 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SmoExtended\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.SmoExtended.dll
- 2011-06-17 01:47 . 2011-06-17 01:47 186208 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SmoExtended\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.SmoExtended.dll
- 2010-06-19 14:08 . 2010-06-19 14:08 112480 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Management.SmoMetadataProvider\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.Management.SmoMetadataProvider.dll
+ 2011-09-27 18:10 . 2011-09-27 18:10 112480 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Management.SmoMetadataProvider\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.Management.SmoMetadataProvider.dll
+ 2011-09-27 18:10 . 2011-09-27 18:10 452448 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Management.Sdk.Sfc\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.Management.Sdk.Sfc.dll
- 2010-06-19 14:08 . 2010-06-19 14:08 452448 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Management.Sdk.Sfc\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.Management.Sdk.Sfc.dll
+ 2011-09-27 18:10 . 2011-09-27 18:10 296800 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.MaintenancePlanTasks\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.MaintenancePlanTasks.dll
- 2011-06-17 01:47 . 2011-06-17 01:47 296800 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.MaintenancePlanTasks\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.MaintenancePlanTasks.dll
+ 2011-09-27 18:10 . 2011-09-27 18:10 153440 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.DtsMsg\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.DtsMsg.dll
+ 2011-09-27 18:10 . 2011-09-27 18:10 350048 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Dmf\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.Dmf.dll
- 2011-06-17 01:47 . 2011-06-17 01:47 153440 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ConnectionInfo\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.ConnectionInfo.dll
+ 2011-09-27 18:10 . 2011-09-27 18:10 153440 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ConnectionInfo\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.ConnectionInfo.dll
+ 2011-09-27 18:10 . 2011-09-27 18:10 837472 c:\windows\assembly\GAC_MSIL\Microsoft.DataTransformationServices.Controls\10.0.0.0__89845dcd8080cc91\Microsoft.DataTransformationServices.Controls.DLL
- 2010-06-19 14:09 . 2010-06-19 14:09 837472 c:\windows\assembly\GAC_MSIL\Microsoft.DataTransformationServices.Controls\10.0.0.0__89845dcd8080cc91\Microsoft.DataTransformationServices.Controls.DLL
- 2010-06-19 14:08 . 2010-06-19 14:08 243552 c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.Xmla\10.0.0.0__89845dcd8080cc91\Microsoft.AnalysisServices.XMLA.dll
+ 2011-09-27 18:10 . 2011-09-27 18:10 243552 c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.Xmla\10.0.0.0__89845dcd8080cc91\Microsoft.AnalysisServices.XMLA.dll
- 2010-06-19 14:08 . 2010-06-19 14:08 563040 c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\10.0.0.0__89845dcd8080cc91\Microsoft.AnalysisServices.AdomdClient.dll
+ 2011-09-27 18:10 . 2011-09-27 18:10 563040 c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\10.0.0.0__89845dcd8080cc91\Microsoft.AnalysisServices.AdomdClient.dll
+ 2011-06-18 02:13 . 2011-06-18 02:13 2580832 c:\windows\SysWOW64\sqlncli10.dll
+ 2011-06-18 01:18 . 2011-06-18 01:18 2847584 c:\windows\system32\sqlncli10.dll
+ 2009-07-14 04:45 . 2011-09-29 14:45 3044048 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2011-07-14 06:25 3044048 c:\windows\system32\FNTCACHE.DAT
+ 2011-08-01 19:59 . 2011-08-01 19:59 1721576 c:\windows\system32\DriverStore\FileRepository\point64.inf_amd64_neutral_b1cf5e889e918ca6\wdfcoinstaller01009.dll
+ 2011-07-28 22:37 . 2011-07-28 22:37 1721576 c:\windows\system32\DriverStore\FileRepository\dc3du.inf_amd64_neutral_74c6c3670a9a8e89\WdfCoInstaller01009.dll
+ 2011-02-18 16:49 . 2011-02-18 16:49 1721576 c:\windows\system32\DriverStore\FileRepository\dc3dh.inf_amd64_neutral_73d3d011f5a03306\WdfCoInstaller01009.dll
- 2009-07-14 04:45 . 2011-09-15 14:27 6008194 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-09-27 23:34 6008194 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-10-25 17:58 . 2011-10-09 20:03 6790544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2183921603-2372901330-221196072-1001-12288.dat
+ 2011-02-13 06:26 . 2011-09-27 23:27 4465640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-12288.dat
+ 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\b923af.msi
+ 2011-06-20 12:41 . 2011-06-20 12:41 2862080 c:\windows\Installer\afdf8.msp
+ 2011-06-19 18:59 . 2011-06-19 18:59 2456576 c:\windows\Installer\afdc9.msi
+ 2011-06-20 12:41 . 2011-06-20 12:41 6777344 c:\windows\Installer\afbe0.msp
+ 2011-06-20 12:42 . 2011-06-20 12:42 9193984 c:\windows\Installer\afb6c.msp
+ 2011-06-19 18:57 . 2011-06-19 18:57 8121344 c:\windows\Installer\afaed.msi
+ 2011-06-19 18:46 . 2011-06-19 18:46 3261952 c:\windows\Installer\afaae.msi
+ 2011-08-01 19:59 . 2011-08-01 19:59 1978368 c:\windows\Installer\afa6f.msi
+ 2011-08-10 20:40 . 2011-08-10 20:40 1859584 c:\windows\Installer\3eb8fd.msi
+ 2011-08-10 20:40 . 2011-08-10 20:40 2081792 c:\windows\Installer\3eb8f8.msi
+ 2011-06-06 16:55 . 2011-06-06 16:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2011-09-27 18:24 . 2011-09-27 18:24 1799168 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\d4640865d3407d8dcfa22952a68f1330\Microsoft.SqlServer.SqlEnum.ni.dll
+ 2011-09-27 18:24 . 2011-09-27 18:24 1812480 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\b3528e60393f0b9432f302544743d698\Microsoft.SqlServer.Dmf.ni.dll
+ 2011-09-27 18:24 . 2011-09-27 18:24 8975872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\b3492dbd04cb77804b9fb6f4c75a767d\Microsoft.SqlServer.Smo.ni.dll
+ 2011-09-27 19:11 . 2011-09-27 19:11 5082112 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\39c331aa5c0e2f3280af3d915519f87e\Microsoft.SqlServer.Replication.ni.dll
+ 2011-09-27 18:24 . 2011-09-27 18:24 1948672 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\2cf8dbd4f13fe4351337cf288d0eaf1c\Microsoft.SqlServer.Management.Sdk.Sfc.ni.dll
+ 2011-09-27 19:10 . 2011-09-27 19:10 1972224 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.DataTrans#\f8f8da8f84dd3edfe84d341b4a9822f6\Microsoft.DataTransformationServices.Controls.ni.dll
+ 2011-09-27 19:10 . 2011-09-27 19:10 1600000 c:\windows\assembly\NativeImages_v2.0.50727_64\DTSWizard\90a9758faa5980cb8e7ed73152149397\DTSWizard.ni.exe
+ 2011-09-27 18:21 . 2011-09-27 18:21 5408256 c:\windows\assembly\NativeImages_v2.0.50727_32\SqlMgmt\c6ba2f433300a8f6f203ebaeb9702bf9\SqlMgmt.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 5402112 c:\windows\assembly\NativeImages_v2.0.50727_32\SqlMgmt\474b23f08058bcd9e1a22fd78dd560ea\SqlMgmt.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 2547200 c:\windows\assembly\NativeImages_v2.0.50727_32\SQLEditors\e8263165d73e167230c689cd5537f16b\SQLEditors.ni.dll
+ 2011-09-27 18:22 . 2011-09-27 18:22 4303360 c:\windows\assembly\NativeImages_v2.0.50727_32\ObjectExplorer\34b8b5656d98c7a531ceda53c0a6a3f7\ObjectExplorer.ni.dll
+ 2011-09-27 18:22 . 2011-09-27 18:22 9594880 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\eac8f07c9f1ba3d74ed7ff09fb60a594\Microsoft.SqlServer.Management.Reports.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 1252352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\dd505b79560d00e20586993484340a70\Microsoft.SqlServer.Rmo.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 3478016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c09098cfa3740b49c9093da8b24fde03\Microsoft.SqlServer.Replication.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 4367360 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b3258a79dae0824222e0625307940e30\Microsoft.SqlServer.Management.DataTools.ni.dll
+ 2011-09-27 18:22 . 2011-09-27 18:22 3578368 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b28ec10b7cc2d5ba50f040b1920df636\Microsoft.SqlServer.Management.DataCollectionUITasks.ni.dll
+ 2011-09-27 18:21 . 2011-09-27 18:21 1287680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\96d22bb1c85341293cfa8da7b60c2f19\Microsoft.SqlServer.Dmf.ni.dll
+ 2011-09-27 18:21 . 2011-09-27 18:21 6721024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\709a6a5e2776bd118dff99ee9561d180\Microsoft.SqlServer.Smo.ni.dll
+ 2011-09-27 18:20 . 2011-09-27 18:20 1393152 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5e94b02bfe166dbb93cc4eb18f64b81a\Microsoft.SqlServer.Management.Sdk.Sfc.ni.dll
+ 2011-09-27 18:22 . 2011-09-27 18:22 2017792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5224c0746d3fb3f907f6410636f5b619\Microsoft.SqlServer.Management.Dmf.UI.ni.dll
+ 2011-09-27 18:21 . 2011-09-27 18:21 1574912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4de0cabbe5af28754b311827a34fb63c\Microsoft.SqlServer.SqlEnum.ni.dll
+ 2011-09-27 19:09 . 2011-09-27 19:09 1288704 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\29c679e95e3447014cbd650541d6394b\Microsoft.SqlServer.MaintenancePlanTasksUI.ni.dll
+ 2011-09-27 18:22 . 2011-09-27 18:22 2787328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\e44ebd88a9be603f75b726bab45457c1\Microsoft.ReportingServices.MapWinControl.ni.dll
+ 2011-09-27 18:22 . 2011-09-27 18:22 3087360 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\a0d64eebc09c58053f37025908313a7d\Microsoft.ReportingServices.Diagnostics.ni.dll
+ 2011-09-27 18:22 . 2011-09-27 18:22 5990400 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\9ec3b556b7c3013fad7dfe964559722d\Microsoft.ReportingServices.QueryDesigners.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 6327808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\9c4620ad5b51e120b930d0bb6e53c0b5\Microsoft.ReportingServices.QueryDesigners.ni.dll
+ 2011-09-27 18:24 . 2011-09-27 18:24 2548736 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\5b639c07eacfcd2e08e9947f868bed97\Microsoft.ReportingServices.SemanticQueryDesign.ni.dll
+ 2011-09-27 18:24 . 2011-09-27 18:24 2782208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\08e33a40e62c65195b02507753d05d17\Microsoft.ReportingServices.Modeling.ni.dll
- 2011-09-18 21:18 . 2011-09-18 21:18 2782208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\08e33a40e62c65195b02507753d05d17\Microsoft.ReportingServices.Modeling.ni.dll
+ 2011-09-27 18:21 . 2011-09-27 18:21 2936320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\6a2c50bec1cd17ec68670f324e5ad344\Microsoft.DataWarehouse.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 2932224 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\2cfd28641d2b7e6c375f5633c1708550\Microsoft.DataWarehouse.ni.dll
+ 2011-09-27 19:10 . 2011-09-27 19:10 2192384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\9e97c26dfee42b382578aa099d3a1d7f\Microsoft.DatatransformationServices.DataFlowUI.ni.dll
+ 2011-09-27 19:09 . 2011-09-27 19:09 7121408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\94b4eddb8fef52336ed0deed2edbe2cc\Microsoft.DataTransformationServices.Design.ni.dll
+ 2011-09-27 19:09 . 2011-09-27 19:09 1212416 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\89c386d2a26214944458bc8a05926249\Microsoft.DataTransformationServices.Wizards.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 1604608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\847addfe37da8d1e292131b21b6a6197\Microsoft.DataTransformationServices.Controls.ni.dll
+ 2011-09-27 19:10 . 2011-09-27 19:10 7483904 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\146e996eeb2cc6890b67032222b6bac4\Microsoft.DataTransformationServices.Design.ni.dll
+ 2011-09-27 19:09 . 2011-09-27 19:09 2192384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\12836148d3811c4709d540ab8ea0c52e\Microsoft.DatatransformationServices.DataFlowUI.ni.dll
+ 2011-09-27 19:10 . 2011-09-27 19:10 1084416 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\cac4c038aebf4df88535affb7ad4b30a\Microsoft.AnalysisServices.Browse.ni.dll
+ 2011-09-27 19:10 . 2011-09-27 19:10 3257856 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\b33557cac4023dd8fd563113374b52c8\Microsoft.AnalysisServices.ManagementDialogs.ni.dll
+ 2011-09-27 18:24 . 2011-09-27 18:24 6839808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\a48136f295294e6c92e738e297559df1\Microsoft.AnalysisServices.Controls.ni.dll
+ 2011-09-27 18:22 . 2011-09-27 18:22 3013632 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\8a299cf93e0df1f56d56d1dbb18a34b4\Microsoft.AnalysisServices.ni.dll
+ 2011-09-27 19:10 . 2011-09-27 19:10 2381312 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\681fd9039e7fcfaec82778eeef393cc9\Microsoft.AnalysisServices.Viewers.ni.dll
+ 2011-09-27 18:21 . 2011-09-27 18:21 1429504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\34223be5330e408f5c3ba07d435bf4cb\Microsoft.AnalysisServices.AdomdClient.ni.dll
+ 2011-09-27 19:10 . 2011-09-27 19:10 2778624 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\0d3b3a2c4a6f91c9597a9cd55d2e3b08\Microsoft.AnalysisServices.Project.ni.dll
+ 2011-09-27 19:08 . 2011-09-27 19:08 1358848 c:\windows\assembly\NativeImages_v2.0.50727_32\DTSWizard\cf5b61744f5422a7945b4057f8e80492\DTSWizard.ni.exe
+ 2011-09-27 19:09 . 2011-09-27 19:09 1012736 c:\windows\assembly\NativeImages_v2.0.50727_32\CopyDatabaseWizard\c173ad8310af9679d27de5c56d76326f\CopyDatabaseWizard.ni.exe
+ 2011-09-27 18:21 . 2011-09-27 18:21 1203200 c:\windows\assembly\NativeImages_v2.0.50727_32\ConnectionDlg\599d102e0979be11038dd970e79d76bd\ConnectionDlg.ni.dll
+ 2011-09-27 18:21 . 2011-09-27 18:21 1431040 c:\windows\assembly\NativeImages_v2.0.50727_32\AppIDPackage\64ec8fb457e96a41b215017c9989710d\AppIDPackage.ni.dll
+ 2011-09-27 18:10 . 2011-09-27 18:10 1140576 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll
- 2011-06-17 01:47 . 2011-06-17 01:47 1140576 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll
+ 2011-09-27 18:10 . 2011-09-27 18:10 3049312 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Smo\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.Smo.dll
+ 2011-09-27 18:10 . 2011-09-27 18:10 7051104 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Management.SqlParser\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.Management.SqlParser.dll
+ 2011-09-27 18:10 . 2011-09-27 18:10 2864992 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Management.Dac\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.Management.Dac.dll
- 2010-06-19 14:08 . 2010-06-19 14:08 1349472 c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices\10.0.0.0__89845dcd8080cc91\Microsoft.AnalysisServices.DLL
+ 2011-09-27 18:10 . 2011-09-27 18:10 1349472 c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices\10.0.0.0__89845dcd8080cc91\Microsoft.AnalysisServices.DLL
- 2011-06-17 01:47 . 2011-06-17 01:47 1942880 c:\windows\assembly\GAC_64\Microsoft.SqlServer.Replication\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.dll
+ 2011-09-27 18:10 . 2011-09-27 18:10 1942880 c:\windows\assembly\GAC_64\Microsoft.SqlServer.Replication\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.dll
+ 2011-09-27 18:15 . 2011-09-27 18:15 1767776 c:\windows\assembly\GAC_32\Microsoft.SqlServer.Replication\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.dll
- 2011-06-17 01:49 . 2011-06-17 01:49 1767776 c:\windows\assembly\GAC_32\Microsoft.SqlServer.Replication\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.dll
- 2009-07-14 02:34 . 2011-09-15 13:21 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-09-27 19:09 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-10-21 18:40 . 2011-09-27 18:47 49062856 c:\windows\system32\MRT.exe
+ 2010-12-26 22:08 . 2011-10-01 01:52 10320272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2183921603-2372901330-221196072-1008-12288.dat
+ 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\b923b0.msp
+ 2011-06-20 12:41 . 2011-06-20 12:41 26712576 c:\windows\Installer\afde6.msp
+ 2011-06-20 12:35 . 2011-06-20 12:35 15765504 c:\windows\Installer\afd7f.msp
+ 2011-06-20 12:39 . 2011-06-20 12:39 49975296 c:\windows\Installer\afcc3.msp
+ 2011-06-20 12:40 . 2011-06-20 12:40 61156864 c:\windows\Installer\afc26.msp
+ 2011-06-06 16:55 . 2011-06-06 16:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
+ 2011-09-27 19:10 . 2011-09-27 19:10 12988416 c:\windows\assembly\NativeImages_v2.0.50727_32\SqlManagerUI\337d8a8f01683464875d2c85ef80d424\SqlManagerUI.ni.dll
+ 2011-09-27 18:23 . 2011-09-27 18:23 13233152 c:\windows\assembly\NativeImages_v2.0.50727_32\SqlManagerUI\159ae2faf620582e22524a773dbd13e3\SqlManagerUI.ni.dll
+ 2011-09-27 18:22 . 2011-09-27 18:22 14112768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ab8dc9aa697d6f2af074b8b32902d302\Microsoft.SqlServer.Management.Dac.ni.dll
+ 2011-09-27 18:21 . 2011-09-27 18:21 18467328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\65b1dc752aff3610015f21c19d3d973f\Microsoft.SqlServer.Management.SqlParser.ni.dll
+ 2011-09-27 19:10 . 2011-09-27 19:10 11892736 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\2c3dd6f6c390ab0e1f9047b2eb786483\Microsoft.AnalysisServices.Design.ni.dll
+ 2011-09-27 18:32 . 2011-09-27 18:32 129706496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.SqlServer#\cf9efc29eb90e07ca5834f098d10d0fe\Microsoft.SqlServer.Management.SqlParser.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="c:\program files (x86)\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"CursorFX"="c:\program files (x86)\Stardock\CursorFX\CursorFX.exe" [2010-03-23 417280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Ai Nap"="c:\program files\ASUS\AI Suite\Q-Button\QButton.exe" [2009-06-02 1968640]
"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-07-02 601088]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-05-25 5391872]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\magnet0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2009-10-21 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-29 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
R2 SQLAgent$SQLSVREXP;SQL Server Agent (SQLSVREXP);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [x]
R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe [x]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-10-22 1038088]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 136176]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-07-15 109168]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-11-09 90112]
S2 File Backup;File Backup Service;c:\program files (x86)\Starfield\offSyncService.exe [2011-02-02 1215216]
S2 MSSQL$SQLSVREXP;SQL Server (SQLSVREXP);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\sqlservr.exe [2011-06-18 62111072]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 ReportServer$SQLSVREXP;SQL Server Reporting Services (SQLSVREXP);c:\program files\Microsoft SQL Server\MSRS10_50.SQLSVREXP\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-06-18 2180960]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 MSSQLFDLauncher$SQLSVREXP;SQL Full-text Filter Daemon Launcher (SQLSVREXP);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 17:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 18:19]
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 18:19]
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2183921603-2372901330-221196072-1001Core.job
- c:\users\magnet0\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-25 04:44]
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2183921603-2372901330-221196072-1001UA.job
- c:\users\magnet0\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-25 04:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxbtmon.exe"="c:\program files (x86)\Lexmark 5200 Series\lxbtmon.exe" [2007-05-03 230320]
"EzPrint"="c:\program files (x86)\Lexmark 5200 Series\ezprint.exe" [2007-05-03 103344]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"LXBTCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBTtime.dll" [2007-05-03 28672]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\magnet0\AppData\Roaming\Mozilla\Firefox\Profiles\eo5xh1kq.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:64,c2,63,b4,36,10,da,ba,32,e1,83,6f,24,25,04,a0,c4,d6,61,93,f9,
58,c9,35,89,60,94,5b,81,50,9f,e1,da,7d,48,b8,2a,66,ca,22,f0,b9,af,59,4b,aa,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:64,c2,63,b4,36,10,da,ba,32,e1,83,6f,24,25,04,a0,c4,d6,61,93,f9,
58,c9,35,89,60,94,5b,81,50,9f,e1,da,7d,48,b8,2a,66,ca,22,f0,b9,af,59,4b,aa,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
.
**************************************************************************
.
Completion time: 2011-10-09 16:38:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-09 20:38
ComboFix2.txt 2011-09-27 15:41
.
Pre-Run: 76,934,451,200 bytes free
Post-Run: 77,355,315,200 bytes free
.
- - End Of File - - 6A6C1F7B11198CD053B130AEB66327E3

#8 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,515
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 11 October 2011 - 11:09 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

<-- Don't worry every little bit helps.

#9 magnet0

Member

Group: Members
Posts: 17
Joined: 30-September 11

Posted 11 October 2011 - 03:34 PM

Combofix ran and restarted machine, continued running. I did get an error message regarding the mouse.

C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
Illegal operation performed on registry key that has been marked for deletion.

I am assuming that Combofix has deleted some functionality because I had to use an actual plug-in mouse instead of my nice wireless one.

Testing to see if Google redirect still exists results in the following:

Congratulations!

You are the Hampton winner for October 11, 2011
You qualified to Win the New Apple iPad 3!
Hurry while this offer lasts! [OK]

Anywho, here's the log.

-------------------------------------------------------
ComboFix 11-10-09.01 - magnet0 10/11/2011 15:21:53.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2291 [GMT -4:00]
Running from: c:\users\magnet0\Desktop\ComboFix.exe
Command switches used :: c:\users\magnet0\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 )))))))))))))))))))))))))))))))
.
.
2011-10-11 20:01 . 2011-10-11 20:01 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{520F79A7-C660-47EB-8C1A-48474B48AAF0}\offreg.dll
2011-10-11 19:59 . 2011-10-11 19:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-11 19:59 . 2011-10-11 19:59 -------- d-----w- c:\users\nopCommerce\AppData\Local\temp
2011-10-11 19:59 . 2011-10-11 19:59 -------- d-----w- c:\users\hungy\AppData\Local\temp
2011-10-11 19:59 . 2011-10-11 19:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-11 19:59 . 2011-10-11 19:59 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2011-10-11 19:59 . 2011-10-11 19:59 -------- d-----w- c:\users\ASP.NET v4.0\AppData\Local\temp
2011-10-11 11:32 . 2011-10-11 11:31 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3A9B77D4-CEFC-4E73-851B-C48FD5C8B2EC}\gapaengine.dll
2011-10-11 11:31 . 2011-09-12 21:26 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{520F79A7-C660-47EB-8C1A-48474B48AAF0}\mpengine.dll
2011-09-30 15:03 . 2011-09-30 15:03 -------- d-----w- c:\program files\Java
2011-09-28 18:55 . 2011-09-28 18:55 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2011-09-27 18:24 . 2011-09-27 18:24 -------- d-----w- c:\users\magnet0\AppData\Roaming\Malwarebytes
2011-09-27 18:23 . 2011-09-27 18:23 -------- d-----w- c:\programdata\Malwarebytes
2011-09-27 18:23 . 2011-09-30 00:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-27 18:10 . 2011-09-27 18:10 -------- d-----w- c:\program files\Microsoft.NET
2011-09-27 13:48 . 2011-09-27 13:48 388096 ----a-r- c:\users\magnet0\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-27 13:48 . 2011-09-27 13:48 -------- d-----w- c:\program files (x86)\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-01 22:52 . 2009-10-21 21:28 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-01 22:52 . 2009-10-21 21:28 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-01 22:52 . 2011-08-07 00:48 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-10-01 21:20 . 2010-06-02 21:32 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-30 15:03 . 2011-05-25 19:07 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-29 17:56 . 2009-11-05 15:30 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-09-29 17:56 . 2010-11-06 00:44 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-09-29 17:56 . 2010-11-05 23:52 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-09-12 21:26 . 2010-07-28 14:14 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-12 21:15 . 2011-05-16 11:39 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-07 00:32 . 2008-09-30 23:35 65536 ----a-w- c:\windows\system32\camcodec.dll
2011-08-05 12:40 . 2011-08-05 12:40 5516800 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\AjaxControlToolkit.dll
2011-08-05 12:40 . 2011-08-05 12:40 5120 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\cs\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 3584 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\pt\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 3584 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\ko\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 3584 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\ja\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 3584 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\it\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 3584 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\hi\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 3584 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\he\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 3584 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\fr\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 3584 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\es\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 3584 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\de\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 3584 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\ar\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 13312 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\ru\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 10752 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\tr-TR\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 10752 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\nl\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 10240 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\zh-CHT\AjaxControlToolkit.resources.dll
2011-08-05 12:40 . 2011-08-05 12:40 10240 ----a-w- c:\users\magnet0\AppData\Roaming\Microsoft\VBExpress\10.0\ProjectTemplatesCache\SPNGTest.zip\Bin\zh-CHS\AjaxControlToolkit.resources.dll
2011-08-01 19:59 . 2011-08-01 19:59 45416 ----a-w- c:\windows\system32\drivers\point64.sys
2011-07-22 05:42 . 2011-08-11 00:43 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-11 00:43 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-11 00:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-11 00:43 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-11 00:43 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-11 00:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41 . 2011-08-10 12:07 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-10 12:07 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-10 12:07 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-10 12:07 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-10 12:07 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-10 12:07 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-10 12:07 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-10 12:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-10 12:07 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-10 12:07 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-10 12:07 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 12:07 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 12:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 12:07 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:21 . 2011-08-10 12:07 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:17 . 2011-08-10 12:07 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-10-09_20.19.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 05:10 . 2011-10-09 20:19 55262 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-11 20:05 55262 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-21 19:55 . 2011-10-11 20:00 3624 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2009-10-21 19:55 . 2011-10-09 20:03 3624 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-10-09 20:05 . 2011-10-09 20:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-11 20:01 . 2011-10-11 20:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-09 20:05 . 2011-10-09 20:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-11 20:01 . 2011-10-11 20:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2011-10-11 20:00 511040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-10-09 20:03 511040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-10-25 17:58 . 2011-10-11 20:00 7528112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2183921603-2372901330-221196072-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="c:\program files (x86)\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"CursorFX"="c:\program files (x86)\Stardock\CursorFX\CursorFX.exe" [2010-03-23 417280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Ai Nap"="c:\program files\ASUS\AI Suite\Q-Button\QButton.exe" [2009-06-02 1968640]
"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-07-02 601088]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-05-25 5391872]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\magnet0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2009-10-21 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-29 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
R2 SQLAgent$SQLSVREXP;SQL Server Agent (SQLSVREXP);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [x]
R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe [x]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-10-22 1038088]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 136176]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-07-15 109168]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-11-09 90112]
S2 File Backup;File Backup Service;c:\program files (x86)\Starfield\offSyncService.exe [2011-02-02 1215216]
S2 MSSQL$SQLSVREXP;SQL Server (SQLSVREXP);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\sqlservr.exe [2011-06-18 62111072]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 ReportServer$SQLSVREXP;SQL Server Reporting Services (SQLSVREXP);c:\program files\Microsoft SQL Server\MSRS10_50.SQLSVREXP\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-06-18 2180960]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 MSSQLFDLauncher$SQLSVREXP;SQL Full-text Filter Daemon Launcher (SQLSVREXP);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLSVREXP\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 17:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 18:19]
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 18:19]
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2183921603-2372901330-221196072-1001Core.job
- c:\users\magnet0\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-25 04:44]
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2183921603-2372901330-221196072-1001UA.job
- c:\users\magnet0\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-25 04:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxbtmon.exe"="c:\program files (x86)\Lexmark 5200 Series\lxbtmon.exe" [2007-05-03 230320]
"EzPrint"="c:\program files (x86)\Lexmark 5200 Series\ezprint.exe" [2007-05-03 103344]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"LXBTCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBTtime.dll" [2007-05-03 28672]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\magnet0\AppData\Roaming\Mozilla\Firefox\Profiles\eo5xh1kq.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:64,c2,63,b4,36,10,da,ba,32,e1,83,6f,24,25,04,a0,c4,d6,61,93,f9,
58,c9,35,89,60,94,5b,81,50,9f,e1,da,7d,48,b8,2a,66,ca,22,f0,b9,af,59,4b,aa,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:64,c2,63,b4,36,10,da,ba,32,e1,83,6f,24,25,04,a0,c4,d6,61,93,f9,
58,c9,35,89,60,94,5b,81,50,9f,e1,da,7d,48,b8,2a,66,ca,22,f0,b9,af,59,4b,aa,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
.
**************************************************************************
.
Completion time: 2011-10-11 16:26:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-11 20:26
ComboFix2.txt 2011-10-09 20:38
ComboFix3.txt 2011-09-27 15:41
.
Pre-Run: 76,060,389,376 bytes free
Post-Run: 75,939,299,328 bytes free
.
- - End Of File - - D4103E5191F826F097A24E843AA936D0

#10 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,515
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 11 October 2011 - 05:00 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

<-- Don't worry every little bit helps.

#11 magnet0

Member

Group: Members
Posts: 17
Joined: 30-September 11

Posted 11 October 2011 - 05:28 PM

No Threats Found.

18:25:21.0842 5332 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
18:25:21.0851 5332 ============================================================
18:25:21.0851 5332 Current date / time: 2011/10/11 18:25:21.0851
18:25:21.0851 5332 SystemInfo:
18:25:21.0851 5332
18:25:21.0851 5332 OS Version: 6.1.7601 ServicePack: 1.0
18:25:21.0851 5332 Product type: Workstation
18:25:21.0851 5332 ComputerName: PYRONITE7
18:25:21.0851 5332 UserName: magnet0
18:25:21.0851 5332 Windows directory: C:\Windows
18:25:21.0851 5332 System windows directory: C:\Windows
18:25:21.0851 5332 Running under WOW64
18:25:21.0851 5332 Processor architecture: Intel x64
18:25:21.0851 5332 Number of processors: 2
18:25:21.0851 5332 Page size: 0x1000
18:25:21.0851 5332 Boot type: Normal boot
18:25:21.0851 5332 ============================================================
18:25:22.0832 5332 Initialize success
18:25:31.0996 5540 ============================================================
18:25:31.0996 5540 Scan started
18:25:31.0996 5540 Mode: Manual;
18:25:31.0996 5540 ============================================================
18:25:32.0917 5540 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:25:32.0922 5540 1394ohci - ok
18:25:33.0022 5540 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:25:33.0028 5540 ACPI - ok
18:25:33.0076 5540 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:25:33.0077 5540 AcpiPmi - ok
18:25:33.0123 5540 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
18:25:33.0124 5540 adfs - ok
18:25:33.0236 5540 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:25:33.0246 5540 adp94xx - ok
18:25:33.0296 5540 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:25:33.0303 5540 adpahci - ok
18:25:33.0332 5540 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:25:33.0337 5540 adpu320 - ok
18:25:33.0399 5540 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:25:33.0411 5540 AFD - ok
18:25:33.0458 5540 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:25:33.0461 5540 agp440 - ok
18:25:33.0489 5540 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:25:33.0491 5540 aliide - ok
18:25:33.0514 5540 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:25:33.0516 5540 amdide - ok
18:25:33.0533 5540 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:25:33.0533 5540 AmdK8 - ok
18:25:33.0562 5540 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:25:33.0562 5540 AmdPPM - ok
18:25:33.0599 5540 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:25:33.0601 5540 amdsata - ok
18:25:33.0619 5540 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:25:33.0622 5540 amdsbs - ok
18:25:33.0639 5540 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:25:33.0639 5540 amdxata - ok
18:25:33.0711 5540 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:25:33.0713 5540 AppID - ok
18:25:33.0766 5540 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:25:33.0767 5540 arc - ok
18:25:33.0787 5540 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:25:33.0788 5540 arcsas - ok
18:25:33.0818 5540 AsIO - ok
18:25:33.0879 5540 asusgsb (a4398a8914c32f18ec2ab562cba3caaf) C:\Windows\system32\drivers\asusgsb.sys
18:25:33.0881 5540 asusgsb - ok
18:25:33.0921 5540 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:25:33.0922 5540 AsyncMac - ok
18:25:33.0971 5540 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:25:33.0972 5540 atapi - ok
18:25:33.0997 5540 atkdisplf (fb4187c282cb467e5e606913a1fa79a3) C:\Windows\system32\drivers\ATKDispLowFilter.sys
18:25:33.0998 5540 atkdisplf - ok
18:25:34.0036 5540 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:25:34.0042 5540 b06bdrv - ok
18:25:34.0077 5540 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:25:34.0079 5540 b57nd60a - ok
18:25:34.0107 5540 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:25:34.0108 5540 Beep - ok
18:25:34.0143 5540 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:25:34.0144 5540 blbdrive - ok
18:25:34.0187 5540 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:25:34.0189 5540 bowser - ok
18:25:34.0208 5540 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:25:34.0209 5540 BrFiltLo - ok
18:25:34.0226 5540 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:25:34.0227 5540 BrFiltUp - ok
18:25:34.0261 5540 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:25:34.0264 5540 Brserid - ok
18:25:34.0278 5540 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:25:34.0279 5540 BrSerWdm - ok
18:25:34.0302 5540 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:25:34.0303 5540 BrUsbMdm - ok
18:25:34.0324 5540 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:25:34.0324 5540 BrUsbSer - ok
18:25:34.0342 5540 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:25:34.0343 5540 BTHMODEM - ok
18:25:34.0388 5540 catchme - ok
18:25:34.0421 5540 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:25:34.0423 5540 cdfs - ok
18:25:34.0484 5540 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:25:34.0488 5540 cdrom - ok
18:25:34.0506 5540 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:25:34.0508 5540 circlass - ok
18:25:34.0569 5540 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:25:34.0578 5540 CLFS - ok
18:25:34.0644 5540 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:25:34.0646 5540 CmBatt - ok
18:25:34.0708 5540 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:25:34.0709 5540 cmdide - ok
18:25:34.0766 5540 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
18:25:34.0776 5540 CNG - ok
18:25:34.0801 5540 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:25:34.0802 5540 Compbatt - ok
18:25:34.0839 5540 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:25:34.0841 5540 CompositeBus - ok
18:25:34.0902 5540 cpuz132 (c9c25778efe890baa4087e32937016a0) C:\Windows\system32\drivers\cpuz132_x64.sys
18:25:34.0903 5540 cpuz132 - ok
18:25:34.0919 5540 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:25:34.0921 5540 crcdisk - ok
18:25:34.0961 5540 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:25:34.0967 5540 CSC - ok
18:25:35.0003 5540 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
18:25:35.0003 5540 dc3d - ok
18:25:35.0061 5540 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:25:35.0063 5540 DfsC - ok
18:25:35.0093 5540 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:25:35.0094 5540 discache - ok
18:25:35.0166 5540 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:25:35.0168 5540 Disk - ok
18:25:35.0241 5540 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:25:35.0242 5540 drmkaud - ok
18:25:35.0451 5540 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:25:35.0464 5540 DXGKrnl - ok
18:25:35.0622 5540 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:25:35.0659 5540 ebdrv - ok
18:25:35.0704 5540 EIO64 (343ada10d948db29251f2d9c809af204) C:\Windows\system32\DRIVERS\EIO64.sys
18:25:35.0704 5540 EIO64 - ok
18:25:35.0759 5540 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:25:35.0771 5540 elxstor - ok
18:25:35.0818 5540 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:25:35.0819 5540 ErrDev - ok
18:25:35.0867 5540 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:25:35.0869 5540 exfat - ok
18:25:35.0888 5540 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:25:35.0892 5540 fastfat - ok
18:25:35.0919 5540 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:25:35.0921 5540 fdc - ok
18:25:35.0958 5540 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:25:35.0959 5540 FileInfo - ok
18:25:35.0976 5540 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:25:35.0976 5540 Filetrace - ok
18:25:36.0008 5540 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:25:36.0009 5540 flpydisk - ok
18:25:36.0071 5540 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:25:36.0077 5540 FltMgr - ok
18:25:36.0104 5540 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:25:36.0104 5540 FsDepends - ok
18:25:36.0149 5540 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
18:25:36.0149 5540 fssfltr - ok
18:25:36.0171 5540 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:25:36.0171 5540 Fs_Rec - ok
18:25:36.0196 5540 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:25:36.0198 5540 fvevol - ok
18:25:36.0228 5540 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:25:36.0229 5540 gagp30kx - ok
18:25:36.0361 5540 hcw18bda (86d6d652ca6a970a94a96092ce6add29) C:\Windows\system32\drivers\hcw18bda.sys
18:25:36.0378 5540 hcw18bda - ok
18:25:36.0457 5540 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:25:36.0464 5540 HdAudAddService - ok
18:25:36.0499 5540 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:25:36.0502 5540 HDAudBus - ok
18:25:36.0527 5540 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:25:36.0528 5540 HidBatt - ok
18:25:36.0554 5540 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:25:36.0556 5540 HidBth - ok
18:25:36.0574 5540 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:25:36.0576 5540 HidIr - ok
18:25:36.0617 5540 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:25:36.0619 5540 HidUsb - ok
18:25:36.0677 5540 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:25:36.0679 5540 HpSAMD - ok
18:25:36.0747 5540 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:25:36.0762 5540 HTTP - ok
18:25:36.0809 5540 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:25:36.0811 5540 hwpolicy - ok
18:25:36.0864 5540 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:25:36.0868 5540 i8042prt - ok
18:25:36.0922 5540 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:25:36.0931 5540 iaStorV - ok
18:25:36.0997 5540 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:25:36.0999 5540 iirsp - ok
18:25:37.0054 5540 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:25:37.0054 5540 intelide - ok
18:25:37.0081 5540 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:25:37.0082 5540 intelppm - ok
18:25:37.0128 5540 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:25:37.0131 5540 IpFilterDriver - ok
18:25:37.0193 5540 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:25:37.0197 5540 IPMIDRV - ok
18:25:37.0226 5540 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:25:37.0229 5540 IPNAT - ok
18:25:37.0263 5540 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:25:37.0264 5540 IRENUM - ok
18:25:37.0308 5540 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:25:37.0309 5540 isapnp - ok
18:25:37.0362 5540 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:25:37.0368 5540 iScsiPrt - ok
18:25:37.0401 5540 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:25:37.0401 5540 kbdclass - ok
18:25:37.0451 5540 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:25:37.0452 5540 kbdhid - ok
18:25:37.0484 5540 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
18:25:37.0487 5540 KSecDD - ok
18:25:37.0542 5540 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
18:25:37.0544 5540 KSecPkg - ok
18:25:37.0563 5540 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:25:37.0564 5540 ksthunk - ok
18:25:37.0614 5540 L8042Kbd (f33c5d79d3273530e1892a0922283a7b) C:\Windows\system32\DRIVERS\L8042Kbd.sys
18:25:37.0616 5540 L8042Kbd - ok
18:25:37.0658 5540 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:25:37.0659 5540 LHidFilt - ok
18:25:37.0711 5540 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:25:37.0713 5540 lltdio - ok
18:25:37.0754 5540 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:25:37.0756 5540 LMouFilt - ok
18:25:37.0789 5540 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:25:37.0791 5540 LSI_FC - ok
18:25:37.0814 5540 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:25:37.0817 5540 LSI_SAS - ok
18:25:37.0833 5540 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:25:37.0834 5540 LSI_SAS2 - ok
18:25:37.0858 5540 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:25:37.0859 5540 LSI_SCSI - ok
18:25:37.0881 5540 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:25:37.0882 5540 luafv - ok
18:25:37.0906 5540 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys
18:25:37.0906 5540 LUsbFilt - ok
18:25:37.0937 5540 MBAMProtector - ok
18:25:38.0004 5540 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
18:25:38.0009 5540 mcdbus - ok
18:25:38.0033 5540 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:25:38.0036 5540 megasas - ok
18:25:38.0059 5540 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:25:38.0063 5540 MegaSR - ok
18:25:38.0099 5540 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:25:38.0101 5540 Modem - ok
18:25:38.0147 5540 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:25:38.0148 5540 monitor - ok
18:25:38.0207 5540 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:25:38.0208 5540 mouclass - ok
18:25:38.0243 5540 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:25:38.0246 5540 mouhid - ok
18:25:38.0297 5540 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:25:38.0299 5540 mountmgr - ok
18:25:38.0368 5540 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
18:25:38.0371 5540 MpFilter - ok
18:25:38.0422 5540 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:25:38.0426 5540 mpio - ok
18:25:38.0452 5540 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:25:38.0454 5540 MpNWMon - ok
18:25:38.0487 5540 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:25:38.0489 5540 mpsdrv - ok
18:25:38.0542 5540 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:25:38.0544 5540 MRxDAV - ok
18:25:38.0603 5540 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:25:38.0607 5540 mrxsmb - ok
18:25:38.0663 5540 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:25:38.0669 5540 mrxsmb10 - ok
18:25:38.0686 5540 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:25:38.0687 5540 mrxsmb20 - ok
18:25:38.0743 5540 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:25:38.0744 5540 msahci - ok
18:25:38.0771 5540 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:25:38.0774 5540 msdsm - ok
18:25:38.0817 5540 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:25:38.0817 5540 Msfs - ok
18:25:38.0848 5540 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:25:38.0849 5540 mshidkmdf - ok
18:25:38.0863 5540 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:25:38.0864 5540 msisadrv - ok
18:25:38.0897 5540 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:25:38.0897 5540 MSKSSRV - ok
18:25:38.0938 5540 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:25:38.0938 5540 MSPCLOCK - ok
18:25:38.0958 5540 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:25:38.0958 5540 MSPQM - ok
18:25:39.0012 5540 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:25:39.0019 5540 MsRPC - ok
18:25:39.0057 5540 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:25:39.0058 5540 mssmbios - ok
18:25:39.0108 5540 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:25:39.0109 5540 MSTEE - ok
18:25:39.0126 5540 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:25:39.0127 5540 MTConfig - ok
18:25:39.0164 5540 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys
18:25:39.0166 5540 MTsensor - ok
18:25:39.0198 5540 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:25:39.0199 5540 Mup - ok
18:25:39.0247 5540 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:25:39.0252 5540 NativeWifiP - ok
18:25:39.0313 5540 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:25:39.0319 5540 NDIS - ok
18:25:39.0333 5540 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:25:39.0334 5540 NdisCap - ok
18:25:39.0362 5540 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:25:39.0363 5540 NdisTapi - ok
18:25:39.0406 5540 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:25:39.0408 5540 Ndisuio - ok
18:25:39.0458 5540 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:25:39.0462 5540 NdisWan - ok
18:25:39.0511 5540 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:25:39.0513 5540 NDProxy - ok
18:25:39.0536 5540 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:25:39.0537 5540 NetBIOS - ok
18:25:39.0557 5540 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:25:39.0561 5540 NetBT - ok
18:25:39.0646 5540 netr7364 (621559a521682a888d83db34c6ec0bf8) C:\Windows\system32\DRIVERS\netr7364.sys
18:25:39.0657 5540 netr7364 - ok
18:25:39.0704 5540 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:25:39.0706 5540 nfrd960 - ok
18:25:39.0779 5540 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:25:39.0782 5540 NisDrv - ok
18:25:39.0823 5540 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:25:39.0824 5540 Npfs - ok
18:25:39.0847 5540 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:25:39.0848 5540 nsiproxy - ok
18:25:39.0933 5540 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:25:39.0948 5540 Ntfs - ok
18:25:40.0003 5540 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
18:25:40.0004 5540 NuidFltr - ok
18:25:40.0031 5540 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:25:40.0031 5540 Null - ok
18:25:40.0086 5540 NVHDA (17a7e888e330c7dfe59c97be44ddcf16) C:\Windows\system32\drivers\nvhda64v.sys
18:25:40.0088 5540 NVHDA - ok
18:25:40.0354 5540 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:25:40.0413 5540 nvlddmkm - ok
18:25:40.0527 5540 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:25:40.0548 5540 nvraid - ok
18:25:40.0578 5540 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:25:40.0582 5540 nvstor - ok
18:25:40.0663 5540 nvstor64 (662a129cebb4c0b01f95612a7f6dcc9a) C:\Windows\system32\DRIVERS\nvstor64.sys
18:25:40.0668 5540 nvstor64 - ok
18:25:40.0763 5540 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:25:40.0767 5540 nv_agp - ok
18:25:40.0821 5540 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:25:40.0823 5540 ohci1394 - ok
18:25:40.0922 5540 P0630VID (e56f8148df59bcec1b4ba822b6aa4e9b) C:\Windows\system32\DRIVERS\P0630Vid.sys
18:25:40.0924 5540 P0630VID - ok
18:25:40.0982 5540 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:25:40.0984 5540 Parport - ok
18:25:41.0033 5540 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:25:41.0036 5540 partmgr - ok
18:25:41.0069 5540 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:25:41.0074 5540 pci - ok
18:25:41.0097 5540 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:25:41.0098 5540 pciide - ok
18:25:41.0123 5540 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:25:41.0126 5540 pcmcia - ok
18:25:41.0143 5540 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:25:41.0144 5540 pcw - ok
18:25:41.0198 5540 PdiPorts (25fd4d8109114266a610fd1088bfd522) C:\Windows\system32\DRIVERS\PdiPorts.sys
18:25:41.0199 5540 PdiPorts - ok
18:25:41.0251 5540 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:25:41.0263 5540 PEAUTH - ok
18:25:41.0339 5540 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
18:25:41.0341 5540 Point64 - ok
18:25:41.0404 5540 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:25:41.0407 5540 PptpMiniport - ok
18:25:41.0434 5540 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:25:41.0437 5540 Processor - ok
18:25:41.0512 5540 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:25:41.0516 5540 Psched - ok
18:25:41.0583 5540 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
18:25:41.0584 5540 PxHlpa64 - ok
18:25:41.0644 5540 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:25:41.0663 5540 ql2300 - ok
18:25:41.0687 5540 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:25:41.0689 5540 ql40xx - ok
18:25:41.0714 5540 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:25:41.0716 5540 QWAVEdrv - ok
18:25:41.0748 5540 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:25:41.0749 5540 RasAcd - ok
18:25:41.0799 5540 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:25:41.0802 5540 RasAgileVpn - ok
18:25:41.0856 5540 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:25:41.0859 5540 Rasl2tp - ok
18:25:41.0891 5540 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:25:41.0893 5540 RasPppoe - ok
18:25:41.0916 5540 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:25:41.0918 5540 RasSstp - ok
18:25:41.0978 5540 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:25:41.0986 5540 rdbss - ok
18:25:42.0008 5540 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:25:42.0011 5540 rdpbus - ok
18:25:42.0022 5540 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:25:42.0022 5540 RDPCDD - ok
18:25:42.0071 5540 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:25:42.0074 5540 RDPDR - ok
18:25:42.0093 5540 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:25:42.0096 5540 RDPENCDD - ok
18:25:42.0116 5540 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:25:42.0117 5540 RDPREFMP - ok
18:25:42.0186 5540 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
18:25:42.0188 5540 RdpVideoMiniport - ok
18:25:42.0238 5540 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:25:42.0243 5540 RDPWD - ok
18:25:42.0268 5540 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:25:42.0273 5540 rdyboost - ok
18:25:42.0369 5540 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
18:25:42.0376 5540 RsFx0103 - ok
18:25:42.0411 5540 RsFx0151 (c606c5f712a3761896ceffa4af6b1268) C:\Windows\system32\DRIVERS\RsFx0151.sys
18:25:42.0417 5540 RsFx0151 - ok
18:25:42.0459 5540 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:25:42.0463 5540 rspndr - ok
18:25:42.0518 5540 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:25:42.0527 5540 RTL8167 - ok
18:25:42.0577 5540 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:25:42.0579 5540 s3cap - ok
18:25:42.0644 5540 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:25:42.0647 5540 sbp2port - ok
18:25:42.0709 5540 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:25:42.0712 5540 scfilter - ok
18:25:42.0753 5540 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:25:42.0754 5540 secdrv - ok
18:25:42.0793 5540 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:25:42.0794 5540 Serenum - ok
18:25:42.0821 5540 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:25:42.0823 5540 Serial - ok
18:25:42.0868 5540 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:25:42.0869 5540 sermouse - ok
18:25:42.0894 5540 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:25:42.0896 5540 sffdisk - ok
18:25:42.0916 5540 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:25:42.0917 5540 sffp_mmc - ok
18:25:42.0939 5540 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:25:42.0939 5540 sffp_sd - ok
18:25:42.0957 5540 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:25:42.0957 5540 sfloppy - ok
18:25:42.0984 5540 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:25:42.0986 5540 SiSRaid2 - ok
18:25:43.0008 5540 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:25:43.0011 5540 SiSRaid4 - ok
18:25:43.0108 5540 SmartDefragDriver (94ce7845af6a2065b829e0126cd56236) C:\Windows\system32\Drivers\SmartDefragDriver.sys
18:25:43.0109 5540 SmartDefragDriver - ok
18:25:43.0148 5540 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:25:43.0149 5540 Smb - ok
18:25:43.0186 5540 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:25:43.0186 5540 spldr - ok
18:25:43.0267 5540 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:25:43.0276 5540 srv - ok
18:25:43.0301 5540 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:25:43.0306 5540 srv2 - ok
18:25:43.0382 5540 SrvHsfPCI (93132c69394a99d992095d8cfe464801) C:\Windows\system32\DRIVERS\VSTBS26.SYS
18:25:43.0391 5540 SrvHsfPCI - ok
18:25:43.0447 5540 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:25:43.0476 5540 SrvHsfV92 - ok
18:25:43.0503 5540 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:25:43.0512 5540 SrvHsfWinac - ok
18:25:43.0528 5540 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:25:43.0531 5540 srvnet - ok
18:25:43.0588 5540 sscdbus (1612881760c9df7fbb09b6cf1d3ba0df) C:\Windows\system32\DRIVERS\sscdbus.sys
18:25:43.0592 5540 sscdbus - ok
18:25:43.0617 5540 sscdmdfl (d7803a687e85189ea2b525cc22093521) C:\Windows\system32\DRIVERS\sscdmdfl.sys
18:25:43.0619 5540 sscdmdfl - ok
18:25:43.0639 5540 sscdmdm (06db3d5eb2444083c7f5af7874765505) C:\Windows\system32\DRIVERS\sscdmdm.sys
18:25:43.0642 5540 sscdmdm - ok
18:25:43.0670 5540 sscdserd (23ebb395609d9cdb8b1074a12254119b) C:\Windows\system32\DRIVERS\sscdserd.sys
18:25:43.0671 5540 sscdserd - ok
18:25:43.0732 5540 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:25:43.0733 5540 stexstor - ok
18:25:43.0791 5540 STHDA (b46c2aff995380aa1a8df870093cf07f) C:\Windows\system32\DRIVERS\stwrt64.sys
18:25:43.0802 5540 STHDA - ok
18:25:43.0871 5540 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:25:43.0872 5540 storflt - ok
18:25:43.0926 5540 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:25:43.0927 5540 storvsc - ok
18:25:43.0952 5540 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:25:43.0953 5540 swenum - ok
18:25:43.0975 5540 Synth3dVsc - ok
18:25:44.0071 5540 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
18:25:44.0088 5540 Tcpip - ok
18:25:44.0126 5540 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
18:25:44.0140 5540 TCPIP6 - ok
18:25:44.0186 5540 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:25:44.0187 5540 tcpipreg - ok
18:25:44.0236 5540 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:25:44.0237 5540 TDPIPE - ok
18:25:44.0258 5540 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:25:44.0260 5540 TDTCP - ok
18:25:44.0311 5540 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:25:44.0313 5540 tdx - ok
18:25:44.0330 5540 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:25:44.0332 5540 TermDD - ok
18:25:44.0398 5540 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:25:44.0400 5540 tssecsrv - ok
18:25:44.0450 5540 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:25:44.0452 5540 TsUsbFlt - ok
18:25:44.0463 5540 tsusbhub - ok
18:25:44.0523 5540 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:25:44.0527 5540 tunnel - ok
18:25:44.0555 5540 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:25:44.0557 5540 uagp35 - ok
18:25:44.0621 5540 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:25:44.0628 5540 udfs - ok
18:25:44.0661 5540 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:25:44.0663 5540 uliagpkx - ok
18:25:44.0732 5540 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:25:44.0733 5540 umbus - ok
18:25:44.0753 5540 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:25:44.0755 5540 UmPass - ok
18:25:44.0815 5540 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:25:44.0816 5540 usbccgp - ok
18:25:44.0861 5540 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:25:44.0865 5540 usbcir - ok
18:25:44.0896 5540 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:25:44.0898 5540 usbehci - ok
18:25:44.0950 5540 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:25:44.0957 5540 usbhub - ok
18:25:44.0977 5540 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:25:44.0980 5540 usbohci - ok
18:25:45.0006 5540 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:25:45.0007 5540 usbprint - ok
18:25:45.0061 5540 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:25:45.0062 5540 usbscan - ok
18:25:45.0120 5540 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
18:25:45.0122 5540 USBSTOR - ok
18:25:45.0143 5540 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:25:45.0145 5540 usbuhci - ok
18:25:45.0211 5540 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
18:25:45.0213 5540 usb_rndisx - ok
18:25:45.0286 5540 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:25:45.0287 5540 vdrvroot - ok
18:25:45.0325 5540 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:25:45.0327 5540 vga - ok
18:25:45.0340 5540 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:25:45.0341 5540 VgaSave - ok
18:25:45.0356 5540 VGPU - ok
18:25:45.0403 5540 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:25:45.0410 5540 vhdmp - ok
18:25:45.0428 5540 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:25:45.0431 5540 viaide - ok
18:25:45.0476 5540 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:25:45.0478 5540 vmbus - ok
18:25:45.0515 5540 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:25:45.0516 5540 VMBusHID - ok
18:25:45.0538 5540 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:25:45.0538 5540 volmgr - ok
18:25:45.0595 5540 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:25:45.0602 5540 volmgrx - ok
18:25:45.0667 5540 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:25:45.0673 5540 volsnap - ok
18:25:45.0733 5540 vpcbus (f004aeb456cd886dfdb123b6297d89c9) C:\Windows\system32\DRIVERS\vpchbus.sys
18:25:45.0737 5540 vpcbus - ok
18:25:45.0793 5540 vpcnfltr (a7fae0a70e7a6d7a9469a2bf0a1cac5f) C:\Windows\system32\DRIVERS\vpcnfltr.sys
18:25:45.0796 5540 vpcnfltr - ok
18:25:45.0821 5540 vpcusb (4cdf15ceaf71f068bd26b9841d4e3e2b) C:\Windows\system32\DRIVERS\vpcusb.sys
18:25:45.0822 5540 vpcusb - ok
18:25:45.0848 5540 vpcvmm (e7ea9e3fbf1b0f517584e03638511e86) C:\Windows\system32\drivers\vpcvmm.sys
18:25:45.0851 5540 vpcvmm - ok
18:25:45.0916 5540 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:25:45.0920 5540 vsmraid - ok
18:25:45.0943 5540 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:25:45.0945 5540 vwifibus - ok
18:25:45.0972 5540 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:25:45.0975 5540 vwififlt - ok
18:25:45.0995 5540 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:25:45.0996 5540 vwifimp - ok
18:25:46.0035 5540 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:25:46.0036 5540 WacomPen - ok
18:25:46.0092 5540 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:25:46.0095 5540 WANARP - ok
18:25:46.0112 5540 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:25:46.0115 5540 Wanarpv6 - ok
18:25:46.0171 5540 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:25:46.0172 5540 Wd - ok
18:25:46.0202 5540 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:25:46.0210 5540 Wdf01000 - ok
18:25:46.0251 5540 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:25:46.0251 5540 WfpLwf - ok
18:25:46.0266 5540 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:25:46.0267 5540 WIMMount - ok
18:25:46.0343 5540 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUSB.SYS
18:25:46.0346 5540 WinUsb - ok
18:25:46.0411 5540 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:25:46.0412 5540 WmiAcpi - ok
18:25:46.0483 5540 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:25:46.0485 5540 ws2ifsl - ok
18:25:46.0538 5540 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:25:46.0541 5540 WudfPf - ok
18:25:46.0563 5540 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\drivers\WUDFRd.sys
18:25:46.0567 5540 WUDFRd - ok
18:25:46.0643 5540 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:25:46.0662 5540 \Device\Harddisk0\DR0 - ok
18:25:46.0670 5540 Boot (0x1200) (cca2f0245769884436d36d21dc72eadd) \Device\Harddisk0\DR0\Partition0
18:25:46.0671 5540 \Device\Harddisk0\DR0\Partition0 - ok
18:25:46.0693 5540 Boot (0x1200) (8176a7fdd168fc3155212d56057e08c9) \Device\Harddisk0\DR0\Partition1
18:25:46.0696 5540 \Device\Harddisk0\DR0\Partition1 - ok
18:25:46.0697 5540 ============================================================
18:25:46.0697 5540 Scan finished
18:25:46.0697 5540 ============================================================
18:25:46.0718 3248 Detected object count: 0
18:25:46.0718 3248 Actual detected object count: 0
18:26:19.0871 5172 Deinitialize success

#12 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,515
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 11 October 2011 - 05:45 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo

<-- Don't worry every little bit helps.

#13 magnet0

Member

Group: Members
Posts: 17
Joined: 30-September 11

Posted 11 October 2011 - 09:48 PM

Very nice! That seemed to find something a bit fishy.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-11 22:45:00
-----------------------------
22:45:00.221 OS Version: Windows x64 6.1.7601 Service Pack 1
22:45:00.221 Number of processors: 2 586 0x402
22:45:00.222 ComputerName: PYRONITE7 UserName: magnet0
22:45:01.508 Initialize success
22:45:23.826 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
22:45:23.830 Disk 0 Vendor: SAMSUNG_HD502HI 1AG01118 Size: 476940MB BusType: 3
22:45:25.846 Disk 0 MBR read successfully
22:45:25.851 Disk 0 MBR scan
22:45:25.857 Disk 0 TDL4@MBR code has been found
22:45:25.862 Disk 0 Windows 7 default MBR code found via API
22:45:25.869 Disk 0 MBR hidden
22:45:25.872 Disk 0 MBR [TDL4] **ROOTKIT**
22:45:25.876 Disk 0 trace - called modules:
22:45:25.880 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004923254]<<
22:45:25.884 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004908060]
22:45:25.887 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8003ab35e0]
22:45:25.891 5 ACPI.sys[fffff88000f937a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0xfffffa8003ade060]
22:45:25.895 \Driver\atapi[0xfffffa8003aaf660] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004923254
22:45:25.901 Scan finished successfully
22:45:45.769 Disk 0 MBR has been saved successfully to "C:\Users\magnet0\Desktop\MBR.dat"
22:45:45.773 The log file has been saved successfully to "C:\Users\magnet0\Desktop\aswMBR.txt"

#14 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,515
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 11 October 2011 - 09:52 PM

Re-Run aswMBR

Click Scan
On completion of the scan, click the FIX button,
There is a slight pause after clicking the 'Fix' button.
Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
Save the log as before and post in your next reply.

<-- Don't worry every little bit helps.

#15 magnet0

Member

Group: Members
Posts: 17
Joined: 30-September 11

Posted 12 October 2011 - 08:00 AM

Awesome! That seemed to have fixed the redirect and the invisible background program! Checking both IE and FF results in NO redirect. Watching the processes in the task manager does not should odd processes spawning or svchost taking up so much memory. Do you think that I am good to go or is there more cleanup to follow?

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-12 08:29:30
-----------------------------
08:29:30.743 OS Version: Windows x64 6.1.7601 Service Pack 1
08:29:30.743 Number of processors: 2 586 0x402
08:29:30.743 ComputerName: PYRONITE7 UserName: magnet0
08:29:31.798 Initialize success
08:29:37.058 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
08:29:37.063 Disk 0 Vendor: SAMSUNG_HD502HI 1AG01118 Size: 476940MB BusType: 3
08:29:37.077 Disk 0 MBR read successfully
08:29:37.080 Disk 0 MBR scan
08:29:37.082 Disk 0 TDL4@MBR code has been found
08:29:37.085 Disk 0 Windows 7 default MBR code found via API
08:29:37.087 Disk 0 MBR hidden
08:29:37.091 Disk 0 MBR [TDL4] **ROOTKIT**
08:29:37.095 Disk 0 trace - called modules:
08:29:37.098 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004942254]<<
08:29:37.102 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004929760]
08:29:37.107 3 CLASSPNP.SYS[fffff88001b7f43f] -> nt!IofCallDriver -> [0xfffffa8003aae670]
08:29:37.111 5 ACPI.sys[fffff88000edd7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0xfffffa8003ae4680]
08:29:37.116 \Driver\atapi[0xfffffa8003aad060] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004942254
08:29:37.122 Scan finished successfully
08:29:46.576 Disk 0 MBR read successfully
08:29:46.588 Disk 0 TDL4@MBR code has been found
08:29:46.602 Disk 0 fixing MBR ...
08:29:56.610 Disk 0 MBR restored successfully
08:29:56.647 Verifying disinfection
08:30:08.672 Infection fixed successfully - please reboot ASAP
08:30:30.163 Disk 0 MBR has been saved successfully to "C:\Users\magnet0\Desktop\MBR.dat"
08:30:30.166 The log file has been saved successfully to "C:\Users\magnet0\Desktop\aswMBR2.txt"